PowerShell Active Directory ADSI question

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 5 years and 6 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
User avatar
ErnieB
Posts: 56
Last visit: Mon Dec 19, 2022 2:09 am

PowerShell Active Directory ADSI question

Post by ErnieB »

Hello,

I notice then getting an Group object via ADSI as follows


$GroupDN = Get-AdGroup TestGroup01 | Select-Object -ExpandProperty Distinguishedname
$Group = [ADSI]”LDAP://$GroupDN”

The .Add method no longer appears to exist (using Winows Server 2012 R2 with PowerShell v4)


Therefore using reflection as follows

$User = “CN=Jane,CN=Users,DC=LAB,DC=pri”

$NativeComObject = $Group.psbase.NativeObject
[System.__ComObject].InvokeMember(“member”,[System.Reflection.BindingFlags]::SetProperty,$null,$NativeComObject,$User)
$Group.commitchanges()


The above adds Jane to the group but removes all other members, (basically I am setting the value of the member attribute to Jane and that is all, hence removing the other users)


What is the correct syntax to add Jane but not remove the other members please


I am sure Jim will know the answer to this is he still contrabutes to this forum

Thanks
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: PowerShell Active Directory ADSI question

Post by jvierra »

Use "Add-AdGroupMember" to add members to a group. There is no need to use the COM interface. That is only needed for groups on a workstation (local groups).

With Win 10 and later we also can use: "Add-LocalGroupMember"
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: PowerShell Active Directory ADSI question

Post by jvierra »

If you want a pure ADSI solution then we would do it like this:

Code: Select all

$user = [adsi]'LDAP://CN=Jane,CN=Users,DC=LAB,DC=pri'
$group =([adsisearcher]'samaccountname=TestGroup01').FindOne().GetDirectoryEntry()
$group.Add($user.Path)
User avatar
ErnieB
Posts: 56
Last visit: Mon Dec 19, 2022 2:09 am

Re: PowerShell Active Directory ADSI question

Post by ErnieB »

Thanks Jim, that worked fine

The odd thing is I did not see the .Add method on the Group object (see below), but it still works :) I am sure in other versions of PowerShell I used to see the .Add method, any why it worked so that is all that matters, thanks again.

PS C:\Users\Administrator> $group | gm -Force


TypeName: System.DirectoryServices.DirectoryEntry

Name MemberType Definition
---- ---------- ----------
ConvertDNWithBinaryToString CodeMethod static string ConvertDNWithBinaryToString(psobject deInstance, psobject dnWithBinaryInstance)
ConvertLargeIntegerToInt64 CodeMethod static long ConvertLargeIntegerToInt64(psobject deInstance, psobject largeIntegerInstance)
pstypenames CodeProperty System.Collections.ObjectModel.Collection`1[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] pstypenames{get=P.
psadapted MemberSet psadapted {objectClass, cn, member, distinguishedName, instanceType, whenCreated, whenChanged, uSNCreated, uSNChanged, nTSecurityDescriptor, name, objectGU.
psbase MemberSet psbase {AuthenticationType, Children, Guid, ObjectSecurity, Name, NativeGuid, NativeObject, Parent, Password, Path, Properties, SchemaClassName, SchemaEntr.
psextended MemberSet psextended {ConvertLargeIntegerToInt64, ConvertDNWithBinaryToString}
psobject MemberSet psobject {BaseObject, Members, Properties, Methods, ImmediateBaseObject, TypeNames, get_BaseObject, get_Members, get_Properties, get_Methods, get_Immediate.
PSStandardMembers MemberSet PSStandardMembers {DefaultDisplayPropertySet}
cn Property System.DirectoryServices.PropertyValueCollection cn {get;set;}
distinguishedName Property System.DirectoryServices.PropertyValueCollection distinguishedName {get;set;}
dSCorePropagationData Property System.DirectoryServices.PropertyValueCollection dSCorePropagationData {get;set;}
groupType Property System.DirectoryServices.PropertyValueCollection groupType {get;set;}
instanceType Property System.DirectoryServices.PropertyValueCollection instanceType {get;set;}
member Property System.DirectoryServices.PropertyValueCollection member {get;set;}
name Property System.DirectoryServices.PropertyValueCollection name {get;set;}
nTSecurityDescriptor Property System.DirectoryServices.PropertyValueCollection nTSecurityDescriptor {get;set;}
objectCategory Property System.DirectoryServices.PropertyValueCollection objectCategory {get;set;}
objectClass Property System.DirectoryServices.PropertyValueCollection objectClass {get;set;}
objectGUID Property System.DirectoryServices.PropertyValueCollection objectGUID {get;set;}
objectSid Property System.DirectoryServices.PropertyValueCollection objectSid {get;set;}
sAMAccountName Property System.DirectoryServices.PropertyValueCollection sAMAccountName {get;set;}
sAMAccountType Property System.DirectoryServices.PropertyValueCollection sAMAccountType {get;set;}
uSNChanged Property System.DirectoryServices.PropertyValueCollection uSNChanged {get;set;}
uSNCreated Property System.DirectoryServices.PropertyValueCollection uSNCreated {get;set;}
whenChanged Property System.DirectoryServices.PropertyValueCollection whenChanged {get;set;}
whenCreated Property System.DirectoryServices.PropertyValueCollection whenCreated {get;set;}
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: PowerShell Active Directory ADSI question

Post by jvierra »

COM objects are only discoverable if they have the correct type library. The ADSI objects are documented. Older documentation addresses use in VBScript and other scripting environments. PowerShell can dig into these libraries and "find" the properties and methods on the LDAP provider but are not as successful with the WinNT provider. In all cases the Invoke" method of COM should work.
User avatar
ErnieB
Posts: 56
Last visit: Mon Dec 19, 2022 2:09 am

Re: PowerShell Active Directory ADSI question

Post by ErnieB »

Thanks Jim :)
This topic is 5 years and 6 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked