Menü

Active Directory abfragen

Table of Contents

Active Directory mit PowerShell abfragen

Bind aufs Active Directory

Der einfachste Bind aufs AD mit PowerShell lautet:

[adsi]'LDAP://contoso.com'

Output

distinguishedName : {DC=contoso,DC=com}
Path              : LDAP://contoso.com

Will man gleichzeitig noch ein Objekt (z.B. den Administrator) suchen, dann geht das so:

$accountName = 'Administrator'
$domainDnsName = 'contoso.com'
$searcher = New-Object DirectoryServices.DirectorySearcher
$searcher.Filter = "(sAMAccountName=$accountName)"
$searcher.SearchRoot = "LDAP://$domainDnsName"
$searcher.PageSize = 1000
$searcher.FindALl() | %{$_.Path}

Output

LDAP://contoso.com/CN=Administrator,CN=Users,DC=contoso,DC=com

Bind aufs Active Directory mit anderen Credentials

Und nun noch ein Bind mit anderen Credentials auf den Administrator:

$domainDnsName = read-host "Enter the DNS Domain Name to connect to"
$userName = read-host "Enter the user to connect to $($domainDnsName)"
$secpwd = read-host -AsSecureString "Enter the password for $($userName)"
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secpwd)
$pwd = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
$domainEntry = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$domainDnsName", "$($domainDnsName)$($userName)", $pwd)
$accountName = 'Administrator'
$searcher = New-Object DirectoryServices.DirectorySearcher
$searcher.Filter = "(sAMAccountName=$accountName)"
$searcher.SearchRoot = $domainEntry
$searcher.PageSize = 1000
$searcher.FindALl() | %{$_.Path}

Schema Version

Schema Version auslesen.

$forestDns = (Get-ADDomain | Select Forest).Forest
$forestDn = (Get-ADDomain -Identity $forestDns).DistinguishedName
$schema = Get-ADObject -Identity "cn=Schema,cn=Configuration,$($forestDn)" `
 -Properties * | Select objectVersion
$schemaversion = ""
switch ($schema.objectVersion){
    13 { $schemaversion = "Windows 2000 Server"}
    30 { $schemaversion = "Windows Server 2003"}
    31 { $schemaversion = "Windows Server 2003 R2"}
    44 { $schemaversion = "Windows Server 2008"}
    47 { $schemaversion = "Windows Server 2008 R2"}  
    51 { $schemaversion = "Windows Server 8 Developers Preview"}
    52 { $schemaversion = "Windows Server 8 Beta"}
    56 { $schemaversion = "Windows Server 2012"}
    69 { $schemaversion = "Windows Server 2012 R2"}
    72 { $schemaversion = "Windows Server Technical Preview (2014)"}
    default { $schemaversion = "unknown - $($schema.objectVersion)"}
}
Write-Host "Schema version is $($schemaversion)" -ForegroundColor Yellow

Forest und FSMO-Rollen

Forest Functional Level, Schema Master und Domain Naming Master auslesen.

Get-ADForest -Identity $domain | select ForestMode, SchemaMaster, DomainNamingMaster

Global Catalogs

Alle Global Catalogs im Forest auslesen.

Get-ADForest -Identity $domain | select -ExpandProperty GlobalCatalogs

Domain und FSMO-Rollen

Forestname, Domainname, Domain Functional Level, Infrastructure Master, PDC Emulator und RIS Master auslesen.

Get-ADDomain -Identity $domain | select Forest, DNSRoot,`
DomainMode, InfrastructureMaster, PDCEmulator, RIDMaster

Domain Controllers

Alle Domain Controllers der Domain auslesen.

Get-ADDomain -Identity $domain | select -ExpandProperty ReplicaDirectoryServers

Alle Domain Controllers mit IP Adresse der Domain auslesen.

Get-ADDomain | select -ExpandProperty ReplicaDirectoryServers | %{
    $dc = $_
    $ip = ([System.Net.Dns]::GetHostAddresses($($_))).IPAddressToString
    "Domain Controller: $($dc) IP Address: $($ip)"
}

Sites im Forest

Alle Sites im Forest auflisten.

