/\/\o\/\/ PowerShelled

This blog has moved to http://ThePowerShellGuy.com Greetings /\/\o\/\/
$AtomFeed = ("Atom.xml")
$PreviousItems = (" PowerShell : Learn about the HashTable Object and ... "," PowerShell : Setting SendAs permission in Exchange... "," PowerShell : Active Directory Part 10 (AD Browser) "," PowerShell "," PowerShell : How Do I randomize a list, and remove... "," PowerShell : Can you do that less cryptic ? "," PowerShell : How can I tell whitch numbers are mis... "," PowerShell Active Directory Browser teaser "," Powershell, Has my Dell a dangerous battery Part 2 ? "," PowerShell, Has my Dell a dangerous battery ? "," ")

Tuesday, September 12, 2006

 


PowerShell : Active Directory Part 11 - moving - Renaming Objects



In this post Move and Renaming AD objects,

still not about Searching AD as I did say before using the DirectorySearcher Object,

 but as a lot of my older posts and examples about  already use it, If you did read the read the other parts of this AD series, you should be able understand those example scripts to get much information from that older scripts about searching AD going on from the examples, and pasting in lines of code from the examples into the interactive Shell .  

See for a complete list, of all the parts in this series, and the other examples and scripts using the DirectorySearcher. 

The excellent PowerShell Links directory Dance2Die maintains on Del.icio.us : PowerShell (Note the RSS feed !! )in the Active Directory Subdirectory: del.icio.us PowerShell AD links

(if can you make a get-Aduser ($SamAccountName){} from that using a DirectorySearcher as an example, please leave it in the comments ;-) 

so in this post renaming and moving objects as that was not discussed yet :

 

Yesterday night,  I got a question on how to rename a user in PoSH on IRC (IRC.freeNode.net #PowerShell).

I could not come up with a direct answer at the time, but did remember from VbScript that you could use a method on the OU, 

I did a quick lookup, Microsoft Windows 2000 Scripting Guide - Moving and Renaming User ...

and came to this :

PoSH>$MowOu = C:\PowerShell\ActiveDirectoryBrowser.Ps1

PoSH>$mowOU

distinguishedName
-----------------
{OU=MowOu,DC=mow,DC=local}

PoSH>$mowou.get_Children()

distinguishedName
-----------------
{CN=$_,OU=MowOu,DC=mow,DC=local}
{CN=foo,OU=MowOu,DC=mow,DC=local}
{CN=foobar,OU=MowOu,DC=mow,DC=local}
{CN=Ken Myer,OU=MowOu,DC=mow,DC=local}
{CN=mow,OU=MowOu,DC=mow,DC=local}
{CN=Mow2,OU=MowOu,DC=mow,DC=local}
{OU=MowSubOu,OU=MowOu,DC=mow,DC=local}
{CN=NewUser0003,OU=MowOu,DC=mow,DC=local}
{CN=NewUser0010,OU=MowOu,DC=mow,DC=local}
{CN=NewUser0011,OU=MowOu,DC=mow,DC=local}
{CN=NewUser0267,OU=MowOu,DC=mow,DC=local}
{CN=TestGroup,OU=MowOu,DC=mow,DC=local}

PoSH>$mowOU.invoke('MoveHere','LDAP://CN=mow,OU=MowOu,DC=mow,DC=local','cn=mowMoved')

distinguishedName
-----------------
{CN=mowMoved,OU=MowOu,DC=mow,DC=local}

 

After I came home from work today and found back the PowerShell console as I left it last night,

I did a get-member again, and did see that I had missed the most obvious solution last night, using the Methods on the DirectoryObject.

