From 2c6299bc60488cba8d78e242e824eae11751db86 Mon Sep 17 00:00:00 2001 From: Jon Bryan Date: Thu, 27 Apr 2017 14:47:39 +0100 Subject: [PATCH 01/11] Update README.md --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a47aa5f..db554f3 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,9 @@ A PowerShell Module that can be used to update the schema in Active Directory # Installation -`Install-Module ADSchema` +Copy module files to PSModulePath, typically %Windir%\System32\WindowsPowerShell\v1.0\Modules +In a new PowerShell instance, import the module for use: + Import-Module ADSchema # Example ``` @@ -24,4 +26,4 @@ Usually, the best practice is to create your new attributes, and then also creat Once you create the Auxiliary class, you can bind it to an existing class. This is actually something that can be undone, so it reeduces the fear and worry of really messing up your Active Directory. -Last, a quick note about Object Identifiers, also known as OID. OID's are what are used as unique identifiers of schema attributes and classes in Active Directory. They are also used in MIB's for networking. For development purposes, you can generate your own OID's. There is even a function in this module that will do it for you. However, if you are going to extend your production schema, you should register for a Private Enterprise Number. Information on this can be found at http://pen.iana.org/pen/PenApplication.page. \ No newline at end of file +Last, a quick note about Object Identifiers, also known as OID. OID's are what are used as unique identifiers of schema attributes and classes in Active Directory. They are also used in MIB's for networking. For development purposes, you can generate your own OID's. There is even a function in this module that will do it for you. However, if you are going to extend your production schema, you should register for a Private Enterprise Number. Information on this can be found at http://pen.iana.org/pen/PenApplication.page. From 66c87238d0b7414ef7b87c863af9020759f42c85 Mon Sep 17 00:00:00 2001 From: Jon Bryan Date: Thu, 27 Apr 2017 14:48:19 +0100 Subject: [PATCH 02/11] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index db554f3..6c79b25 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,8 @@ A PowerShell Module that can be used to update the schema in Active Directory # Installation Copy module files to PSModulePath, typically %Windir%\System32\WindowsPowerShell\v1.0\Modules -In a new PowerShell instance, import the module for use: - Import-Module ADSchema +`In a new PowerShell instance, import the module for use:` + `Import-Module ADSchema` # Example ``` From d7e4ac6e905f12b618b765d494b169e0b27b2022 Mon Sep 17 00:00:00 2001 From: Jon Bryan Date: Thu, 27 Apr 2017 14:48:42 +0100 Subject: [PATCH 03/11] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6c79b25..b28ad16 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ A PowerShell Module that can be used to update the schema in Active Directory # Installation Copy module files to PSModulePath, typically %Windir%\System32\WindowsPowerShell\v1.0\Modules -`In a new PowerShell instance, import the module for use:` +In a new PowerShell instance, import the module for use:` `Import-Module ADSchema` # Example From 9c2b6e5a1a6a17c1b1de40040e7b2ff51c250413 Mon Sep 17 00:00:00 2001 From: Jon Bryan Date: Thu, 27 Apr 2017 14:49:10 +0100 Subject: [PATCH 04/11] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b28ad16..771f744 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,7 @@ A PowerShell Module that can be used to update the schema in Active Directory # Installation Copy module files to PSModulePath, typically %Windir%\System32\WindowsPowerShell\v1.0\Modules + In a new PowerShell instance, import the module for use:` `Import-Module ADSchema` # Example From aabb3eecb026425f0bff2a68fdf2bf384ec7221c Mon Sep 17 00:00:00 2001 From: Jon Bryan Date: Thu, 27 Apr 2017 14:49:28 +0100 Subject: [PATCH 05/11] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 771f744..14c3b22 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ A PowerShell Module that can be used to update the schema in Active Directory # Installation Copy module files to PSModulePath, typically %Windir%\System32\WindowsPowerShell\v1.0\Modules -In a new PowerShell instance, import the module for use:` +In a new PowerShell instance, import the module for use: `Import-Module ADSchema` # Example From 7cc9107dcdb4ab5e1e60651b00b88f20074e0b65 Mon Sep 17 00:00:00 2001 From: Jon Bryan Date: Fri, 28 Apr 2017 22:35:10 +0100 Subject: [PATCH 06/11] Initial hit of ADLDS versions Need to work on the "New" scripts now. Then validate that these work outside my bubble. --- scripts/Add-ADLDSSchemaAttributeToClass.ps1 | 38 ++++++++++++++ .../Add-ADLDSSchemaAuxiliaryClassToClass.ps1 | 52 +++++++++++++++++++ scripts/Get-ADLDSSchemaAttribute.ps1 | 30 +++++++++++ scripts/Get-ADLDSSchemaClass.ps1 | 34 ++++++++++++ scripts/Invoke-ADLDSSchemaReload.ps1 | 26 ++++++++++ 5 files changed, 180 insertions(+) create mode 100644 scripts/Add-ADLDSSchemaAttributeToClass.ps1 create mode 100644 scripts/Add-ADLDSSchemaAuxiliaryClassToClass.ps1 create mode 100644 scripts/Get-ADLDSSchemaAttribute.ps1 create mode 100644 scripts/Get-ADLDSSchemaClass.ps1 create mode 100644 scripts/Invoke-ADLDSSchemaReload.ps1 diff --git a/scripts/Add-ADLDSSchemaAttributeToClass.ps1 b/scripts/Add-ADLDSSchemaAttributeToClass.ps1 new file mode 100644 index 0000000..a649615 --- /dev/null +++ b/scripts/Add-ADLDSSchemaAttributeToClass.ps1 @@ -0,0 +1,38 @@ +<# +.SYNOPSIS + Adds an attribute to a class. + +.DESCRIPTION + Add a New Custom Class to an existing Structural Class in ADLDS. + + For example if you want to add attributes to the User Class: + 1. Create a new Auxiliary Class. + 2. Add Attributes to that new Auxiliary Class. + 3. Assign the new class as an Auxiliary Class to the User Class. + +.PARAMETER ADLDSService + Hostname and port in format hostname:port + Defaults to localhost:389 + +.PARAMETER AuxiliaryClass + The class that will be holding the new attributes you are creating. + This will be an Auxiliary Class of the structural class. + +.PARAMETER Class + The Structural Class you are adding an Auxiliary Class to. + +.EXAMPLE + PS> Add-ADSchemaAuxiliaryClassToClass -AuxiliaryClass asTest -Class User + Set the 'asTest' class as an Auxiliary Class of the User Class. +#> + +Function Add-ADLDSSchemaAttributeToClass { +param( + $Attribute, + $Class +) + $DirectoryContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $ADLDSService) + $schemaPath = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($DirectoryContext) + $Schema = Get-ADObject -SearchBase $schemaPath -Filter "name -eq `'$Class`'" + $Schema | Set-ADObject -Add @{mayContain = $Attribute} +} \ No newline at end of file diff --git a/scripts/Add-ADLDSSchemaAuxiliaryClassToClass.ps1 b/scripts/Add-ADLDSSchemaAuxiliaryClassToClass.ps1 new file mode 100644 index 0000000..d71833b --- /dev/null +++ b/scripts/Add-ADLDSSchemaAuxiliaryClassToClass.ps1 @@ -0,0 +1,52 @@ +<# +.SYNOPSIS + Adds an Auxiliary Class to a Structural Class. + +.DESCRIPTION + Add a new Custom Class to an existing Structural Class in ADLDS. + + For example if you want to add attributes to the user class, you should: + + 1) Create a new Auxiliary Class. + 2) Add attributes to that Auxiliary Class. + 3) Finally assign the New Class as an Auxiliary Class to the User Class. + +.PARAMETER ADLDSService + Hostname and port in format hostname:port + Defaults to localhost:389 + +.PARAMETER AuxiliaryClass + The class that will be holding the new attributes you are creating. + This will be an auxiliary class of the