-
Notifications
You must be signed in to change notification settings - Fork 11
FAQ
This page is constantly changing and will just show a few tips and tricks about the questions that I get asked a lot or even myself cannot always remember how to do.
In your Import scripts, you may want to use the Active Directory GUID as a binary which I often do for import scripts. I tend to use the ToByteArray() .NET function available on the GUID object in .NET
$obj = @{}
$obj.id = $user.objectguid.tobytearray()
$obj.'[DN]' = $user.distinguishedname
$obj.objectClass = "user"
$obj
On a PowerShell MA you may need to import user profile photos from Active Directory, Azure Active Directory, Exchange Online.
In your Schema script, you will need a binary attribute to store the photo in.
$obj | Add-Member -Type NoteProperty -Name "workPhoto|Binary" -Value 0x20
In your Import script, you will need to retrieve and store the photo. The following is getting a photo in binary format using a webclient for a user from Azure AD. Full example
$byteImg = $wc.DownloadData($url)
$obj.Add("workPhoto",$byteImg)
On a PowerShell MA you want to match objects between AD and AAD on an immutable attribute. AAD stores the SID as a string, AD as binary. Full Example
# Create SID .NET object using SID string from AAD S-1-500-........
$sid = New-Object system.Security.Principal.SecurityIdentifier $user.onPremisesSecurityIdentifier
# Create a byte array for the length of the users SID
$BinarySid = new-object byte[]($sid.BinaryLength)
# Copy the binary SID into the byte array, starting at index 0
$sid.GetBinaryForm($BinarySid, 0)
# Add the SID to the user in the connector space
$obj.Add("AADonPremiseSID",$BinarySid)
On a PowerShell MA you may need to handle multi-value attributes. In your Schema script, you will need a multi-value attribute to store the data in.
$obj | Add-Member -Type NoteProperty -Name "AADProxyAddresses|String[]" -Value ("smtp:[email protected]", "smtp:[email protected]")
In your Import script, you will need to enumerate the values and store them in the multi-value attribute.
if ($user.proxyAddresses)
{
$proxyAddresses = @()
foreach($address in $user.proxyAddresses) {
$proxyAddresses += $address
}
$obj.Add("AADProxyAddresses",($proxyAddresses))
}
In your Import and Export scripts, you may consider utilizing Active Directory domain information to enhance the versatility and resilience of your script against potential changes. The following snippet can be used to detect the Active Directory environment your script is intended to operate in, providing access to all information about the current domain -
$rootdse = get-adrootdse
$dc = $rootdse.dnsHostName
$domain = (get-addomain -server $dc).netbiosname
write-debug "netbios-domainname $domain"
This snippet retrieves the root DSE (Directory Service Entry) of the Active Directory forest, extracts the DNS hostname of the domain controller, and then retrieves the NetBIOS name of the domain. This information can be valuable for configuring your script dynamically based on the Active Directory environment it is operating within.