Connecting to Active-Directory on Windows 2008 Server Core R2
PowerShell doesn’t have any built in CmdLet for working with Active-Directory. Quest has put togheter a couple of real nice Active-Directory CmdLets that automate Active-Directory tasks. Anyway, I’m going to do a couple of posts on managing Active-Directory on a Server Core, through the DirectoryEntryAdapter. First off, let’s take a quick look at my dev Active-Directory.
Nothing strange here, Domain name is APA.CORP and the server is called Server1
Lets connect to the Active-Directory through PowerShell. First we create a connection string.
PS > $Connection = "LDAP://DC=APA,DC=CORP"Next, we connect to Active-Directory through [adsi]
PS > $AD = [adsi] $Connection
PS > $AD
distinguishedName : {DC=APA,DC=CORP}
Path : LDAP://Server1/DC=APA,DC=CORP
If you have alot of domain controllers in your farm you can specify which DC you want to connect to and also specify the LDAP port 389 in the connectionstring:
PS > $Connect = LDAP://Server1:389/DC=APA,DC=CORP PS > $AD = [adsi] $ConnectionIf we want to explore our AD through PowerShell, we can use PsBase.Children to retrieve its children.
PS > $AD.PsBase.Children
distinguishedName : {CN=Builtin,DC=APA,DC=CORP}
Path : LDAP://Server1/CN=Builtin,DC=APA,DC=CORP
distinguishedName : {CN=Computers,DC=APA,DC=CORP}
Path : LDAP://Server1/CN=Computers,DC=APA,DC=CORP
distinguishedName : {OU=Domain Controllers,DC=APA,DC=CORP}
Path : LDAP://Server1/OU=Domain Controllers,DC=APA,DC=CORP
distinguishedName : {CN=ForeignSecurityPrincipals,DC=APA,DC=CORP}
Path : LDAP://Server1/CN=ForeignSecurityPrincipals,DC=APA,DC=CORP
distinguishedName : {CN=Infrastructure,DC=APA,DC=CORP}
Path : LDAP://Server1/CN=Infrastructure,DC=APA,DC=CORP
distinguishedName : {CN=LostAndFound,DC=APA,DC=CORP}
Path : LDAP://Server1/CN=LostAndFound,DC=APA,DC=CORP
distinguishedName : {CN=Managed Service Accounts,DC=APA,DC=CORP}
Path : LDAP://Server1/CN=Managed Service Accounts,DC=APA,DC=CORP
distinguishedName : {CN=NTDS Quotas,DC=APA,DC=CORP}
Path : LDAP://Server1/CN=NTDS Quotas,DC=APA,DC=CORP
distinguishedName : {CN=Program Data,DC=APA,DC=CORP}
Path : LDAP://Server1/CN=Program Data,DC=APA,DC=CORP
distinguishedName : {CN=System,DC=APA,DC=CORP}
Path : LDAP://Server1/CN=System,DC=APA,DC=CORP
distinguishedName : {CN=Users,DC=APA,DC=CORP}
Path : LDAP://Server1/CN=Users,DC=APA,DC=CORP
It’s also possible to list all properties through the Format-List CmdLet.
PS > $AD | Format-List *
objectClass : {top, domain, domainDNS}
distinguishedName : {DC=APA,DC=CORP}
instanceType : {5}
whenCreated : {1/17/2009 6:29:21 AM}
whenChanged : {1/17/2009 6:33:07 AM}
subRefs : {DC=ForestDnsZones,DC=APA,DC=CORP, DC=Domain
DnsZones,DC=APA,DC=CORP, CN=Configuration,DC
=APA,DC=CORP}
uSNCreated : {System.__ComObject}
uSNChanged : {System.__ComObject}
name : {APA}
objectGUID : {164 249 62 250 183 125 32 74 162 127 129 25
5 219 196 229 116}
creationTime : {System.__ComObject}
forceLogoff : {System.__ComObject}
lockoutDuration : {System.__ComObject}
lockOutObservationWindow : {System.__ComObject}
lockoutThreshold : {0}
maxPwdAge : {System.__ComObject}
minPwdAge : {System.__ComObject}
minPwdLength : {7}
modifiedCountAtLastProm : {System.__ComObject}
nextRid : {1000}
pwdProperties : {1}
pwdHistoryLength : {24}
objectSid : {1 4 0 0 0 0 0 5 21 0 0 0 171 166 141 168 63
138 126 92 158 59 183 83}
serverState : {1}
uASCompat : {1}
modifiedCount : {System.__ComObject}
auditingPolicy : {0 1}
nTMixedDomain : {0}
rIDManagerReference : {CN=RID Manager$,CN=System,DC=APA,DC=CORP}
fSMORoleOwner : {CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=D
efault-First-Site-Name,CN=Sites,CN=Configura
tion,DC=APA,DC=CORP}
systemFlags : {-1946157056}
wellKnownObjects : {System.__ComObject, System.__ComObject, Sys
tem.__ComObject, System.__ComObject...}
objectCategory : {CN=Domain-DNS,CN=Schema,CN=Configuration,DC
=APA,DC=CORP}
isCriticalSystemObject : {True}
gPLink : {[LDAP://CN={31B2F340-016D-11D2-945F-00C04FB
984F9},CN=Policies,CN=System,DC=APA,DC=CORP;
0]}
dSCorePropagationData : {1/17/2009 6:30:55 AM, 1/1/1601 12:00:04 AM}
otherWellKnownObjects : {System.__ComObject}
masteredBy : {CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=D
efault-First-Site-Name,CN=Sites,CN=Configura
tion,DC=APA,DC=CORP}
ms-DS-MachineAccountQuota : {10}
msDS-Behavior-Version : {2}
msDS-PerUserTrustQuota : {1}
msDS-AllUsersTrustQuota : {1000}
msDS-PerUserTrustTombstonesQuota : {10}
msDs-masteredBy : {CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=D
efault-First-Site-Name,CN=Sites,CN=Configura
tion,DC=APA,DC=CORP}
msDS-IsDomainFor : {CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=D
efault-First-Site-Name,CN=Sites,CN=Configura
tion,DC=APA,DC=CORP}
msDS-NcType : {0}
dc : {APA}
nTSecurityDescriptor : {System.__ComObject}
AuthenticationType : Secure
Children : {Builtin, Computers, Domain Controllers, For
eignSecurityPrincipals...}
Guid : a4f93efab77d204aa27f81ffdbc4e574
ObjectSecurity : System.DirectoryServices.ActiveDirectorySecu
rity
NativeGuid : a4f93efab77d204aa27f81ffdbc4e574
NativeObject : System.__ComObject
Parent : LDAP://Server1/DC=CORP
Password :
Path : LDAP://Server1/DC=APA,DC=CORP
Properties : {objectClass, distinguishedName, instanceTyp
e, whenCreated...}
SchemaClassName : domainDNS
SchemaEntry : System.DirectoryServices.DirectoryEntry
UsePropertyCache : True
Username :
Options : {}
Site :
Container :
Below is the complete code used in this example
$Connection = "LDAP://DC=BPA,DC=CORP" $AD = [adsi] $Connection $AD $AD.PsBase.Children $AD | Format-List *
[?]
objectSid : {1 4 0 0 0 0 0 5 21 0 0 0 171 166 141 168 63
138 126 92 158 59 183 83}
What a strange SID. Is this true? It means S-1-4-0-0.. Or should I convert it?