Skip to content
Søren Granfeldt edited this page Mar 27, 2024 · 8 revisions

This page is constantly changing and will just show a few tips and tricks about the questions that I get asked a lot or even myself cannot always remember how to do.

Returning Active Directory objectGuid as a binary

In your Import scripts, you may want to use the Active Directory GUID as a binary which I often do for import scripts. I tend to use the ToByteArray() .NET function available on the GUID object in .NET

$obj = @{}
$obj.id = $user.objectguid.tobytearray()
$obj.'[DN]' = $user.distinguishedname
$obj.objectClass = "user"
$obj

Storing photos as binary data

On a PowerShell MA you may need to import user profile photos from Active Directory, Azure Active Directory, Exchange Online.

In your Schema script, you will need a binary attribute to store the photo in.

$obj | Add-Member -Type NoteProperty -Name "workPhoto|Binary" -Value 0x20 

In your Import script, you will need to retrieve and store the photo. The following is getting a photo in binary format using a webclient for a user from Azure AD. Full example

$byteImg = $wc.DownloadData($url)
$obj.Add("workPhoto",$byteImg)

Translate a string representation of an ObjectSID from GraphAPI/AzureAD to binary format

On a PowerShell MA you want to match objects between AD and AAD on an immutable attribute. AAD stores the SID as a string, AD as binary. Full Example

# Create SID .NET object using SID string from AAD S-1-500-........ 
$sid = New-Object system.Security.Principal.SecurityIdentifier $user.onPremisesSecurityIdentifier
 
# Create a byte array for the length of the users SID
$BinarySid = new-object byte[]($sid.BinaryLength)

# Copy the binary SID into the byte array, starting at index 0
$sid.GetBinaryForm($BinarySid, 0)

# Add the SID to the user in the connector space
$obj.Add("AADonPremiseSID",$BinarySid)

Setting Multi-Value Attributes

On a PowerShell MA you may need to handle multi-value attributes. In your Schema script, you will need a multi-value attribute to store the data in.

$obj | Add-Member -Type NoteProperty -Name "AADProxyAddresses|String[]" -Value ("smtp:[email protected]", "smtp:[email protected]") 

In your Import script, you will need to enumerate the values and store them in the multi-value attribute.

if ($user.proxyAddresses)
     {
         $proxyAddresses = @()
         foreach($address in $user.proxyAddresses) {
            $proxyAddresses += $address
         }
         $obj.Add("AADProxyAddresses",($proxyAddresses))
     }

Returning Active Directory environment information

In your Import and Export scripts, you may consider utilizing Active Directory domain information to enhance the versatility and resilience of your script against potential changes. The following snippet can be used to detect the Active Directory environment your script is intended to operate in, providing access to all information about the current domain -

$rootdse = get-adrootdse
$dc = $rootdse.dnsHostName
$domain = (get-addomain -server $dc).netbiosname
write-debug "netbios-domainname $domain"

This snippet retrieves the root DSE (Directory Service Entry) of the Active Directory forest, extracts the DNS hostname of the domain controller, and then retrieves the NetBIOS name of the domain. This information can be valuable for configuring your script dynamically based on the Active Directory environment it is operating within.