Powershell Scripts

Functions

get-DNString

#------------------------------------------------------------------------#
function get-DNString([string]$User, [string]$Domain, [string]$OUType) { #
#------------------------------------------------------------------------#
#
# This function takes a username or group name, the domain for the specified user 
# or group, and the type of object it is(Group or User).  It then returns the DN 
# value as a string.
#
# EG:    get-DNString "Group Name" "NA" "group"
#        get-DNString "Computer Name" "NA" "computer"
#        get-DNString "User Name" "NA" "user"
#
# Return String eg: CN=FName LName,OU=MWTS Server Administrators,DC=Corp,DC=Cargill,DC=com
    If($Domain.ToLower() -eq "corp") { $ADSPath = "GC://DC=Corp,DC=Cargill,DC=com" }
    ElseIf($Domain.ToLower() -eq "meat") { $ADSPath = "GC://DC=MEAT,DC=Cargill,DC=com" }
    Else { $ADSPath = "GC://DC=" + $Domain + ",DC=Corp,DC=Cargill,DC=com" }

    $objCommand = New-object -comobject "ADODB.Command"
    $objConnection = New-object -comobject "ADODB.Connection"
    $objConnection.Provider = "ADsDSOObject"
    $objConnection.Open("Active Directory Provider")
    $objCommand.ActiveConnection = $objConnection

    If($OUType -eq "computer") { $query = "<" + $ADSPath + ">;(&(objectClass=" + $OUType + ")(Name=" + $User + "));distinguishedName;subtree" }
    Else {$query = "<" + $ADSPath + ">;(&(objectClass=" + $OUType + ")(sAMAccountName=" + $User + "));distinguishedName;subtree" }

    $objCommand.CommandText = $query
    $qRes = $objCommand.Execute()
    $qres.fields.item('distinguishedName').Value
} # End get-DNString

get-ADAcctDisabled

#--------------------------------------#
function get-ADAcctDisabled($UserDN) { #
#--------------------------------------#
#
# Pass this function a user DN string and it will query Active Directory 
# for that user and will return True if the account is NOT disabled and 
# False if the account is disabled.  This is based on a hidden ADSI 
# property so I made this function so that I don't forget it!
# DN string eg: "LDAP://CN=FName LName,OU=SecuredAccounts,DC=Na,DC=Corp,DC=Cargill,DC=com"

    $objUser = [ADSI]$UserDN
    $objUser.PSBase.InvokeGet("AccountDisabled")
    If($? -ne $TRUE) { 
        if($DEBUG -eq $TRUE) { 
            Write-Host $UserDN
            $UserDN >> $DEBUGLOG
            $error[0] >> $DEBUGLOG
        }
    }
} # End get-ADAcctDisabled

get-ADUserDomain

#------------------------------------#
function get-ADUserDomain($UserDN) { #
#------------------------------------#    
#
# Pass this function a user's DN and it will return just the domain name. 
# For example passing the following DN:
# "CN=FName LName,OU=SecuredAccounts,DC=Na,DC=Corp,DC=Cargill,DC=com"
# Would return a string value of "NA"

    $SplitDN = $UserDN.Split(",")
    foreach($x in $SplitDN) {
        $tmp = $x.Split("=")
        if($tmp.Count -eq 2) {
            if($tmp[0].ToLower() -eq "dc") {
                $Domain = $tmp[1]
                Break
            }
        }
    }
    $Domain
}# End get-ADUserDomain

XMLReplaceSpecialChars

#------------------------------------------#
function XMLReplaceSpecialChars($String) { #
#------------------------------------------#
#
# This function takes a string passed to it and replaces any
# XML special characters it finds with the XML code for those
# characters.  It then returns the new string.
    $String = $String.Replace("&", "&amp;")
    $String = $String.Replace("'", "&apos;")
    $String = $String.Replace("""", "&quot;")
    $String = $String.Replace("< ", "&lt;")
    $String = $String.Replace(">", "&gt;")
    $String
} # End XMLReplaceSpecialChars

get-IsDNUser

#------------------------------------#
function get-IsDNUser([string]$DN) { #
#------------------------------------#
#
# Pass this function a DN string and it will check AD via
# ADSI and return $True if the DN is a user.  It will
# return $False if it is NOT a user.
    $objUser = [ADSI]$DN
    if($? -eq $True) {
        $Match = $False
        foreach($x in $objUser.objectClass) {
            if($x.ToLower() -eq "user") { $Match = $True }
        }
        $Match
    }
    Else { $False }
}

get-IsDNGroup

#-------------------------------------#
function get-IsDNGroup([string]$DN) { #
#-------------------------------------#
#
# Pass this function a DN string and it will check AD via
# ADSI and return $True if the DN is a group.  It will
# return $False if it is NOT a group.
    $objUser = [ADSI]$DN
    if($? -eq $True) {
        $Match = $False
        foreach($x in $objUser.objectClass) {
            if($x.ToLower() -eq "group") { $Match = $True }
        }
        $Match
    }
    Else { $False }
}

get-GroupMembers

#------------------------------------------------------------#
function get-GroupMembers([string]$group, [string]$server) { #
#------------------------------------------------------------#
    if (! $group) { throw "Group NOT found!" } 

    $ADSIGroup = [ADSI]"WinNT://$server/$group" 

    foreach ($member in $ADSIGroup.Members()) { 
      $ADSIName = $member.GetType().InvokeMember("AdsPath","GetProperty",$null,$member,$null) 
      if ($ADSIName -match "[^/]/[^/]") { [String]::Join("\", $ADSIName.Split("/")[-2..-1]) } 
      else { $ADSIName.Split("/")[-1] } 
    } 
} # End get-GroupMembers
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License