PoSH>$mowOU | gm -MemberType method

TypeName: System.DirectoryServices.DirectoryEntry

Name MemberType Definition
---- ---------- ----------
add_Disposed Method System.Void add_Disposed(EventHandler value)
Close Method System.Void Close()
CommitChanges Method System.Void CommitChanges()
CopyTo Method System.DirectoryServices.DirectoryEntry CopyTo(DirectoryEntry newParent), Syste...
CreateObjRef Method System.Runtime.Remoting.ObjRef CreateObjRef(Type requestedType)
DeleteTree Method System.Void DeleteTree()
Dispose Method System.Void Dispose()
Equals Method System.Boolean Equals(Object obj)
get_AuthenticationType Method System.DirectoryServices.AuthenticationTypes get_AuthenticationType()
get_Children Method System.DirectoryServices.DirectoryEntries get_Children()
get_Container Method System.ComponentModel.IContainer get_Container()
get_Guid Method System.Guid get_Guid()
get_Name Method System.String get_Name()
get_NativeGuid Method System.String get_NativeGuid()
get_NativeObject Method System.Object get_NativeObject()
get_ObjectSecurity Method System.DirectoryServices.ActiveDirectorySecurity get_ObjectSecurity()
get_Options Method System.DirectoryServices.DirectoryEntryConfiguration get_Options()
get_Parent Method System.DirectoryServices.DirectoryEntry get_Parent()
get_Path Method System.String get_Path()
get_Properties Method System.DirectoryServices.PropertyCollection get_Properties()
get_SchemaClassName Method System.String get_SchemaClassName()
get_SchemaEntry Method System.DirectoryServices.DirectoryEntry get_SchemaEntry()
get_Site Method System.ComponentModel.ISite get_Site()
get_UsePropertyCache Method System.Boolean get_UsePropertyCache()
get_Username Method System.String get_Username()
GetHashCode Method System.Int32 GetHashCode()
GetLifetimeService Method System.Object GetLifetimeService()
GetType Method System.Type GetType()
InitializeLifetimeService Method System.Object InitializeLifetimeService()
Invoke Method System.Object Invoke(String methodName, Params Object[] args)
InvokeGet Method System.Object InvokeGet(String propertyName)
InvokeSet Method System.Void InvokeSet(String propertyName, Params Object[] args)
MoveTo Method System.Void MoveTo(DirectoryEntry newParent), System.Void MoveTo(DirectoryEntry...
RefreshCache Method System.Void RefreshCache(), System.Void RefreshCache(String[] propertyNames)
remove_Disposed Method System.Void remove_Disposed(EventHandler value)
Rename Method System.Void Rename(String newName)
set_AuthenticationType Method System.Void set_AuthenticationType(AuthenticationTypes value)
set_ObjectSecurity Method System.Void set_ObjectSecurity(ActiveDirectorySecurity value)
set_Password Method System.Void set_Password(String value)
set_Path Method System.Void set_Path(String value)
set_Site Method System.Void set_Site(ISite value)
set_UsePropertyCache Method System.Void set_UsePropertyCache(Boolean value)
set_Username Method System.Void set_Username(String value)
ToString Method System.String ToString()

So you also can do this :

# Using the DirectoryEntry Rename method

PoSH>$mowOU.get_Children() |? {$_.cn -match 'mowMoved'}

distinguishedName
-----------------
{CN=mowMoved,OU=MowOu,DC=mow,DC=local}

PoSH>$MowMoved = $mowOU.get_Children() |? {$_.cn -match 'mowm'}

PoSH>$MowMoved

distinguishedName
-----------------
{CN=mowMoved,OU=MowOu,DC=mow,DC=local}

PoSH>$MowMoved.rename('cn=mow')
PoSH>$MowMoved

distinguishedName
-----------------
{CN=mow,OU=MowOu,DC=mow,DC=local}

 

# Connect to RootDSE and go to user by setting a new path using Set_Path

PoSH>$mow = new-object system.directoryservices.directoryEntry
PoSH>$mow

distinguishedName
-----------------
{DC=mow,DC=local}

PoSH>$mow.set_path('LDAP://CN=mow,OU=MowOu,DC=mow,DC=local')
PoSH>$mow

distinguishedName
-----------------
{CN=mow,OU=MowOu,DC=mow,DC=local}

You can see from this that it is handy that you can use the methods you are used to (or vaguely remember) from VbScript.

And you can use the methods from the .NET Wrapper Object ( you can learn about using Get-Member ).