$ret = @()
$configurationNC = ([adsi]"LDAP://rootdse").ConfigurationNamingContext
$rootDSE = [adsi]"LDAP://$configurationNC"
$searcher = New-Object DirectoryServices.DirectorySearcher($rootDSE)
$searcher.Filter = "(objectClass=site)"
$searcher.PageSize = 100
$objects= $searcher.FindAll()
$objects | %{
    $obj = New-Object PSObject
    Add-Member -InputObject $obj -MemberType NoteProperty -Name Name -Value $($_.Properties.Item("Name"))
    Add-Member -InputObject $obj -MemberType NoteProperty -Name Description -Value $($_.Properties.Item("description"))
    Add-Member -InputObject $obj -MemberType NoteProperty -Name Location -Value $($_.Properties.Item("location"))
    $subnets = $($_.Properties.Item("SiteObjectBL"))
    $subnets | %{
        $site = "$($_.split(',')[0]) " + $site
    }
    Add-Member -InputObject $obj -MemberType NoteProperty -Name Subnets -Value $site
    $ret += $obj
}
$ret | Sort-Object Name | ft -AutoSize

Subnets im Forest

Alle Subnets im Forest auflisten.

$ret = @()
$configurationNC = ([adsi]"LDAP://rootdse").ConfigurationNamingContext
$rootDSE = [adsi]"LDAP://$configurationNC"
$searcher = New-Object DirectoryServices.DirectorySearcher($rootDSE)
$searcher.Filter = "(objectClass=subnet)"
$searcher.PageSize = 100
$objects = $searcher.FindAll()
$objects | %{
    $obj = New-Object PSObject
    Add-Member -InputObject $obj -MemberType NoteProperty -Name Name -Value $($_.Properties.Item(“Name”))
    Add-Member -InputObject $obj -MemberType NoteProperty -Name Description -Value $($_.Properties.Item(“description”))
    try{
        $siteDN = $($_.Properties.Item("siteObject"))
        $site = $siteDN.split(',')[0]
    }
    catch
    {
        $site = "empty"
    }
    Add-Member -InputObject $obj -MemberType NoteProperty -Name Site -Value $site
    $ret += $obj
}
$ret | Sort-Object Name | ft -AutoSize

Alle Site Links im Forest auflisten.

$ret = @()
$configurationNC = ([adsi]"LDAP://rootdse").ConfigurationNamingContext
$rootDSE = [adsi]"LDAP://$configurationNC"
$searcher = New-Object DirectoryServices.DirectorySearcher($rootDSE)
$searcher.Filter = "(objectClass=siteLink)"
$searcher.PageSize = 100
$objects = $searcher.FindAll()
$objects | %{
    $obj = New-Object PSObject
    Add-Member -InputObject $obj -MemberType NoteProperty -Name Name -Value $($_.Properties.Item(“Name”))
    Add-Member -InputObject $obj -MemberType NoteProperty -Name Description -Value $($_.Properties.Item(“description”))
    Add-Member -InputObject $obj -MemberType NoteProperty -Name Cost -Value $($_.Properties.Item(“cost”))
    Add-Member -InputObject $obj -MemberType NoteProperty -Name Interval -Value $($_.Properties.Item(“replinterval”))         $ret += $obj
} 
$ret | Sort-Object Name | ft -AutoSize

DHCP Server im Forest

Alle aktivierten DHCP Server im Forest auflisten.

$ret = @()
$configurationNC = ([adsi]"LDAP://rootdse").ConfigurationNamingContext
$rootDSE = [adsi]"LDAP://$configurationNC"
$searcher = New-Object DirectoryServices.DirectorySearcher($rootDSE)
$searcher.Filter = "(&(objectClass=dHCPClass)(dhcpIdentification=DHCP Server object))"
$searcher.PageSize = 100
$objects = $searcher.FindAll()
$objects | %{
    $obj = New-Object PSObject
    Add-Member -InputObject $obj -MemberType NoteProperty -Name Name -Value $($_.Properties.Item(“Name”))
    Add-Member -InputObject $obj -MemberType NoteProperty -Name distinguishedname -Value $($_.Properties.Item(“distinguishedname”))
    $ret += $obj
}
$ret | Sort-Object Name | ft -AutoSize

Letzte Beiträge

Sidebar

Entdecke mehr von Tinus IT Wiki

Jetzt abonnieren, um weiterzulesen und auf das gesamte Archiv zuzugreifen.

Weiterlesen