Contact Me
Please Fill out Form to send me a Message
tshell :: May.08.2008 :: :: 4 Comments »
BSonPoSH
The “Power” of SHELL
Posts RSS Comments RSS
249 Posts and 391 Comments till now
Awards
Please Fill out Form to send me a Message
tshell :: May.08.2008 :: :: 4 Comments »
Ask and you shall receive. You may remember asking about pinging a subnet during your interview on powerscripting… I had some free time Friday. Armed with the -AsJob param on gwmi you told me about. I took a swing at pinging a subnet, something like this http://poshcode.org/976.
Thanks again for all your AD/Citrix content, I use your scripts as a reference whenever I’m working with either!
~Glenn
That is awesome Glenn, I will try this straight away.
Do you know of a way to use PowerShell to connect to the Global Catalog and traverse it like you can with the Registry? I’m trying to be able to find a method of browsing through the elements exposed via ADSI to determine the AD elements’ types and properties.
I have tried using your Get-Set method to block inheritance on an Address List I’ve created in AD but I always end up getting an error that the permissions aren’t in canonical order whenever further permissions processing is attempted (in the code below, I believe the error comes following the line of code after ‘# Remove Authenticated Users from new address list’. I tried creating an address list and turning off inheritance to use at a template but I must be doing something wrong. This is the last piece of a script I’ve been working on for what seems like forever and I would really appreciate your expertise at your convenience. Thanks in advance for your time.
# Create new address list
new-AddressList -Name “$CompanyName AL” -Container ‘\’ -IncludedRecipients ‘AllRecipients’ -conditionalcustomattribute1 “$CompanyName” -domaincontroller $DC
# Remove inheritance from new address list
$NewCN = “CN=$companyName AL,CN=All Address Lists,CN=Address Lists Container,CN=Hosted Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com”
$CN = “CN=Template AL,CN=All Address Lists,CN=Address Lists Container,CN=Hosted Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com ”
$NewACL = C:\customscripts\Get-ADACL.ps1 $CN -sddl
c:\customscripts\Set-ADACL.ps1 $NewCN -sddl $NewACL
$al = [ADSI]“LDAP://CN=$companyName AL,CN=All Address Lists,CN=Address Lists Container,CN=Hosted Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com”
$sec = $al.psbase.objectSecurity
$isProtected = $true ## allows protection against inheritance
$preserveInheritance = $true ## remove inherited rules
$sec.SetAccessRuleProtection($isProtected, $preserveInheritance)
$al.psbase.commitchanges()
# Remove Authenticated Users from new address list
get-qadobject “CN=$companyName AL,CN=All Address Lists,CN=Address Lists Container,CN=Hosted Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=com” -securitymask Dacl | get-qadpermission -schemadefault -inherited -account “Authenticated Users” | remove-qadpermission
# Add security group & permissions to new address list
Add-AdPermission -identity “$companyName AL” -User “$companyName SG” -AccessRights GenericRead, ListChildren -ExtendedRights Open-Address-Book