/\/\o\/\/ PowerShelled
This blog has moved to http://ThePowerShellGuy.com Greetings /\/\o\/\/
$PreviousItems = (" PowerShell and MOM2005 part 2 : Updating Settings "," PowerShell Boolean FileMode "," Working with Fixed Length delimited Text files in ... "," PowerShell and Active Directory Part 3 (UserProper... "," PowerShell and MOM 2005 "," PowerShell and Active Directory Part 2 "," PowerShel and Active Directory Part 1 "," TechEd RoundUp "," A big hurray for the Scripting Guy ! "," Teched "," ")
Monday, July 17, 2006
PowerShell and Active Directory Part 4 (TypeData)
As I have been a bit busy ...
( PoSH>ConvertTo-Fahrenheit 32 89.6 PoSH>ConvertTo-Fahrenheit 35 95 in the netherlands ;-))
part 4 is a bit later and it's not yet about the making of scripts as I decided to give some info about using Typedata with the DirectoryEntry Object first in this post.
As this is handy for commandline usage as we can hide some of the more complex Userproperties with typedata, and unlike the WTF example with the boolean I DO keep this update typedata in my profile ;-)
I only will show the adding of the typedata as the rest is covered in former posts.
PowerShel and Active Directory Part 1
Connect to a Domain (Default Naming Context) :
listing properties (format-* commands)
Using get-Member to get information about the object
returned Objects that look like collections could be wrapperobjects. [DirectoryEntries]
how to use get-member on enumerable objects [DirectoryEntries]
using the methods
listing the Child Objects
Getting a Child Object
Connect directly to a Active Directory Object using a path
PowerShell and Active Directory Part 2
Using ADAM to do some testing,
Create a User,
Create a group of users using a Loop
Create an OU or other AD object the same way.
PowerShell and Active Directory Part 3 (UserProperties)
Setting Other properties on the User.
Using ADSI to set properties using InvokeGet, InvokeSet,Invoke
Connecting to Schema using ActiveDirectorySchema class (not work on ADAM.)
how to make a quick function get-Schema
Using native ADSI methods for setting "Special Settings")
where to find More information on ADSI (accountcontrol Terminal services )
that the Invoke methods are the same a in VbScript so they could be handy for translating VbScripts also.
We will add some properties that are a bit harder to get to the DirectoryObject with a typedata file. so we can use it like this :
# update the Typedata
PoSH>Update-TypeData C:\PowerShell\TypeData\directoryEntry.ps1xml
# reset the userAccountControl
PoSH>$mow.userAccountControl = 512
# show added properties
PoSH>$mow | fl PasswordLastChanged,AccountDisabled,PasswordNeverExpires,userAccountControl
PasswordLastChanged : 6/29/2006 8:47:30 PM
AccountDisabled : False
PasswordNeverExpires : False
userAccountControl : {512}
# using the SetScriptBlock to set the AccountDisabled bit
PoSH>$mow.AccountDisabled = $true
PoSH>$mow | fl PasswordLastChanged,AccountDisabled,PasswordNeverExpires,userAccountControl
PasswordLastChanged : 6/29/2006 8:47:30 PM
AccountDisabled : True
PasswordNeverExpires : False
userAccountControl : {514}
# set Password Never Expires
PoSH>$mow.PasswordNeverExpires = $true
PoSH>$mow | fl PasswordLastChanged,AccountDisabled,PasswordNeverExpires,userAccountControl
PasswordLastChanged : 6/29/2006 8:47:30 PM
AccountDisabled : True
PasswordNeverExpires : True
userAccountControl : {66050}
# Set User must change Password at next Logon
PoSH>$mow.pwdLastSet = 0
PoSH>$mow | fl PasswordLastChanged,AccountDisabled,PasswordNeverExpires,userAccountControl
PasswordLastChanged :
AccountDisabled : True
PasswordNeverExpires : True
userAccountControl : {66050}
# UnSet User must change Password at next Logon
PoSH>$mow.pwdLastSet = -1
PoSH>Update-TypeData C:\PowerShell\TypeData\directoryEntry.ps1xml
# reset the userAccountControl
PoSH>$mow.userAccountControl = 512
# show added properties
PoSH>$mow | fl PasswordLastChanged,AccountDisabled,PasswordNeverExpires,userAccountControl
PasswordLastChanged : 6/29/2006 8:47:30 PM
AccountDisabled : False
PasswordNeverExpires : False
userAccountControl : {512}
# using the SetScriptBlock to set the AccountDisabled bit
PoSH>$mow.AccountDisabled = $true
PoSH>$mow | fl PasswordLastChanged,AccountDisabled,PasswordNeverExpires,userAccountControl
PasswordLastChanged : 6/29/2006 8:47:30 PM
AccountDisabled : True
PasswordNeverExpires : False
userAccountControl : {514}
# set Password Never Expires
PoSH>$mow.PasswordNeverExpires = $true
PoSH>$mow | fl PasswordLastChanged,AccountDisabled,PasswordNeverExpires,userAccountControl
PasswordLastChanged : 6/29/2006 8:47:30 PM
AccountDisabled : True
PasswordNeverExpires : True
userAccountControl : {66050}
# Set User must change Password at next Logon
PoSH>$mow.pwdLastSet = 0
PoSH>$mow | fl PasswordLastChanged,AccountDisabled,PasswordNeverExpires,userAccountControl
PasswordLastChanged :
AccountDisabled : True
PasswordNeverExpires : True
userAccountControl : {66050}
# UnSet User must change Password at next Logon
PoSH>$mow.pwdLastSet = -1
note that pwdLastSet we can use directly from the DirectoryEntry object but not read,
as its a largeInteger COM Object (more about that later in the series).
