This blog has moved to http://ThePowerShellGuy.com
Greetings /\/\o\/\/
I found this Great article about new way's to deal with AD in .NET 2.0
Got Directory Services? New Ways to Manage Active Directory using the .NET Framework 2.0
http://msdn.microsoft.com/msdnmag/issues/05/12/DirectoryServices/
by Ethan Wilansky (coauthor of the Microsoft Shell (MSH) language reference)
realy recommended !
I already mention some of the New infrastucture classes of AD in .NET 2.0 in a previous entry:
AD Infastructure exploring with MSH this article will point you to more improvements in the DirectoryServices Namespace.
I will give some examples converted to MSH below (the examples in the article are easy to translate to Monad), but I will point you to the Article for more information.
# get a user for the examples :
$de = new-object system.directoryservices.directoryentry("cn=mow,ou=mowou,dc=mow,dc=com")
# Using (Native) ADSI properties by using InvokeGet Method :
$de.InvokeGet("IsAccountLocked")
# getting a Security Descriptor :
$sd = new-object system.directoryservices.ActiveDirectorySecurity
# get Owner / Group (with the choice as NtAccount or SID)
$sd.GetOwner([security.principal.ntaccount])
$sd.GetGroup([system.security.principal.securityidentifier])
# Check if ACEs are properly ordered (W2K3 standard, not standard on W2K)
$sd.AreAccessRulesCanonical
# check if Permissions inheritance is enabled.
$sd.AreAccessRulesProtected
$ds = new-object system.directoryservices.directorySearcher
$ds.SearchRoot # defaulting to Domain (using RootDSe)
$ds.searchroot = "LDAP://ou=MowOU,dc=mow,dc=com" # or set it.
# Make a Snapshot of AD
$sync = new-object System.DirectoryServices.DirectorySynchronization
$ds.DirectorySynchronization = $Sync
$ds.findall()
An error occurred while enumerating through a collection: Access is denied.
# As I don't have the Replicate right (see Article) I need to set ObjectSecurity
$sync = new-object System.DirectoryServices.DirectorySynchronization
$sync.option = "ObjectSecurity"
$ds.DirectorySynchronization = $Sync
$ds.findall()
Exception calling "FindAll" with "0" argument(s): "The value for the property DirectorySynchronizationFlag cannot be se
t.".
# why I can't set this I don't know, I posted a Question in the NG, if I know more I let you know.
# for writing the Cookie (stopped here as I had former Problem)
$bf = new-object System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
# Do a Search using ExtendedDN (to get SID and GUID back also)
$ds.ExtendedDN = "Standard"
$ds.findall()
Exception calling "FindAll" with "0" argument(s): "The value for the property ExtendedDn cannot be set.".
# and again here I have the problem setting the property
I just tipped at some of the new features mentioned in the article,
I would realy recommend reading it, as it gives a lot of good info about the new possibilities and hope the samples I provided will help porting them to MSH.
as I have more info about the errors setting the properties, I will post it.
if you might know the answer please leave a Comment.
gr /\/\o\/\/