Ok, Ok the CmdLets are for V2, (but I did hear some rumors about some extra functionality for AD as well as for WMI in RC2 .),

but working in the Interactive Shell console like this trying things interactively , combining Old and discovered knowledge, having much less looking up of Information and templates for admin task, using SDK DLL's (MOM 2005,SMS2003)gives you that kind of a productivity boost compared to working in VbScript ( a guess for me it's 10x and sometimes (for on the fly work ) much more (could be days ), as against doing the same in VbScript, and 2 or 3 times for CMD.EXE and commandline tool usage where applicable )

That sometimes I really feel like flying in PowerShell ;-) 

and we can make our own functions with ease from the commands also :

 

PoSH>function get-ADObject ($Path) {new-object system.directoryservices.directoryEntry($path)}
PoSH>get-ADObject 'LDAP://CN=mow,OU=MowOu,DC=mow,DC=local'

distinguishedName
-----------------
{CN=mow,OU=MowOu,DC=mow,DC=local}

 

 and with the easy of making GUI Forms in PowerShell see  PowerShell : Active Directory Part 10 (AD Browser) , for exporing the AD tree and visual selecting an AD object for use in PowerShell, that also makes it easy to get to AD objects for interactive tasks.

Not everything is perfect yet (Exception Handling, for in scripts,Remoting etc.), but I would  not be able to live without it for my dayly work allready.

If you followed this series, and  / or used PowerShell for AD management, compared to how you used to do you think it gives you a productivity boost, or will be able to ? I would be glad to hear what you think about this , please leave a comment about that also (Ok, enough begging, but my read / comment rate is low ;-) )

Enjoy,

Greetings, /\/\o\/\/

Tags : Monad msh PowerShell


Comments:
Anonymous Anonymous
Marc - I've been enjoying your articles on AD. I've been learning a lot from them so please keep up the good work.

I've been exploring AD with PoSH by using it in some work projects at work where I'm starting to shift from vbscript. (FWIW, I've just started posting some of the things I've been doing at http://pathologicalscripter.wordpress.com)

You asked
(if can you make a get-Aduser ($SamAccountName){} from that using a DirectorySearcher as an example, please leave it in the comments ;-)

If I understood your question correctly, I would use:

function get-ADUser {
param ($samAccount="")
$local:Searcher = New-Object DirectoryServices.DirectorySearcher
$Searcher.Filter = "(&(objectCategory=person)(objectClass=user)(samAccountName=" + $samAccount + "))"
$local:SearchResults = $Searcher.FindOne()
New-Object DirectoryServices.DirectoryEntry ("LDAP://" + ($SearchResults.properties.distinguishedname))
}
 
Blogger /\/\o\/\/
Hiya Jim,

Thanks for your reaction,
and your solution to the question.
that was the answer I was looking for.

I made 2 changes as a tip, one in the filter string as we can use variables in the string in PowerShell.

the second is using the getDirecttoryEntry Metod on the searchresult to get to the user object .

function get-ADUser {
param ($samAccount="")
$Searcher = New-Object DirectoryServices.DirectorySearcher
$Searcher.Filter = "(&(objectCategory=person)(objectClass=user)(samAccountName=$samAccount))"
$Searcher.FindOne().GetDirectoryEntry()
}

Greetings /\/\o\/\/
 
Anonymous Anonymous
Marc -

Thanks for your tips, especially on using the GetDirectoryEntry method directly on the search results.

I noticed that you also deleted the local scope declarations on the variables. Are variables used inside function definitions locally scoped by default? I wasn't sure so I've just fallen into the habit of declaring them that way.

Jim
 
Blogger /\/\o\/\/
I noticed that you also deleted the local scope declarations on the variables

Nope, lazyness on my part, I tested by pasting in
 
Post a Comment



<< Home

Archives

October 2005   November 2005   December 2005   January 2006   February 2006   March 2006   April 2006   May 2006   June 2006   July 2006   August 2006   September 2006   October 2006   November 2006   December 2006  

$Links = ("PowerShell RC1 Docs"," PowerShell RC1 X86"," PowerShell RC1 X64"," Monad GettingStarted guide"," Monad Progamming Guide"," Monad SDK"," Monad videos on Channel 9"," MSH Community Workspace"," scripts.readify.net "," MonadSource"," www.reskit.net"," PowerShell Blog"," Under The Stairs"," computerperformance powershell Home"," proudlyserving"," MSH on wikipedia"," MSHWiki Channel 9"," Keith Hill's Blog"," Precision Computing"," PowerShell for fun"," MSH Memo (Japanese)"," monadblog")

find-blog -about "PowerShell","Monad" | out-Technorati.
find-blog -contains "","" | out-Technorati.
Google
 
Web mow001.blogspot.com

This page is powered by Blogger. Isn't yours?