the DirectoryEntry.ps1xml file I made for this looks like this :
<?xml version="1.0" encoding="utf-8" ?>
<Types>
<Type>
<Name>System.DirectoryServices.DirectoryEntry</Name>
<Members>
<ScriptProperty>
<Name>PasswordLastChanged</Name>
<GetScriptBlock>
$this.InvokeGet('PasswordLastChanged')
</GetScriptBlock>
</ScriptProperty>
<ScriptProperty>
<Name>AccountDisabled</Name>
<GetScriptBlock>
[bool]($this.userAccountControl[0] -band 2)
</GetScriptBlock>
<SetScriptBlock>
if ($args -eq $true) {
$this.userAccountControl[0] = $this.userAccountControl[0] -bor (2)
}
Else {
$this.userAccountControl[0] = $this.userAccountControl[0] -band (-bnot 2)
}
</SetScriptBlock>
</ScriptProperty>
<ScriptProperty>
<Name>PasswordNeverExpires</Name>
<GetScriptBlock>
[bool]($this.userAccountControl[0] -band 65536)
</GetScriptBlock>
<SetScriptBlock>
if ($args -eq $true) {
$this.userAccountControl[0] = $this.userAccountControl[0] -bor (65536)
}
Else {
$this.userAccountControl[0] = $this.userAccountControl[0] -band (-bnot 65536)
}
</SetScriptBlock>
</ScriptProperty>
</Members>
</Type>
</Types>
<Types>
<Type>
<Name>System.DirectoryServices.DirectoryEntry</Name>
<Members>
<ScriptProperty>
<Name>PasswordLastChanged</Name>
<GetScriptBlock>
$this.InvokeGet('PasswordLastChanged')
</GetScriptBlock>
</ScriptProperty>
<ScriptProperty>
<Name>AccountDisabled</Name>
<GetScriptBlock>
[bool]($this.userAccountControl[0] -band 2)
</GetScriptBlock>
<SetScriptBlock>
if ($args -eq $true) {
$this.userAccountControl[0] = $this.userAccountControl[0] -bor (2)
}
Else {
$this.userAccountControl[0] = $this.userAccountControl[0] -band (-bnot 2)
}
</SetScriptBlock>
</ScriptProperty>
<ScriptProperty>
<Name>PasswordNeverExpires</Name>
<GetScriptBlock>
[bool]($this.userAccountControl[0] -band 65536)
</GetScriptBlock>
<SetScriptBlock>
if ($args -eq $true) {
$this.userAccountControl[0] = $this.userAccountControl[0] -bor (65536)
}
Else {
$this.userAccountControl[0] = $this.userAccountControl[0] -band (-bnot 65536)
}
</SetScriptBlock>
</ScriptProperty>
</Members>
</Type>
</Types>
You can see that if you add this update-typedata to your profile, and update it for other advanced properties when you run into them (e.g. the terminalserverproperties we did see in part 3) this will build up to a very handy AD library (till it's standard in V2) making the commandline use very easy as it is attached to the DirectoryEntryType so it works as this is standard.
so again no need to wait for V2 ;-)
In the next part I will go on with the script examples originaly planned for this post, but I found the SetScriptBlock to cool to wait and it took a bit less time.
only I could not find a way to get the args named Param([bool]$value) did not work.
Enjoy,
Greetings /\/\o\/\/
Tags : Monad msh PowerShell