structural class. + +.PARAMETER Class + The structural class you are adding an Auxiliary Class to.. + +.EXAMPLE + PS> Add-ADSchemaAuxiliaryClassToClass -AuxiliaryClass asTest -Class User + Set the asTest class as an aux class of the User class. + +.EXAMPLE + PS> Add-ADSchemaAuxiliaryClassToClass -ADLDSService myserver.mydomain:1036 -AuxiliaryClass asTest -Class User + On a non-default server, set the asTest class as an aux class of the User class. +#> + +Function Add-ADLDSSchemaAuxiliaryClassToClass { + param( + + [Parameter()] + $ADLDSService = 'localhost:389', + + [Parameter()] + $AuxiliaryClass, + + [Parameter()] + $Class + ) + + $DirectoryContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $ADLDSService) + $schemaPath = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($DirectoryContext) + $auxClass = Get-ADObject -SearchBase $schemaPath -server $ADLDSService -Filter "name -eq `'$AuxiliaryClass`'" -Properties governsID + $classToAddTo = Get-ADObject -SearchBase $schemaPath -server $ADLDSService -Filter "name -eq `'$Class`'" + $classToAddTo | Set-ADObject -Add @{auxiliaryClass = $($auxClass.governsID)} +} \ No newline at end of file diff --git a/scripts/Get-ADLDSSchemaAttribute.ps1 b/scripts/Get-ADLDSSchemaAttribute.ps1 new file mode 100644 index 0000000..fff7dbc --- /dev/null +++ b/scripts/Get-ADLDSSchemaAttribute.ps1 @@ -0,0 +1,30 @@ +<# +.Synopsis + Gets attributes in an ADLDS Schema (default server:port = localhost:389) +.DESCRIPTION + Gets attributes in an ADLDS Schema (default server:port = localhost:389) +.EXAMPLE + Get-ADSchemaAttribute -class User -Attribute c* +.EXAMPLE + Get-ADSchemaAttribute -class asTestClass -attribute asFavoriteColor +.EXAMPLE + Get-ADSchemaAttribute -ADLDSService myserver.mydomain:1036 -class asTestClass -attribute asFavoriteColor +#> +Function Get-ADLDSSchemaAttribute { + param( + + [Parameter()] + $ADLDSService = 'localhost:389', + + [Parameter()] + $Attribute = '*', + + [Parameter()] + $Class = 'user' + ) + $DirectoryContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $ADLDSService) + $schema = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($DirectoryContext) + $attributes = $schema.FindClass($Class).mandatoryproperties + $attributes += $schema.FindClass($Class).optionalproperties + return $attributes | Where-Object {$_.Name -like $Attribute} +} \ No newline at end of file diff --git a/scripts/Get-ADLDSSchemaClass.ps1 b/scripts/Get-ADLDSSchemaClass.ps1 new file mode 100644 index 0000000..cbbc057 --- /dev/null +++ b/scripts/Get-ADLDSSchemaClass.ps1 @@ -0,0 +1,34 @@ +<# +.SYNOPSIS + Gets classes in an ADLDS Schema (default server:port = localhost:389) + +.DESCRIPTION + Use this function to list or search for existing classes in the ADLDS Schema (default server:port = localhost:389) + +.PARAMETER Class + The name of the class you want to search for. Supports wildcards + +.EXAMPLE + Get-ADSchemaClass -Name User + +.EXAMPLE + Get-ADSchemaClass com* + +.EXAMPLE + Get-ADSchemaClass -ADLDSService myserver.mydomain:1036 -Name User +#> +Function Get-ADLDSSchemaClass { + param( + + [Parameter()] + $ADLDSService = 'localhost:389', + + [Parameter()] + $Class = '*' + ) + + $DirectoryContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $ADLDSService) + $schema = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($DirectoryContext) + $classes = $schema.FindAllClasses() + return $classes | Where-Object {$_.Name -like $Class} +} \ No newline at end of file diff --git a/scripts/Invoke-ADLDSSchemaReload.ps1 b/scripts/Invoke-ADLDSSchemaReload.ps1 new file mode 100644 index 0000000..e913fab --- /dev/null +++ b/scripts/Invoke-ADLDSSchemaReload.ps1 @@ -0,0 +1,26 @@ +<# +.SYNOPSIS + Reloads the ADLDS Schema +.DESCRIPTION + After the schema has been updated, it needs to be reloaded so your updates + can be seen immediately. + +.EXAMPLE + Using the default server and port (localhost:389) + PS C:\> Invoke-ADSchemaReload + +.EXAMPLE + Using a custom server and port + PS C:\> Invoke-ADSchemaReload -ADLDSService myserver.mydomain:1036 +#> + +Function Invoke-ADLDSSchemaReload { + param( + [Parameter()] + $ADLDSService = 'localhost:389' + ) + + $DirectoryContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $ADLDSService) + $schema = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($DirectoryContext) + $schema.RefreshSchema = $true +} \ No newline at end of file From 9ee18cb5ab0d1fe1e8a0d176dd98cefb63e62844 Mon Sep 17 00:00:00 2001 From: Jon Bryan Date: Fri, 28 Apr 2017 22:35:52 +0100 Subject: [PATCH 07/11] Updated Schema file to load the new ADLDS scripts --- ADSchema.psd1 | Bin 8790 -> 9350 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/ADSchema.psd1 b/ADSchema.psd1 index 8cf6b917f855df504211796b8571d9ca35ea39e5..ee7d0274fbf7d030c85132ecf8711543e2a22a18 100644 GIT binary patch delta 94 zcmccS(&o9rNQl*k!G$4s@@2LJ#7 From 97561733fa546f0e83291243363eb26dea7a92d9 Mon Sep 17 00:00:00 2001 From: Jon Bryan Date: Fri, 28 Apr 2017 22:40:09 +0100 Subject: [PATCH 08/11] Fixed the path to install modules (non-shipped) This: https://msdn.microsoft.com/en-us/library/dd878350(v=vs.85).aspx states that %Windir%\System32\WindowsPowerShell\v1.0\Modules is a location reserved for modules that ship with Windows. Do not install modules to this location. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 14c3b22..665a0dc 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ A PowerShell Module that can be used to update the schema in Active Directory # Installation -Copy module files to PSModulePath, typically %Windir%\System32\WindowsPowerShell\v1.0\Modules +Copy module files to PSModulePath, typically C:\Program Files\WindowsPowerShell\Modules\ In a new PowerShell instance, import the module for use: `Import-Module ADSchema` From 79ef30d7c17a019f14b1f91d717736cac5dd3c52 Mon Sep 17 00:00:00 2001 From: Jonathan Bryan Date: Wed, 28 Jun 2017 11:29:47 +0100 Subject: [PATCH 09/11] All AD scripts amended to support ADLDS --- .vscode/launch.json | 26 ++++++++++ ADSchema.psd1 | Bin 9350 -> 9360 bytes scripts/Add-ADSchemaAttributeToClass.ps1 | 41 +++++++++++++-- scripts/Add-ADSchemaAuxiliaryClassToClass.ps1 | 40 +++++++++++---- scripts/Get-ADSchemaAttribute.ps1 | 47 +++++++++++++++--- scripts/Get-ADSchemaClass.ps1 | 40 +++++++++++---- scripts/Invoke-ADSchemaReload.ps1 | 26 +++++++++- scripts/New-ADSchemaAttribute.ps1 | 21 +++++++- scripts/New-ADSchemaClass.ps1 | 26 ++++++++-- 9 files changed, 228 insertions(+), 39 deletions(-) create mode 100644 .vscode/launch.json diff --git a/.vscode/launch.json b/.vscode/launch.json new file mode 100644 index 0000000..19505d3 --- /dev/null +++ b/.vscode/launch.json @@ -0,0 +1,26 @@ +{ + "version": "0.2.0", + "configurations": [ + { + "type": "PowerShell", + "request": "launch", + "name": "PowerShell Launch (current file)", + "script": "${file}", + "args": [], + "cwd": "${file}" + }, + { + "type": "PowerShell", + "request": "attach", + "name": "PowerShell Attach to Host Process", + "processId": "${command.PickPSHostProcess}", + "runspaceId": 1 + }, + { + "type": "PowerShell", + "request": "launch", + "name": "PowerShell Interactive Session", + "cwd": "${workspaceRoot}" + } + ] +} \ No newline at end of file diff --git a/ADSchema.psd1 b/ADSchema.psd1 index ee7d0274fbf7d030c85132ecf8711543e2a22a18..940d817ed87447437f2e5bb2145f59473de3a401 100644 GIT binary patch delta 58 zcmZqkoZz`ZMTk*(vbeDFWCam{$@c_9CLa*wn`|YV02X}?B>xH@2a}4EpNK4DRNmYv H`j-y?BO?