Powershell Scripts
Functions
get-DNString
#------------------------------------------------------------------------#
function get-DNString([string]$User, [string]$Domain, [string]$OUType) { #
#------------------------------------------------------------------------#
#
# This function takes a username or group name, the domain for the specified user
# or group, and the type of object it is(Group or User). It then returns the DN
# value as a string.
#
# EG: get-DNString "Group Name" "NA" "group"
# get-DNString "Computer Name" "NA" "computer"
# get-DNString "User Name" "NA" "user"
#
# Return String eg: CN=FName LName,OU=MWTS Server Administrators,DC=Corp,DC=Cargill,DC=com
If($Domain.ToLower() -eq "corp") { $ADSPath = "GC://DC=Corp,DC=Cargill,DC=com" }
ElseIf($Domain.ToLower() -eq "meat") { $ADSPath = "GC://DC=MEAT,DC=Cargill,DC=com" }
Else { $ADSPath = "GC://DC=" + $Domain + ",DC=Corp,DC=Cargill,DC=com" }
$objCommand = New-object -comobject "ADODB.Command"
$objConnection = New-object -comobject "ADODB.Connection"
$objConnection.Provider = "ADsDSOObject"
$objConnection.Open("Active Directory Provider")
$objCommand.ActiveConnection = $objConnection
If($OUType -eq "computer") { $query = "<" + $ADSPath + ">;(&(objectClass=" + $OUType + ")(Name=" + $User + "));distinguishedName;subtree" }
Else {$query = "<" + $ADSPath + ">;(&(objectClass=" + $OUType + ")(sAMAccountName=" + $User + "));distinguishedName;subtree" }
$objCommand.CommandText = $query
$qRes = $objCommand.Execute()
$qres.fields.item('distinguishedName').Value
} # End get-DNString
get-ADAcctDisabled
#--------------------------------------#
function get-ADAcctDisabled($UserDN) { #
#--------------------------------------#
#
# Pass this function a user DN string and it will query Active Directory
# for that user and will return True if the account is NOT disabled and
# False if the account is disabled. This is based on a hidden ADSI
# property so I made this function so that I don't forget it!
# DN string eg: "LDAP://CN=FName LName,OU=SecuredAccounts,DC=Na,DC=Corp,DC=Cargill,DC=com"
$objUser = [ADSI]$UserDN
$objUser.PSBase.InvokeGet("AccountDisabled")
If($? -ne $TRUE) {
if($DEBUG -eq $TRUE) {
Write-Host $UserDN
$UserDN >> $DEBUGLOG
$error[0] >> $DEBUGLOG
}
}
} # End get-ADAcctDisabled
get-ADUserDomain
#------------------------------------#
function get-ADUserDomain($UserDN) { #
#------------------------------------#
#
# Pass this function a user's DN and it will return just the domain name.
# For example passing the following DN:
# "CN=FName LName,OU=SecuredAccounts,DC=Na,DC=Corp,DC=Cargill,DC=com"
# Would return a string value of "NA"
$SplitDN = $UserDN.Split(",")
foreach($x in $SplitDN) {
$tmp = $x.Split("=")
if($tmp.Count -eq 2) {
if($tmp[0].ToLower() -eq "dc") {
$Domain = $tmp[1]
Break
}
}
}
$Domain
}# End get-ADUserDomain
XMLReplaceSpecialChars
#------------------------------------------#
function XMLReplaceSpecialChars($String) { #
#------------------------------------------#
#
# This function takes a string passed to it and replaces any
# XML special characters it finds with the XML code for those
# characters. It then returns the new string.
$String = $String.Replace("&", "&")
$String = $String.Replace("'", "'")
$String = $String.Replace("""", """)
$String = $String.Replace("< ", "<")
$String = $String.Replace(">", ">")
$String
} # End XMLReplaceSpecialChars
get-IsDNUser
#------------------------------------#
function get-IsDNUser([string]$DN) { #
#------------------------------------#
#
# Pass this function a DN string and it will check AD via
# ADSI and return $True if the DN is a user. It will
# return $False if it is NOT a user.
$objUser = [ADSI]$DN
if($? -eq $True) {
$Match = $False
foreach($x in $objUser.objectClass) {
if($x.ToLower() -eq "user") { $Match = $True }
}
$Match
}
Else { $False }
}
get-IsDNGroup
#-------------------------------------#
function get-IsDNGroup([string]$DN) { #
#-------------------------------------#
#
# Pass this function a DN string and it will check AD via
# ADSI and return $True if the DN is a group. It will
# return $False if it is NOT a group.
$objUser = [ADSI]$DN
if($? -eq $True) {
$Match = $False
foreach($x in $objUser.objectClass) {
if($x.ToLower() -eq "group") { $Match = $True }
}
$Match
}
Else { $False }
}
get-GroupMembers
#------------------------------------------------------------#
function get-GroupMembers([string]$group, [string]$server) { #
#------------------------------------------------------------#
if (! $group) { throw "Group NOT found!" }
$ADSIGroup = [ADSI]"WinNT://$server/$group"
foreach ($member in $ADSIGroup.Members()) {
$ADSIName = $member.GetType().InvokeMember("AdsPath","GetProperty",$null,$member,$null)
if ($ADSIName -match "[^/]/[^/]") { [String]::Join("\", $ADSIName.Split("/")[-2..-1]) }
else { $ADSIName.Split("/")[-1] }
}
} # End get-GroupMembers