-
Notifications
You must be signed in to change notification settings - Fork 8
LDAP Object Modifications
Jiri Formacek edited this page Nov 22, 2024
·
1 revision
Module supports modification of objects and makes effective use of pipeline so you can modify objects as a part of pipeline processing.
Function Perform-Modification
{
Param
(
[Parameter(Mandatory,ValueFromPipeline)]
$LdapObject
)
Process
{
$LdapObject.userAccountControl = $LdapObject.userAccountControl -bor 0x2
$LdapObject
}
}
$Ldap = Get-LdapConnection
#gets RootDSE object
$Dse = $Ldap | Get-RootDSE
#disable many user accounts
Find-LdapObject -LdapConnection $Ldap `
-SearchFilter:"(&(cn=a*)(objectClass=user)(objectCategory=organizationalPerson))" `
-SearchBase:"ou=Users,$($Dse.defaultNamingContext)" `
-PropertiesToLoad:@('userAccountControl') `
| Perform-Modification `
| Edit-LdapObject -LdapConnection $Ldap `
-IncludedProps 'userAccountControl'
And the same with attribute transform
Function Perform-Modification
{
Param
(
[Parameter(Mandatory,ValueFromPipeline)]
$LdapObject
)
Process
{
$LdapObject.userAccountControl = @($LdapObject.userAccountControl) + 'UF_ACCOUNTDISABLE'
$LdapObject
}
}
#gets domain controller from own domain
$Ldap = Get-LdapConnection
#gets RootDSE object
$Dse = $Ldap | Get-RootDSE
#Register the transform
Register-LdapAttributeTransform -Name UserAccountControl
#disable many user accounts
Find-LdapObject -LdapConnection $Ldap `
-SearchFilter:"(&(cn=a*)(objectClass=user)(objectCategory=organizationalPerson))" `
-SearchBase:"ou=Users,$($Dse.defaultNamingContext)" `
-PropertiesToLoad:@('userAccountControl') `
| Perform-Modification `
| Edit-LdapObject -LdapConnection $Ldap