>x delta 68 zcmbQ>+2*-HMQHLoA->64!XlH;35EgLHBkPI$@7HyCf^bfntVo3XtI`=)#L(^D5%(u O$$Fw9n^%aw-~#|xAQ=Pz diff --git a/scripts/Add-ADSchemaAttributeToClass.ps1 b/scripts/Add-ADSchemaAttributeToClass.ps1 index 7752af1..a024be4 100644 --- a/scripts/Add-ADSchemaAttributeToClass.ps1 +++ b/scripts/Add-ADSchemaAttributeToClass.ps1 @@ -17,17 +17,48 @@ .PARAMETER Class The Structural Class you are adding an Auxiliary Class to. +.PARAMETER ADLDS + Boolean - $True to administer ADLDS + +.PARAMETER ADLDSService + Hostname and port in format hostname:port + Defaults to localhost:389 + .EXAMPLE + To administer Active Directory: PS> Add-ADSchemaAuxiliaryClassToClass -AuxiliaryClass asTest -Class User +.EXAMPLE + To administer ADLDS: + PS> Add-ADSchemaAuxiliaryClassToClass -AuxiliaryClass asTest -Class User -ADLDS $True -ADLDSService myadldsservice:1234 Set the 'asTest' class as an Auxiliary Class of the User Class. #> Function Add-ADSchemaAttributeToClass { param( - $Attribute, - $Class + [Parameter(Mandatory=$True)] + [String]$Attribute, + [Parameter(Mandatory=$True)] + [String]$Class, + [Parameter(Mandatory=$False)] + [Boolean]$ADLDS, + [Parameter(Mandatory=$False)] + [String]$ADLDSService ) - $schemaPath = (Get-ADRootDSE).schemaNamingContext - $Schema = Get-ADObject -SearchBase $schemaPath -Filter "name -eq `'$Class`'" - $Schema | Set-ADObject -Add @{mayContain = $Attribute} +If (!$ADLDS) + { + $schemaPath = (Get-ADRootDSE).schemaNamingContext + $Schema = Get-ADObject -SearchBase $schemaPath -Filter "name -eq `'$Class`'" + $Schema | Set-ADObject -Add @{mayContain = $Attribute} + } + ElseIf ($ADLDS -eq $True) + { + If (!$ADLDSService) + { + $ADLDSService = 'localhost:389' + } + $DirectoryContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $ADLDSService) + $schemaPath = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($DirectoryContext) + $Schema = Get-ADObject -SearchBase $schemaPath -Filter "name -eq `'$Class`'" + $Schema | Set-ADObject -Add @{mayContain = $Attribute} + } } \ No newline at end of file diff --git a/scripts/Add-ADSchemaAuxiliaryClassToClass.ps1 b/scripts/Add-ADSchemaAuxiliaryClassToClass.ps1 index 65e0e0c..ae2f8ce 100644 --- a/scripts/Add-ADSchemaAuxiliaryClassToClass.ps1 +++ b/scripts/Add-ADSchemaAuxiliaryClassToClass.ps1 @@ -19,22 +19,42 @@ The structural class you are adding an Auxiliary Class to.. .EXAMPLE + To administer Active Directory: PS> Add-ADSchemaAuxiliaryClassToClass -AuxiliaryClass asTest -Class User + To administer ADLDS: + PS> Add-ADSchemaAuxiliaryClassToClass -AuxiliaryClass asTest -Class User -ADLDS $True -ADLDSService myadldsservice:1234 Set the asTest class as an aux class of the User class. #> Function Add-ADSchemaAuxiliaryClassToClass { param( - [Parameter()] - $AuxiliaryClass, - - [Parameter()] - $Class + [Parameter(Mandatory=$True)] + [String]$AuxiliaryClass, + [Parameter(Mandatory=$True)] + [String]$Class, + [Parameter(Mandatory=$False)] + [Boolean]$ADLDS, + [Parameter(Mandatory=$False)] + [String]$ADLDSService ) - - $schemaPath = (Get-ADRootDSE).schemaNamingContext - $auxClass = Get-ADObject -SearchBase $schemaPath -Filter "name -eq `'$AuxiliaryClass`'" -Properties governsID - $classToAddTo = Get-ADObject -SearchBase $schemaPath -Filter "name -eq `'$Class`'" - $classToAddTo | Set-ADObject -Add @{auxiliaryClass = $($auxClass.governsID)} +If (!$ADLDS) + { + $schemaPath = (Get-ADRootDSE).schemaNamingContext + $auxClass = Get-ADObject -SearchBase $schemaPath -Filter "name -eq `'$AuxiliaryClass`'" -Properties governsID + $classToAddTo = Get-ADObject -SearchBase $schemaPath -Filter "name -eq `'$Class`'" + $classToAddTo | Set-ADObject -Add @{auxiliaryClass = $($auxClass.governsID)} + } +ElseIf ($ADLDS -eq $True) + { + If (!$ADLDSService) + { + $ADLDSService = 'localhost:389' + } + $DirectoryContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $ADLDSService) + $schemaPath = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($DirectoryContext) + $auxClass = Get-ADObject -SearchBase $schemaPath -server $ADLDSService -Filter "name -eq `'$AuxiliaryClass`'" -Properties governsID + $classToAddTo = Get-ADObject -SearchBase $schemaPath -server $ADLDSService -Filter "name -eq `'$Class`'" + $classToAddTo | Set-ADObject -Add @{auxiliaryClass = $($auxClass.governsID)} + } } \ No newline at end of file diff --git a/scripts/Get-ADSchemaAttribute.ps1 b/scripts/Get-ADSchemaAttribute.ps1 index e43f23f..d5ec845 100644 --- a/scripts/Get-ADSchemaAttribute.ps1 +++ b/scripts/Get-ADSchemaAttribute.ps1 @@ -3,22 +3,57 @@ Gets attributes in an AD Schema .DESCRIPTION Gets attributes in an AD Schema + +.PARAMETER Attribute + The attribute that you wish to search for. + +.PARAMETER Class + The Structural Class you wish to query. + +.PARAMETER ADLDS + Boolean - $True to administer ADLDS + +.PARAMETER ADLDSService + Hostname and port in format hostname:port + Defaults to localhost:389 + .EXAMPLE Get-ADSchemaAttribute -class User -Attribute c* .EXAMPLE Get-ADSchemaAttribute -class asTestClass -attribute asFavoriteColor +.EXAMPLE + Get-ADSchemaAttribute -class User -Attribute c* -ADLDS $True -ADLDSService myadldsservice:1234 +.EXAMPLE + Get-ADSchemaAttribute -class asTestClass -attribute asFavoriteColor -ADLDS $True -ADLDSService myadldsservice:1234 #> Function Get-ADSchemaAttribute { param( - - [Parameter()] - $Attribute = '*', - - [Parameter()] - $Class = 'user' + [Parameter(Mandatory=$False)] + [String]$Attribute = '*', + [Parameter(Mandatory=$False)] + [String]$Class = 'user', + [Parameter(Mandatory=$False)] + [Boolean]$ADLDS, + [Parameter(Mandatory=$False)] + [String]$ADLDSService ) + If ($ADLDS -eq $NULL) + { $schema = [directoryservices.activedirectory.activedirectoryschema]::getcurrentschema() $attributes = $schema.FindClass($Class).mandatoryproperties $attributes += $schema.FindClass($Class).optionalproperties return $attributes | Where-Object {$_.Name -like $Attribute} + } + ElseIf ($ADLDS -eq $True) + { + If (!$ADLDSService) + { + $ADLDSService = 'localhost:389' + } + $DirectoryContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $ADLDSService) + $schema = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($DirectoryContext) + $attributes = $schema.FindClass($Class).mandatoryproperties + $attributes += $schema.FindClass($Class).optionalproperties + return $attributes | Where-Object {$_.Name -like $Attribute} + } } \ No newline at end of file diff --git a/scripts/Get-ADSchemaClass.ps1 b/scripts/Get-ADSchemaClass.ps1 index 1aa90b3..4ab926d 100644 --- a/scripts/Get-ADSchemaClass.ps1 +++ b/scripts/Get-ADSchemaClass.ps1 @@ -9,18 +9,40 @@ The name of the class you want to search for. Supports wildcards .EXAMPLE - Get-ADSchemaClass -Name User - + To administer Active Directory: + Get-ADSchemaClass -Name User + To administer ADLDS: + Get-ADSchemaClass -Name User -ADLDS $True -ADLDSService myadldsservice:1234 .EXAMPLE - Get-ADSchemaClass com* + To administer Active Directory: + Get-ADSchemaClass com* + To administer ADLDS: + Get-ADSchemaClass com* -ADLDS $True -ADLDSService myadldsservice:1234 #> Function Get-ADSchemaClass { - param( - [Parameter()] - $Class = '*' - ) - - $schema = [directoryservices.activedirectory.activedirectoryschema]::getcurrentschema() + param( + [Parameter(Mandatory=$True)] + [String]$Class = '*', + [Parameter(Mandatory=$False)] + [Boolean]$ADLDS, + [Parameter(Mandatory=$False)] + [String]$ADLDSService + ) +If (!$ADLDS) + { + $schema = [directoryservices.activedirectory.activedirectoryschema]::getcurrentschema() $classes = $schema.FindAllClasses() return $classes | Where-Object {$_.Name -like $Class} + } + ElseIf ($ADLDS -eq $True) + { + If (!