Compare commits
3 Commits
a95bd7ba8a
...
master
| Author | SHA1 | Date |
|---|---|---|
Haug, Christoph
|
4241416100 | |
|
Haug, Christoph
|
2381d32a5a | |
|
Haug, Christoph
|
98c6db773b |
|
|
@ -0,0 +1,124 @@
|
|||
|
||||
Import-Module ActiveDirectory
|
||||
|
||||
<#
|
||||
.SYNOPSIS
|
||||
Sync all DC in a Forest
|
||||
.DESCRIOTION
|
||||
Sync all sites and services in a domain
|
||||
.INPUTS
|
||||
No Input needed
|
||||
.OUTPUTS
|
||||
Return a list of last sync elements
|
||||
.EXAMPLE
|
||||
PS> Replicate-ADSitesAndServices
|
||||
Server LastReplicationSuccess
|
||||
------ ----------------------
|
||||
DC01.dev.intra 14.02.2022 09:07:48
|
||||
DC01.dev.intra 14.02.2022 09:07:47
|
||||
DC02.dev.intra 14.02.2022 09:07:53
|
||||
DC02.dev.intra 14.02.2022 09:07:44
|
||||
DC03.dev.intra 14.02.2022 09:07:41
|
||||
DC03.dev.intra 14.02.2022 09:07:56
|
||||
|
||||
#>
|
||||
function Replicate-ADSitesAndServices {
|
||||
(Get-ADDomainController -Filter *).Name | ForEach-Object {
|
||||
repadmin /syscall $_ (Get-ADDomain).DistinguishedName /e /A | Out-Null
|
||||
}
|
||||
Start-Sleep 10;
|
||||
Get-ADReplicationPartnerMetadata -Target "$env:USERDNSDOMAIN" -Scope Domain | Select-Object Server,LastReplicationSuccess
|
||||
}
|
||||
|
||||
|
||||
function Get-ADObjectTypeGUID{
|
||||
|
||||
param(
|
||||
[Parameter(
|
||||
Mandatory = $true,
|
||||
ParameterSetName="ObjectType",
|
||||
Position = 0,
|
||||
ValueFromPipeline = $true
|
||||
)]
|
||||
[string]$GUID
|
||||
)
|
||||
|
||||
if($Global:adObjectTypeGUID -eq $null){
|
||||
$ObjectTypeGUID = @{}
|
||||
|
||||
$GetADObjectParameter=@{
|
||||
SearchBase=(Get-ADRootDSE).SchemaNamingContext
|
||||
LDAPFilter='(SchemaIDGUID=*)'
|
||||
Properties=@("Name", "SchemaIDGUID")
|
||||
}
|
||||
|
||||
$SchGUID=Get-ADObject @GetADObjectParameter
|
||||
Foreach ($SchemaItem in $SchGUID){
|
||||
$ObjectTypeGUID.Add([GUID]$SchemaItem.SchemaIDGUID,$SchemaItem.Name)
|
||||
}
|
||||
|
||||
$ADObjExtPar=@{
|
||||
SearchBase="CN=Extended-Rights,$((Get-ADRootDSE).ConfigurationNamingContext)"
|
||||
LDAPFilter='(ObjectClass=ControlAccessRight)'
|
||||
Properties=@("Name", "RightsGUID")
|
||||
}
|
||||
|
||||
$SchExtGUID=Get-ADObject @ADObjExtPar
|
||||
ForEach($SchExtItem in $SchExtGUID){
|
||||
$ObjectTypeGUID.Add([GUID]$SchExtItem.RightsGUID,$SchExtItem.Name)
|
||||
}
|
||||
$Global:adObjectTypeGUID=$ObjectTypeGUID
|
||||
}
|
||||
return $Global:adObjectTypeGUID[[GUID]$($GUID)]
|
||||
|
||||
}
|
||||
|
||||
function Get-ADObjectPermission{
|
||||
param(
|
||||
[Parameter(
|
||||
Mandatory = $true,
|
||||
ParameterSetName="Identity",
|
||||
Position = 0,
|
||||
ValueFromPipeline = $true
|
||||
)]
|
||||
[string]$Identity,
|
||||
[string]$Reference ="*"
|
||||
)
|
||||
(Get-Acl "AD:$($Identity)").access | Where-Object IdentityReference -Like $Reference | ForEach-Object{
|
||||
$object=$_
|
||||
|
||||
switch($object.InheritanceType)
|
||||
{
|
||||
"None" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "This Object Only"}
|
||||
"All" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "This object and all descendant objects"}
|
||||
"Descendents" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "All descendant objects"}
|
||||
"Children" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "Only apply this permission to objects and/or containers within this container"}
|
||||
"SelfAndChildren" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "Only apply this permission to objects and/or containers within this container"}
|
||||
}
|
||||
|
||||
switch($object.PropagationFlags )
|
||||
{
|
||||
"None" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "no inheritance"}
|
||||
"InheritOnly" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "inheritance child items only"}
|
||||
"NoPropagateInherit" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "Only Apply this permission to objects and/or containers within this container is selected"}
|
||||
}
|
||||
|
||||
if( $object.ObjectType -eq [GUID]"00000000-0000-0000-0000-000000000000"){
|
||||
$objectTypeName="all properties"
|
||||
}else{
|
||||
$objectTypeName= Get-ADObjectTypeGUID -GUID $object.ObjectType
|
||||
}
|
||||
$object | Add-Member -Force -NotePropertyName ObjectTypeName -NotePropertyValue $objectTypeName
|
||||
|
||||
if( $object.InheritedObjectType -eq [GUID]"00000000-0000-0000-0000-000000000000"){
|
||||
$InheritedObjectType="all objects"
|
||||
}else{
|
||||
$InheritedObjectType= Get-ADObjectTypeGUID -GUID $object.InheritedObjectType
|
||||
}
|
||||
$object | Add-Member -Force -NotePropertyName InheritedObjectTypeName -NotePropertyValue $InheritedObjectType
|
||||
|
||||
Write-Output $object
|
||||
}
|
||||
}
|
||||
|
||||
Export-ModuleMember -Function Replicate-ADSitesAndServices,Get-ADObjectPermission
|
||||
|
|
@ -0,0 +1,94 @@
|
|||
Import-Module ActiveDirectory
|
||||
|
||||
function Get-ADObjectTypeGUID{
|
||||
|
||||
param(
|
||||
[Parameter(
|
||||
Mandatory = $true,
|
||||
ParameterSetName="ObjectType",
|
||||
Position = 0,
|
||||
ValueFromPipeline = $true
|
||||
)]
|
||||
[string]$GUID
|
||||
)
|
||||
|
||||
if($Global:adObjectTypeGUID -eq $null){
|
||||
$ObjectTypeGUID = @{}
|
||||
|
||||
$GetADObjectParameter=@{
|
||||
SearchBase=(Get-ADRootDSE).SchemaNamingContext
|
||||
LDAPFilter='(SchemaIDGUID=*)'
|
||||
Properties=@("Name", "SchemaIDGUID")
|
||||
}
|
||||
|
||||
$SchGUID=Get-ADObject @GetADObjectParameter
|
||||
Foreach ($SchemaItem in $SchGUID){
|
||||
$ObjectTypeGUID.Add([GUID]$SchemaItem.SchemaIDGUID,$SchemaItem.Name)
|
||||
}
|
||||
|
||||
$ADObjExtPar=@{
|
||||
SearchBase="CN=Extended-Rights,$((Get-ADRootDSE).ConfigurationNamingContext)"
|
||||
LDAPFilter='(ObjectClass=ControlAccessRight)'
|
||||
Properties=@("Name", "RightsGUID")
|
||||
}
|
||||
|
||||
$SchExtGUID=Get-ADObject @ADObjExtPar
|
||||
ForEach($SchExtItem in $SchExtGUID){
|
||||
$ObjectTypeGUID.Add([GUID]$SchExtItem.RightsGUID,$SchExtItem.Name)
|
||||
}
|
||||
$Global:adObjectTypeGUID=$ObjectTypeGUID
|
||||
}
|
||||
return $Global:adObjectTypeGUID[[GUID]$($GUID)]
|
||||
|
||||
}
|
||||
|
||||
function Get-ADObjectPermission{
|
||||
param(
|
||||
[Parameter(
|
||||
Mandatory = $true,
|
||||
ParameterSetName="Identity",
|
||||
Position = 0,
|
||||
ValueFromPipeline = $true
|
||||
)]
|
||||
[string]$Identity,
|
||||
[string]$Reference ="*"
|
||||
)
|
||||
(Get-Acl "AD:$($Identity)").access | Where-Object IdentityReference -Like $Reference | ForEach-Object{
|
||||
$object=$_
|
||||
|
||||
switch($object.InheritanceType)
|
||||
{
|
||||
"None" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "This Object Only"}
|
||||
"All" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "This object and all descendant objects"}
|
||||
"Descendents" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "All descendant objects"}
|
||||
"Children" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "Only apply this permission to objects and/or containers within this container"}
|
||||
"SelfAndChildren" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "Only apply this permission to objects and/or containers within this container"}
|
||||
}
|
||||
|
||||
switch($object.PropagationFlags )
|
||||
{
|
||||
"None" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "no inheritance"}
|
||||
"InheritOnly" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "inheritance child items only"}
|
||||
"NoPropagateInherit" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "Only Apply this permission to objects and/or containers within this container is selected"}
|
||||
}
|
||||
|
||||
if( $object.ObjectType -eq [GUID]"00000000-0000-0000-0000-000000000000"){
|
||||
$objectTypeName="all properties"
|
||||
}else{
|
||||
$objectTypeName= Get-ADObjectTypeGUID -GUID $object.ObjectType
|
||||
}
|
||||
$object | Add-Member -Force -NotePropertyName ObjectTypeName -NotePropertyValue $objectTypeName
|
||||
|
||||
if( $object.InheritedObjectType -eq [GUID]"00000000-0000-0000-0000-000000000000"){
|
||||
$InheritedObjectType="all objects"
|
||||
}else{
|
||||
$InheritedObjectType= Get-ADObjectTypeGUID -GUID $object.InheritedObjectType
|
||||
}
|
||||
$object | Add-Member -Force -NotePropertyName InheritedObjectTypeName -NotePropertyValue $InheritedObjectType
|
||||
|
||||
Write-Output $object
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Export-ModuleMember -Function Get-ADObjectPermission
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
$ModulePath="$($env:windir)\system32\WindowsPowerShell\v1.0\Modules\"
|
||||
Get-ChildItem $PSScriptRoot -Directory | ForEach-Object{
|
||||
Copy-Item -Recurse -Force $_.FullName $ModulePath
|
||||
}
|
||||
Loading…
Reference in New Issue