Wednesday, January 4, 2012

Powershell (v2) - Active Directory - Get RootDSE

To help figure out some issues with a basic script I was developing to address an Active Directory issue I found a quick and easy way to identify the RootDSE.  If you are like me, you need to know exactly what RootDSE is. MSDN defines it this way:
the root of the directory data tree on a directory server.
In practical terms, it is the server recognized at the root of the domain tree. In my case, I was trying to figure out if my machine was actively connected to a domain or not. You can query Win32_ComputerSystem with Get-WmiObject, but, that merely reflects if the machine has joined a domain, not, whether it is connected to it or not. To use this entry the standard [ADSI] and LDAP providers are used:
[ADSI]"LDAP://RootDSE"
When you use this approach, it only returns the members that can be used. If a property is not populated with a value, if all you type is what is shown above, you will get nothing back. Technically, they will be $nulls but that is the same thing. So, in my case, I am not attached to a domain at the moment. When I run [ADSI]"LDAP://RootDSE" | Get-Member it doesn't return any properties, but, rather, two methods and nothing else:
TypeName: System.DirectoryServices.DirectoryEntry

Name MemberType Definition
---- ---------- ----------
ConvertDNWithBinaryToString CodeMethod static string ConvertDNWithBinaryToString(psobject deInstance, psobject dnWithBina...
ConvertLargeIntegerToInt64 CodeMethod static long ConvertLargeIntegerToInt64(psobject deInstance, psobject largeIntegerI...
Thinking this was a little odd I decided to return the command without  Get-Member  to see what the object itself contained.  I got this:
The following exception occurred while retrieving member "PSComputerName": "The specified domain either does not exist or could not be contacted.
"
At :line:0 char:0
Ok, that makes sense. Not being connected to a domain, I would not get an object (or, to invert my language, I would get a non-object, a collection of $nulled members). Changing my angle of attack, I opted for [ADSI]"LDAP://RootDSE" | Select-Object * since I was fairly confident this would return the class definition (all members) whether it had an object or not. In fact, this turned out to be true,
AuthenticationType :
Children :
Guid :
ObjectSecurity :
Name :
NativeGuid :
NativeObject :
Parent :
Password :
Path :
Properties :
SchemaClassName :
SchemaEntry :
UsePropertyCache :
Username :
Options :
Site :
Container :
Now I am able to use the (PSObject).MemberName approach more intuitively since I know the data structure. By (PSObject).MemberName I mean referencing an object's members by wrapping the object itself in parentheses and using .MemberName to access a specific member. Remember, there are several different types of members you can access. As outlined in Get-Help Get-Member -Parameter MemberType,
Gets only members with the specified member type. The default is All.

The valid values for this parameter are:

-- AliasProperty: A property that defines a new name for an existing property.
-- CodeMethod: A method that references a static method of a .NET Framework class.
-- CodeProperty: A property that references a static property of a .NET Framework class.
-- Event: Indicates that the object sends a message to indicate an action or a change in state.
-- MemberSet: A predefined collection of properties and methods, such as PSBase, PSObject, and PSTypeNames.
-- Method: A method of the underlying .NET Framework object.
-- NoteProperty: A property with a static value.
-- ParameterizedProperty: A property that takes parameters and parameter values.
-- Property: A property of the underlying .NET Framework object.
-- PropertySet: A predefined collection of object properties.
-- ScriptMethod: A method whose value is the output of a script.
-- ScriptProperty: A property whose value is the output of a script.

-- All: Gets all member types.
-- Methods: Gets all types of methods of the object (for example, Method, CodeMethod, ScriptMethod).
-- Properties: Gets all types of properties of the object (for example, Property, CodeProperty, AliasProperty, ScriptProperty).

Not all objects have every type of member. If you specify a member type that the object does not have, Windows PowerShell returns a
null value.

To get related types of members, such as all extended members, use the View parameter. If you use the MemberType parameter with the
Static or View parameters, Get-Member gets the members that belong to both sets.
Posted by at 9:15 AM
Labels: , , , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)