$ADLDSService) + { + $ADLDSService = 'localhost:389' + } + $DirectoryContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $ADLDSService) + $schema = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($DirectoryContext) + $classes = $schema.FindAllClasses() + return $classes | Where-Object {$_.Name -like $Class} + } } \ No newline at end of file diff --git a/scripts/Invoke-ADSchemaReload.ps1 b/scripts/Invoke-ADSchemaReload.ps1 index 3aba0da..230b5d6 100644 --- a/scripts/Invoke-ADSchemaReload.ps1 +++ b/scripts/Invoke-ADSchemaReload.ps1 @@ -5,10 +5,32 @@ After the schema has been updated, it needs to be reloaded so your updates can be seen immediately. .EXAMPLE + To administer Active Directory: PS C:\> Invoke-ADSchemaReload + To administer ADLDS + PS C:\> Invoke-ADSchemaReload -ADLDS $True -ADLDSService myadldsservice:1234 #> Function Invoke-ADSchemaReload { - $dse = Get-ADRootDSE - $dse.schemaUpdateNow = $true + param( + [Parameter(Mandatory=$False)] + [Boolean]$ADLDS, + [Parameter(Mandatory=$False)] + [String]$ADLDSService + ) + If (!$ADLDS) + { + $dse = Get-ADRootDSE + $dse.schemaUpdateNow = $true + } + ElseIf ($ADLDS -eq $True) + { + If (!$ADLDSService) + { + $ADLDSService = 'localhost:389' + } + $DirectoryContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $ADLDSService) + $schema = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($DirectoryContext) + $schema.RefreshSchema = $true + } } \ No newline at end of file diff --git a/scripts/New-ADSchemaAttribute.ps1 b/scripts/New-ADSchemaAttribute.ps1 index 11dd90e..4ad7fef 100644 --- a/scripts/New-ADSchemaAttribute.ps1 +++ b/scripts/New-ADSchemaAttribute.ps1 @@ -84,14 +84,31 @@ Function New-ADSchemaAttribute { [Parameter(ValueFromPipelineByPropertyName,ParameterSetName = 'advanced')] [String] - $SchemaAttributeHashTable + $SchemaAttributeHashTable, + + [Parameter(Mandatory=$False)] + [Boolean]$ADLDS, + + [Parameter(Mandatory=$False)] + [String]$ADLDSService ) BEGIN {} PROCESS { - + If (!$ADLDS) + { $schemaPath = (Get-ADRootDSE).schemaNamingContext + } + ElseIf ($ADLDS -eq $True) + { + If (!$ADLDSService) + { + $ADLDSService = 'localhost:389' + } + $DirectoryContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $ADLDSService) + $schemaPath = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($DirectoryContext) + } $type = 'attributeSchema' if($SchemaAttributeHashTable){ $attributes = $SchemaAttributeHashTable diff --git a/scripts/New-ADSchemaClass.ps1 b/scripts/New-ADSchemaClass.ps1 index 4528f0f..ec497cb 100644 --- a/scripts/New-ADSchemaClass.ps1 +++ b/scripts/New-ADSchemaClass.ps1 @@ -26,6 +26,7 @@ .EXAMPLE $oid = New-ADSchemaTestOID New-ADSchemaClass -Name asPerson -AdminDescription 'host custom user attributes' -Category Auxiliary -AttributeID $oid + New-ADSchemaClass -Name asPerson -AdminDescription 'host custom user attributes' -Category Auxiliary -AttributeID $oid -$ADLDS $True -ADLDSService myadldsservice:1234 #> Function New-ADSchemaClass { @@ -45,16 +46,31 @@ Function New-ADSchemaClass { [Parameter(ValueFromPipelinebyPropertyName)] [Alias('OID')] - $AttributeID = (New-ADSchemaTestOID) + $AttributeID = (New-ADSchemaTestOID), + + [Parameter(Mandatory=$False)] + [Boolean]$ADLDS, + + [Parameter(Mandatory=$False)] + [String]$ADLDSService ) BEGIN {} PROCESS { - - $schemaPath = (Get-ADRootDSE).schemaNamingContext - - + If (!$ADLDS) + { + $schemaPath = (Get-ADRootDSE).schemaNamingContext + } + ElseIf ($ADLDS -eq $True) + { + If (!$ADLDSService) + { + $ADLDSService = 'localhost:389' + } + $DirectoryContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $ADLDSService) + $schemaPath = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($DirectoryContext) + } switch ($Category) { 'Auxiliary' {$ObjectCategory = 3} 'Abstract' {$ObjectCategory = 2} From 0a585693db1ef82977e926d325ae15834b2a1e3f Mon Sep 17 00:00:00 2001 From: Jon Bryan Date: Fri, 30 Jun 2017 23:09:03 +0100 Subject: [PATCH 10/11] Author Changed --- .vscode/launch.json | 26 ----- ADSchema.psd1 | Bin 9360 -> 8772 bytes README.md | 28 +++-- en-us/about_adschema.help.txt | 11 +- scripts/Add-ADLDSSchemaAttributeToClass.ps1 | 38 ------- .../Add-ADLDSSchemaAuxiliaryClassToClass.ps1 | 52 --------- scripts/Add-ADSchemaAttributeToClass.ps1 | 16 +-- scripts/Add-ADSchemaAuxiliaryClassToClass.ps1 | 20 +++- scripts/Get-ADLDSSchemaAttribute.ps1 | 30 ------ scripts/Get-ADLDSSchemaClass.ps1 | 34 ------ scripts/Get-ADSchemaAttribute.ps1 | 13 ++- scripts/Get-ADSchemaClass.ps1 | 25 +++-- scripts/Invoke-ADLDSSchemaReload.ps1 | 26 ----- scripts/Invoke-ADSchemaReload.ps1 | 20 +++- scripts/New-ADSchemaAttribute.ps1 | 100 +++++++++++------- scripts/New-ADSchemaClass.ps1 | 61 +++++++---- 16 files changed, 202 insertions(+), 298 deletions(-) delete mode 100644 .vscode/launch.json delete mode 100644 scripts/Add-ADLDSSchemaAttributeToClass.ps1 delete mode 100644 scripts/Add-ADLDSSchemaAuxiliaryClassToClass.ps1 delete mode 100644 scripts/Get-ADLDSSchemaAttribute.ps1 delete mode 100644 scripts/Get-ADLDSSchemaClass.ps1 delete mode 100644 scripts/Invoke-ADLDSSchemaReload.ps1 diff --git a/.vscode/launch.json b/.vscode/launch.json deleted file mode 100644 index 19505d3..0000000 --- a/.vscode/launch.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "version": "0.2.0", - "configurations": [ - { - "type": "PowerShell", - "request": "launch", - "name": "PowerShell Launch (current file)", - "script": "${file}", - "args": [], - "cwd": "${file}" - }, - { - "type": "PowerShell", - "request": "attach", - "name": "PowerShell Attach to Host Process", - "processId": "${command.PickPSHostProcess}", - "runspaceId": 1 - }, - { - "type": "PowerShell", - "request": "launch", - "name": "PowerShell Interactive Session", - "cwd": "${workspaceRoot}" - } - ] -} \ No newline at end of file diff --git a/ADSchema.psd1 b/ADSchema.psd1 index 940d817ed87447437f2e5bb2145f59473de3a401..64158a19602f17a6d48bd886f3cd910419ab51e5 100644 GIT binary patch delta 83 zcmbQ>dBkOd8LOZILq015$Zk4Wfs&SAL5X47P<_Uac4+n wC_&RBKlz@}6dbb3!p)P}gbWy!Cl?BfvO;WW6;_=5OxSDkJwc((_k`2<0By7-od5s; diff --git a/README.md b/README.md index 665a0dc..5198c74 100644 --- a/README.md +++ b/README.md @@ -1,27 +1,35 @@ # ADSchema -A PowerShell Module that can be used to update the schema in Active Directory +A PowerShell Module that can be used to update the schema in Active Directory or ADLDS # Installation -Copy module files to PSModulePath, typically C:\Program Files\WindowsPowerShell\Modules\ +Copy module folder and all files to PSModulePath, typically C:\Program Files\WindowsPowerShell\Modules\ In a new PowerShell instance, import the module for use: `Import-Module ADSchema` # Example ``` -New-ADSchemaAttribute -Name asFavColor -Description 'User Favorite Color' -AttributeType String -New-ADSchemaClass asPerson -AdminDescription 'Person Class to host custom attributes' -Category Auxiliary -Add-ADSchemaAttributeToClass -Attribute asFavColor -Class asPerson -Add-ADSchemaAuxiliaryClassToClass -AuxiliaryClass asPerson -Class user -set-aduser andy -add @{'asFavColor' = 'blue'} -get-aduser andy -properties asFavColor + For Active Directory Administration: + New-ADSchemaAttribute -Name asFavColor -Description 'User Favorite Color' -AttributeType String + New-ADSchemaClass asPerson -AdminDescription 'Person Class to host custom attributes' -Category Auxiliary + Add-ADSchemaAttributeToClass -Attribute asFavColor -Class asPerson + Add-ADSchemaAuxiliaryClassToClass -AuxiliaryClass asPerson -Class user + Set-ADuser andy -add @{'asFavColor' = 'blue'} + Get-ADuser andy -properties asFavColor + + For ADLDS Administration: + Get-ADSchemaAttribute -class asTestClass -attribute asFavoriteColor -ADLDS $True + New-ADSchemaAttribute -Name as-favoriteColor -Description 'Favorite Color' -IsSingleValued $true -AttributeType String -AtributeID $oid -$ADLDS $True + New-ADSchemaClass -Name asPerson -AdminDescription 'host custom user attributes' -Category Auxiliary -AttributeID $oid -ADLDS $True -ADLDSService myadldsservice:1234 + Add-ADSchemaAttributeToClass -AuxiliaryClass asTest -Class User -ADLDS $True -ADLDSService myadldsservice:1234 + Add-ADSchemaAuxiliaryClassToClass -AuxiliaryClass asTest -Class User -ADLDS $True ``` # Overview -The purpose of this module is to allow users to easily add attributes and classes to the schema of Active Directory. Editing the schema is often a daunting task and requires knowledge of several details that most people do not think about on a regular basis. +The purpose of this module is to allow users to easily add attributes and classes to the schema of Active Directory. Editing the schema is often a daunting task and requires knowledge of several details that most people do not think about on a regular basis. There is also a lot of fear when it comes to manually adding attributes, because it is a task that cannot be undone. Attributes in AD can be disabled, but they cannot be deleted. -Most of the time, an AD Administrator will want to add a handful of attributes to either user or computer objects for some reason or another. Maybe you want to store a computer's warranty expiration date in AD or you want to put some data you have in your HR System in AD for users,but there isn't a good fit with the out of the box attributes. Attributes should typically be named with a prefix. If I was creating a warranty expiration attribute for my computers, I would use soemthing like as-warrantyDate. +Most of the time, an AD Administrator will want to add a handful of attributes to either user or computer objects for some reason or another. Maybe you want to store a computer's warranty expiration date in AD or you want to put some data you have in your HR System in AD for users, but there isn't a good fit with the out of the box attributes. Attributes should typically be named with a prefix. If I was creating a warranty expiration attribute for my computers, I would use soemthing like as-warrantyDate. Usually, the best practice is to create your new attributes, and then also create a new class. The new class should be an Auxiliary class. This essentially means that it can extend an existing class. diff --git a/en-us/about_adschema.help.txt b/en-us/about_adschema.help.txt index 1cb831a..ddf4184 100644 --- a/en-us/about_adschema.help.txt +++ b/en-us/about_adschema.help.txt @@ -31,6 +31,8 @@ LONG DESCRIPTION http://pen.iana.org/pen/PenApplication.page. EXAMPLES + + For Active Directory Administration: New-ADSchemaAttribute -Name asFavColor -Description 'User Favorite Color' -AttributeType String New-ADSchemaClass asPerson -AdminDescription 'Person Class to host custom attributes' -Category Auxiliary Add-ADSchemaAttributeToClass -Attribute asFavColor -Class asPerson @@ -38,5 +40,12 @@ EXAMPLES Set-ADuser andy -add @{'asFavColor' = 'blue'} Get-ADuser andy -properties asFavColor + For ADLDS Administration: + Get-ADSchemaAttribute -class asTestClass -attribute asFavoriteColor -ADLDS $True + New-ADSchemaAttribute -Name as-favoriteColor -Description 'Favorite Color' -IsSingleValued $true -AttributeType String -AtributeID $oid -$ADLDS $True + New-ADSchemaClass -Name asPerson -AdminDescription 'host custom user attributes' -Category Auxiliary -AttributeID $oid -ADLDS $True -ADLDSService myadldsservice:1234 + Add-ADSchemaAttributeToClass -AuxiliaryClass asTest -Class User -ADLDS $True -ADLDSService myadldsservice:1234 + Add-ADSchemaAuxiliaryClassToClass -AuxiliaryClass asTest -Class User -ADLDS $True + KEYWORDS - AD ActiveDirectory Schema + AD ActiveDirectory Schema ADLDS diff --git a/scripts/Add-ADLDSSchemaAttributeToClass.ps1 b/scripts/Add-ADLDSSchemaAttributeToClass.ps1 deleted file mode 100644 index a649615..0000000 --- a/scripts/Add-ADLDSSchemaAttributeToClass.ps1 +++ /dev/null @@ -1,38 +0,0 @@ -<# -.SYNOPSIS - Adds an attribute to a class. - -.DESCRIPTION - Add a New Custom Class to an existing Structural Class in ADLDS. - - For example if you want to add attributes to the User Class: - 1. Create a new Auxiliary Class. - 2. Add Attributes to that new Auxiliary Class. - 3. Assign the new class as an Auxiliary Class to the User Class. - -.PARAMETER ADLDSService - Hostname and port in format hostname:port - Defaults to localhost:389 - -.PARAMETER AuxiliaryClass - The class that will be holding the new attributes you are creating. - This will be an Auxiliary Class of the structural class. - -.PARAMETER Class - The Structural Class you are adding an Auxiliary Class to. - -.EXAMPLE - PS> Add-ADSchemaAuxiliaryClassToClass -AuxiliaryClass asTest -Class User - Set the 'asTest' class as an Auxiliary Class of the User Class. -#> - -Function Add-ADLDSSchemaAttributeToClass { -param( - $Attribute, - $Class -) - $DirectoryContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $ADLDSService) - $schemaPath = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($DirectoryContext) - $Schema = Get-ADObject -SearchBase $schemaPath -Filter "name -eq `'$Class`'" - $Schema | Set-ADObject -Add @{mayContain = $Attribute} -} \ No newline at end of file diff --git a/scripts/Add-ADLDSSchemaAuxiliaryClassToClass.ps1 b/scripts/Add-ADLDSSchemaAuxiliaryClassToClass.ps1 deleted file mode 100644 index d71833b..0000000 --- a/scripts/Add-ADLDSSchemaAuxiliaryClassToClass.ps1 +++ /dev/null @@ -1,52 +0,0 @@ -<# -.SYNOPSIS - Adds an Auxiliary Class to a Structural Class. - -.DESCRIPTION - Add a new Custom Class to an existing Structural Class in ADLDS. - - For example if you want to add attributes to the user class, you should: - - 1) Create a new Auxiliary Class. - 2) Add attributes to that Auxiliary Class. - 3) Finally assign the New Class as an Auxiliary Class to the User Class. - -.PARAMETER ADLDSService - Hostname and port in format hostname:port - Defaults to localhost:389 - -.PARAMETER AuxiliaryClass - The class that will be holding the new attributes you are creating. - This will be an auxiliary class of the structural class. - -.PARAMETER Class - The structural class you are adding an Auxiliary Class to.. - -.EXAMPLE - PS> Add-ADSchemaAuxiliaryClassToClass -AuxiliaryClass asTest -Class User - Set the asTest class as an aux class of the User class. - -.EXAMPLE - PS> Add-ADSchemaAuxiliaryClassToClass -ADLDSService myserver.mydomain:1036 -AuxiliaryClass asTest -Class User - On a non-default server, set the asTest class as an aux class of the User class. -#> - -Function Add-ADLDSSchemaAuxiliaryClassToClass { - param( - - [Parameter()] - $ADLDSService = 'localhost:389', - - [Parameter()] - $AuxiliaryClass, - - [Parameter()] - $Class - ) - - $DirectoryContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $ADLDSService) - $schemaPath = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($DirectoryContext) - $auxClass = Get-ADObject -SearchBase $schemaPath -server $ADLDSService -Filter "name -eq `'$AuxiliaryClass`'" -Properties governsID - $classToAddTo = Get-ADObject -SearchBase $schemaPath -server $ADLDSService -Filter "name -eq `'$Class`'" - $classToAddTo | Set-ADObject -Add @{auxiliaryClass = $($auxClass.governsID)} -} \ No newline at end of file diff --git a/scripts/Add-ADSchemaAttributeToClass.ps1 b/scripts/Add-ADSchemaAttributeToClass.ps1 index a024be4..2a04857 100644 --- a/scripts/Add-ADSchemaAttributeToClass.ps1 +++ b/scripts/Add-ADSchemaAttributeToClass.ps1 @@ -25,12 +25,16 @@ Defaults to localhost:389 .EXAMPLE - To administer Active Directory: - PS> Add-ADSchemaAuxiliaryClassToClass -AuxiliaryClass asTest -Class User + Add-ADSchemaAttributeToClass -Attribute asFavoriteColor -Class User + Active Directory: Add the attribute 'asFavoriteColor' to the User Class + +.EXAMPLE + Add-ADSchemaAttributeToClass -AuxiliaryClass asTest -Class User -ADLDS $True + ADLDS: Add the attribute 'asFavoriteColor' to the User Class in the default ADLDS instance on localhost:389 + .EXAMPLE - To administer ADLDS: - PS> Add-ADSchemaAuxiliaryClassToClass -AuxiliaryClass asTest -Class User -ADLDS $True -ADLDSService myadldsservice:1234 - Set the 'asTest' class as an Auxiliary Class of the User Class. + Add-ADSchemaAttributeToClass -AuxiliaryClass asTest -Class User -ADLDS $True -ADLDSService myadldsservice:1234 + ADLDS: Add the attribute 'asFavoriteColor' to the User Class of an ADLDS instance named myadldsservice:1234 #> Function Add-ADSchemaAttributeToClass { @@ -58,7 +62,7 @@ If (!$ADLDS) } $DirectoryContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $ADLDSService) $schemaPath = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($DirectoryContext) - $Schema = Get-ADObject -SearchBase $schemaPath -Filter "name -eq `'$Class`'" + $Schema = Get-ADObject -Server $ADLDSService -SearchBase $schemaPath -Filter "name -eq `'$Class`'" $Schema | Set-ADObject -Add @{mayContain = $Attribute} } } \ No newline at end of file diff --git a/scripts/Add-ADSchemaAuxiliaryClassToClass.ps1 b/scripts/Add-ADSchemaAuxiliaryClassToClass.ps1 index ae2f8ce..895d976 100644 --- a/scripts/Add-ADSchemaAuxiliaryClassToClass.ps1 +++ b/scripts/Add-ADSchemaAuxiliaryClassToClass.ps1 @@ -18,12 +18,24 @@ .PARAMETER Class The structural class you are adding an Auxiliary Class to.. +.PARAMETER ADLDS + Boolean - $True to administer ADLDS + +.PARAMETER ADLDSService + Hostname and port in format hostname:port + Defaults to localhost:389 + +.EXAMPLE + PS> Add-ADSchemaAuxiliaryClassToClass -AuxiliaryClass asTest -Class User + Active Directory: Set the asTest class as an aux class of the User class. + +.EXAMPLE + PS> Add-ADSchemaAuxiliaryClassToClass -AuxiliaryClass asTest -Class User -ADLDS $True + ADLDS: Set the asTest class as an aux class of the User class of the default ADLDS instance on localhost:389 + .EXAMPLE - To administer Active Directory: - PS> Add-ADSchemaAuxiliaryClassToClass -AuxiliaryClass asTest -Class User - To administer ADLDS: PS> Add-ADSchemaAuxiliaryClassToClass -AuxiliaryClass asTest -Class User -ADLDS $True -ADLDSService myadldsservice:1234 - Set the asTest class as an aux class of the User class. + ADLDS: Set the asTest class as an aux class of the User class of an ADLDS instance named myadldsservice:1234 #> diff --git a/scripts/Get-ADLDSSchemaAttribute.ps1 b/scripts/Get-ADLDSSchemaAttribute.ps1 deleted file mode 100644 index fff7dbc..0000000 --- a/scripts/Get-ADLDSSchemaAttribute.ps1 +++ /dev/null @@ -1,30 +0,0 @@ -<# -.Synopsis - Gets attributes in an ADLDS Schema (default server:port = localhost:389) -.DESCRIPTION - Gets attributes in an ADLDS Schema (default server:port = localhost:389) -.EXAMPLE - Get-ADSchemaAttribute -class User -Attribute c* -.EXAMPLE - Get-ADSchemaAttribute -class asTestClass -attribute asFavoriteColor -.EXAMPLE - Get-ADSchemaAttribute -ADLDSService myserver.mydomain:1036 -class asTestClass -attribute asFavoriteColor -#> -Function Get-ADLDSSchemaAttribute { - param( - - [Parameter()] - $ADLDSService = 'localhost:389', - - [Parameter()] - $Attribute = '*', - - [Parameter()] - $Class = 'user' - ) - $DirectoryContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $ADLDSService) - $schema = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($DirectoryContext) - $attributes = $schema.FindClass($Class).mandatoryproperties - $attributes += $schema.FindClass($Class).optionalproperties - return $attributes | Where-Object {$_.Name -like $Attribute} -} \ No newline at end of file diff --git a/scripts/Get-ADLDSSchemaClass.ps1 b/scripts/Get-ADLDSSchemaClass.ps1 deleted file mode 100644 index cbbc057..0000000 --- a/scripts/Get-ADLDSSchemaClass.ps1 +++ /dev/null @@ -1,34 +0,0 @@ -<# -.SYNOPSIS - Gets classes in an ADLDS Schema (default server:port = localhost:389) - -.DESCRIPTION - Use this function to list or search for existing classes in the ADLDS Schema (default server:port = localhost:389) - -.PARAMETER Class - The name of the class you want to search for. Supports wildcards - -.EXAMPLE - Get-ADSchemaClass -Name User - -.EXAMPLE - Get-ADSchemaClass com* - -.EXAMPLE - Get-ADSchemaClass -ADLDSService myserver.mydomain:1036 -Name User -#> -Function Get-ADLDSSchemaClass { - param( - - [Parameter()] - $ADLDSService = 'localhost:389', - - [Parameter()] - $Class = '*' - ) - - $DirectoryContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $ADLDSService) - $schema = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($DirectoryContext) - $classes = $schema.FindAllClasses() - return $classes | Where-Object {$_.Name -like $Class} -} \ No newline at end of file diff --git a/scripts/Get-ADSchemaAttribute.ps1 b/scripts/Get-ADSchemaAttribute.ps1 index d5ec845..6b05796 100644 --- a/scripts/Get-ADSchemaAttribute.ps1 +++ b/scripts/Get-ADSchemaAttribute.ps1 @@ -18,13 +18,18 @@ Defaults to localhost:389 .EXAMPLE - Get-ADSchemaAttribute -class User -Attribute c* + Get-ADSchemaAttribute -class User -Attribute c* .EXAMPLE - Get-ADSchemaAttribute -class asTestClass -attribute asFavoriteColor + Get-ADSchemaAttribute -class asTestClass -attribute asFavoriteColor .EXAMPLE - Get-ADSchemaAttribute -class User -Attribute c* -ADLDS $True -ADLDSService myadldsservice:1234 + Get-ADSchemaAttribute -class User -Attribute c* -ADLDS $True -ADLDSService myadldsservice:1234 + ADLDS: Get all attributes starting with "c" from the user class from the ADLDS instance named myadldsservice:1234 .EXAMPLE - Get-ADSchemaAttribute -class asTestClass -attribute asFavoriteColor -ADLDS $True -ADLDSService myadldsservice:1234 + Get-ADSchemaAttribute -class asTestClass -attribute asFavoriteColor -ADLDS $True + ADLDS: Get the attribute named asFavoriteColor from the class asTestClass from the default ADLDS instance on localhost:389 +.EXAMPLE + Get-ADSchemaAttribute -class asTestClass -attribute asFavoriteColor -ADLDS $True -ADLDSService myadldsservice:1234 + ADLDS: Get the attribute named asFavoriteColor from the class asTestClass from the ADLDS instance named myadldsservice:1234 #> Function Get-ADSchemaAttribute { param( diff --git a/scripts/Get-ADSchemaClass.ps1 b/scripts/Get-ADSchemaClass.ps1 index 4ab926d..de193cc 100644 --- a/scripts/Get-ADSchemaClass.ps1 +++ b/scripts/Get-ADSchemaClass.ps1 @@ -8,16 +8,27 @@ .PARAMETER Class The name of the class you want to search for. Supports wildcards +.PARAMETER ADLDS + Boolean - $True to administer ADLDS + +.PARAMETER ADLDSService + Hostname and port in format hostname:port + Defaults to localhost:389 + .EXAMPLE - To administer Active Directory: Get-ADSchemaClass -Name User - To administer ADLDS: - Get-ADSchemaClass -Name User -ADLDS $True -ADLDSService myadldsservice:1234 -.EXAMPLE - To administer Active Directory: + Active Directory: Get the user class + .EXAMPLE Get-ADSchemaClass com* - To administer ADLDS: - Get-ADSchemaClass com* -ADLDS $True -ADLDSService myadldsservice:1234 + Active Directory: Get classes starting with "com" + +.EXAMPLE + Get-ADSchemaClass -Name User -ADLDS $True -ADLDSService myadldsservice:1234 + ADLDS: Get the user class from the ADLDS instance named myadldsservice:1234 + +.EXAMPLE + Get-ADSchemaClass -Name User -ADLDS $True + ADLDS: Get the user class from the default ADLDS instance on localhost:389 #> Function Get-ADSchemaClass { param( diff --git a/scripts/Invoke-ADLDSSchemaReload.ps1 b/scripts/Invoke-ADLDSSchemaReload.ps1 deleted file mode 100644 index e913fab..0000000 --- a/scripts/Invoke-ADLDSSchemaReload.ps1 +++ /dev/null @@ -1,26 +0,0 @@ -<# -.SYNOPSIS - Reloads the ADLDS Schema -.DESCRIPTION - After the schema has been updated, it needs to be reloaded so your updates - can be seen immediately. - -.EXAMPLE - Using the default server and port (localhost:389) - PS C:\> Invoke-ADSchemaReload - -.EXAMPLE - Using a custom server and port - PS C:\> Invoke-ADSchemaReload -ADLDSService myserver.mydomain:1036 -#> - -Function Invoke-ADLDSSchemaReload { - param( - [Parameter()] - $ADLDSService = 'localhost:389' - ) - - $DirectoryContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $ADLDSService) - $schema = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($DirectoryContext) - $schema.RefreshSchema = $true -} \ No newline at end of file diff --git a/scripts/Invoke-ADSchemaReload.ps1 b/scripts/Invoke-ADSchemaReload.ps1 index 230b5d6..9faf54d 100644 --- a/scripts/Invoke-ADSchemaReload.ps1 +++ b/scripts/Invoke-ADSchemaReload.ps1 @@ -4,11 +4,25 @@ .DESCRIPTION After the schema has been updated, it needs to be reloaded so your updates can be seen immediately. + +.PARAMETER ADLDS + Boolean - $True to administer ADLDS + +.PARAMETER ADLDSService + Hostname and port in format hostname:port + Defaults to localhost:389 + .EXAMPLE - To administer Active Directory: PS C:\> Invoke-ADSchemaReload - To administer ADLDS + To administer Active Directory (default) + +.EXAMPLE + PS C:\> Invoke-ADSchemaReload -ADLDS $True + To administer the default ADLDS instance on localhost:389 + +.EXAMPLE PS C:\> Invoke-ADSchemaReload -ADLDS $True -ADLDSService myadldsservice:1234 + To administer the ADLDS instance named myadldsservice:1234 #> Function Invoke-ADSchemaReload { @@ -31,6 +45,6 @@ Function Invoke-ADSchemaReload { } $DirectoryContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer, $ADLDSService) $schema = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($DirectoryContext) - $schema.RefreshSchema = $true + $schema.RefreshSchema() } } \ No newline at end of file diff --git a/scripts/New-ADSchemaAttribute.ps1 b/scripts/New-ADSchemaAttribute.ps1 index 4ad7fef..2d7bb92 100644 --- a/scripts/New-ADSchemaAttribute.ps1 +++ b/scripts/New-ADSchemaAttribute.ps1 @@ -1,56 +1,71 @@ <# .SYNOPSIS - Create a new attribute in the Active Directory Schema + Create a new attribute in the Active Directory Schema .DESCRIPTION - New-ADSchemaAttribute will add a new attribute to the AD Schema. Once the new attribute - is created, you will need to add it to a class. AD Schema best practices suggest - that you: + New-ADSchemaAttribute will add a new attribute to the AD Schema. Once the new attribute + is created, you will need to add it to a class. AD Schema best practices suggest + that you: - 1) Create a new Auxiliary Class. - 2) Add your attribute to that class. - 3) Add your Auxiliary Class (containing your new Attribute) to an Existing Class. - - See help about_ADSchema for more details + 1) Create a new Auxiliary Class. + 2) Add your attribute to that class. + 3) Add your Auxiliary Class (containing your new Attribute) to an Existing Class. + + See help about_ADSchema for more details .PARAMETER Name - The name of the attribute you are creating. This will be the CN and the LDAP - Display Name. Using a standard prefix is a good practice to follow. + The name of the attribute you are creating. This will be the CN and the LDAP + Display Name. Using a standard prefix is a good practice to follow. .PARAMETER Description - The Administrator description is a short description that is added as metadata to the - attribute. Should not be much more than 3 or 4 words. + The Administrator description is a short description that is added as metadata to the + attribute. Should not be much more than 3 or 4 words. .PARAMETER IsSingleValued - Determine whether the new attribute can hold one value or an array of values. + Determine whether the new attribute can hold one value or an array of values. .PARAMETER AttributeType - Determines what type of attribute you are creating. Use a DN to create an attribute - that will hold a reference to another object in Active Directory. One example of an - existing DN attribute is a user's manager, or a group's "ManagedBy" attribute. - Strings are case-insenstive. + Determines what type of attribute you are creating. Use a DN to create an attribute + that will hold a reference to another object in Active Directory. One example of an + existing DN attribute is a user's manager, or a group's "ManagedBy" attribute. + Strings are case-insenstive. .PARAMETER AttributeID - AttributeID is the Object Identifier (OID) for the new attribute. OIDs have a - specific syntax that looks something like '1.2.840.113556.1.8000.2554.13769.13577.20614' - You can use the New-ADSchemaTestOid to generate one. However, in production, you should - use your own OID based on your company's defined OID structure and your Private Enterprise - Number. For more inforation, please look at help about_ADSchema. + AttributeID is the Object Identifier (OID) for the new attribute. OIDs have a + specific syntax that looks something like '1.2.840.113556.1.8000.2554.13769.13577.20614' + You can use the New-ADSchemaTestOid to generate one. However, in production, you should + use your own OID based on your company's defined OID structure and your Private Enterprise + Number. For more inforation, please look at help about_ADSchema. .PARAMETER SchemaAttributeHashTable - This parameter is the rope that will let you hang yourself if you are not careful. It is - for advanced users that want to generate highly customized attributes. Any of the attributes - found in https://technet.microsoft.com/en-us/library/cc961746.aspx could be used. - You will need to store them in a hashtable with their corresponding values. Using a custom - hashtable, you can specify any of the attributes in attributeSchema objects and use any - attributeSyntax you want. + This parameter is the rope that will let you hang yourself if you are not careful. It is + for advanced users that want to generate highly customized attributes. Any of the attributes + found in https://technet.microsoft.com/en-us/library/cc961746.aspx could be used. + You will need to store them in a hashtable with their corresponding values. Using a custom + hashtable, you can specify any of the attributes in attributeSchema objects and use any + attributeSyntax you want. + +.PARAMETER ADLDS + Boolean - $True to administer ADLDS + +.PARAMETER ADLDSService + Hostname and port in format hostname:port + Defaults to localhost:389 + +.EXAMPLE + $oid = New-ADSchemaTestOID + New-ADSchemaAttribute -Name as-favoriteColor -Description 'Favorite Color' -IsSingleValued $true -AttributeType String -AtributeID $oid + Active Directory: Create the new Active Directory attribute named as-favoriteColor .EXAMPLE - $oid = New-ADSchemaTestOID - New-ADSchemaAttribute -Name as-favoriteColor -Description 'Favorite Color' -IsSingleValued $true -AttributeType String -AtributeID $oid - + $oid = New-ADSchemaTestOID + New-ADSchemaAttribute -Name as-favoriteColor -Description 'Favorite Color' -IsSingleValued $true -AttributeType String -AtributeID $oid -$ADLDS $True + ADLDS: Create the new attribute named as-favoriteColor in the default ADLDS instance on localhost:389 + .EXAMPLE - $hash - Get-ADSchemaClass com* + $oid = New-ADSchemaTestOID + New-ADSchemaAttribute -Name as-favoriteColor -Description 'Favorite Color' -IsSingleValued $true -AttributeType String -AtributeID $oid -$ADLDS $True -ADLDSService myadldsservice:1234 + ADLDS: Create the new attribute named as-favoriteColor in an ADLDS instance named myadldsservice:1234 #> Function New-ADSchemaAttribute { @@ -73,7 +88,7 @@ Function New-ADSchemaAttribute { $IsSingleValued = $True, [Parameter(Mandatory, ValueFromPipelinebyPropertyName, ParameterSetName = 'basic')] - [ValidateSet('String','StringOctet','DN','Int','GeneralizedTime','Boolean')] + [ValidateSet('String','UnicodeString','StringOctet','DN','Int','GeneralizedTime','Boolean')] [String] $AttributeType , @@ -117,6 +132,7 @@ Function New-ADSchemaAttribute { # based on https://technet.microsoft.com/en-us/library/cc961740.aspx switch ($AttributeType) { 'String' {$attributeSyntax = '2.5.5.4'; $omSyntax = 20} + 'UnicodeString' {$attributeSyntax = '2.5.5.12'; $omSyntax = 64} 'StringOctet' {$attributeSyntax = '2.5.5.10'; $omSyntax = 4} 'DN' {$attributeSyntax = '2.5.5.1'; $omSyntax = 127} 'Int' {$attributeSyntax = '2.5.5.9'; $omSyntax = 2} @@ -143,11 +159,17 @@ Function New-ADSchemaAttribute { Write-Warning 'You are using a test OID. For Production use, use an OID with your registered PEN. See help about_adschema for more details. ' } - if ($PSCmdlet.ShouldProcess($ConfirmationMessage, $Caption)) { - New-ADObject -Name $Name -Type $type -Path $schemapath -OtherAttributes $attributes + if ($PSCmdlet.ShouldProcess($ConfirmationMessage, $Caption)) + { + If (!$ADLDS) + { + New-ADObject -Name $Name -Type $type -Path $schemapath -OtherAttributes $attributes + } + ElseIf ($ADLDS -eq $True) + { + New-ADObject -Name $Name -Type $type -Path $schemapath -Server $ADLDSService -OtherAttributes $attributes + } } } - END {} - -} \ No newline at end of file + } diff --git a/scripts/New-ADSchemaClass.ps1 b/scripts/New-ADSchemaClass.ps1 index ec497cb..2629ba6 100644 --- a/scripts/New-ADSchemaClass.ps1 +++ b/scripts/New-ADSchemaClass.ps1 @@ -1,32 +1,49 @@ <# .SYNOPSIS - Create a new class in the Active Directory Schema + Create a new class in the Active Directory Schema .DESCRIPTION - New-ADSchemaClass will add a new class to the AD Schema. The majority of - the time, any new classes will likely be an Auxiliary Class. It is a best - practice to create an auxiliary class and add it as an auxliary class to - an existing class. + New-ADSchemaClass will add a new class to the AD Schema. The majority of + the time, any new classes will likely be an Auxiliary Class. It is a best + practice to create an auxiliary class and add it as an auxliary class to + an existing class. .PARAMETER Name - The name of the attribute you are creating. This will be the CN and the LDAP - Display Name, and Admin Display Name. Using a standard prefix is a good - practice to follow. + The name of the attribute you are creating. This will be the CN and the LDAP + Display Name, and Admin Display Name. Using a standard prefix is a good + practice to follow. .PARAMETER AdminDescription - This is the description of the class being created. Usually, a 3 or 4 word - description is sufficient. + This is the description of the class being created. Usually, a 3 or 4 word + description is sufficient. .PARAMETER Category - 99% of the time, you will chose an Auxiliary class. Becuase of this, the - default value is automatically set to Auxililary. Please see - https://technet.microsoft.com/en-us/library/cc961751.aspx for info - on other categories if you wish to overwrite. + 99% of the time, you will chose an Auxiliary class. Becuase of this, the + default value is automatically set to Auxililary. Please see + https://technet.microsoft.com/en-us/library/cc961751.aspx for info + on other categories if you wish to overwrite. +.PARAMETER ADLDS + Boolean - $True to administer ADLDS + +.PARAMETER ADLDSService + Hostname and port in format hostname:port + Defaults to localhost:389 + +.EXAMPLE + $oid = New-ADSchemaTestOID + New-ADSchemaClass -Name asPerson -AdminDescription 'host custom user attributes' -Category Auxiliary -AttributeID $oid + Create an new schema class named asPerson + .EXAMPLE - $oid = New-ADSchemaTestOID - New-ADSchemaClass -Name asPerson -AdminDescription 'host custom user attributes' -Category Auxiliary -AttributeID $oid - New-ADSchemaClass -Name asPerson -AdminDescription 'host custom user attributes' -Category Auxiliary -AttributeID $oid -$ADLDS $True -ADLDSService myadldsservice:1234 + $oid = New-ADSchemaTestOID + New-ADSchemaClass -Name asPerson -AdminDescription 'host custom user attributes' -Category Auxiliary -AttributeID $oid -ADLDS $True + ADLDS: Create an new schema class named asPerson in the default ADLDS instance on localhost:389 + +.EXAMPLE + $oid = New-ADSchemaTestOID + New-ADSchemaClass -Name asPerson -AdminDescription 'host custom user attributes' -Category Auxiliary -AttributeID $oid -ADLDS $True -ADLDSService myadldsservice:1234 + ADLDS: Create an new schema class named asPerson in the ADLDS instance named myadldsservice:1234 #> Function New-ADSchemaClass { @@ -98,7 +115,15 @@ Function New-ADSchemaClass { Write-Warning 'You are using a test OID. For Production use, use an OID with your registered PEN. See help about_adschema for more details. ' } if ($PSCmdlet.ShouldProcess($ConfirmationMessage, $Caption)) { - New-ADObject -Name $Name -Type 'classSchema' -Path $schemapath -OtherAttributes $attributes + +If (!$ADLDS) + { + New-ADObject -Name $Name -Type 'classSchema' -Path $schemapath -OtherAttributes $attributes + } + ElseIf ($ADLDS -eq $True) + { + New-ADObject -Name $Name -Type 'classSchema' -Path $schemapath -Server $ADLDSService -OtherAttributes $attributes + } } } From 203de7529815bd8d2fb9f360cbe5c4b34f25842b Mon Sep 17 00:00:00 2001 From: Jon Bryan Date: Fri, 19 Oct 2018 22:03:44 +0100 Subject: [PATCH 11/11] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5198c74..3efe4ef 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ In a new PowerShell instance, import the module for use: Add-ADSchemaAuxiliaryClassToClass -AuxiliaryClass asTest -Class User -ADLDS $True ``` # Overview -The purpose of this module is to allow users to easily add attributes and classes to the schema of Active Directory. Editing the schema is often a daunting task and requires knowledge of several details that most people do not think about on a regular basis. +The purpose of this module is to allow users to easily add attributes and classes to the schema of Active Directory or to modify the schema of an ADLDS instance. Editing the schema is often a daunting task and requires knowledge of several details that most people do not think about on a regular basis. There is also a lot of fear when it comes to manually adding attributes, because it is a task that cannot be undone. Attributes in AD can be disabled, but they cannot be deleted. @@ -33,6 +33,6 @@ Most of the time, an AD Administrator will want to add a handful of attributes t Usually, the best practice is to create your new attributes, and then also create a new class. The new class should be an Auxiliary class. This essentially means that it can extend an existing class. -Once you create the Auxiliary class, you can bind it to an existing class. This is actually something that can be undone, so it reeduces the fear and worry of really messing up your Active Directory. +Once you create the Auxiliary class, you can bind it to an existing class. This is actually something that can be undone, so it reduces the fear and worry of really messing up your Active Directory. Last, a quick note about Object Identifiers, also known as OID. OID's are what are used as unique identifiers of schema attributes and classes in Active Directory. They are also used in MIB's for networking. For development purposes, you can generate your own OID's. There is even a function in this module that will do it for you. However, if you are going to extend your production schema, you should register for a Private Enterprise Number. Information on this can be found at http://pen.iana.org/pen/PenApplication.page.