1. OG_AD-ProtectedObjects

    Article: AN0002434Updated: 29.05.2020

    This function will create threetext files with Protected objects (Active Directory Protected Groups and Accounts):

    1. List of MS Active Directory groups marked as Protected objects
    2. List of members of these groups
    3. List of accounts marked as Protected objects

    Main prerequisites for use

    Prerequisite Description

    Module Active Directory PowerShell Microsoft

    In order to read information about users from LDAP it is necessary to install Powershell module for Active Directory.
    Remote Differential Compression In order to read information about users from LDAP it is necessary to enable this function of the Windows system on server executing this functionality.
    AD DS and AD LDS Tools In order to read information about users from LDAP it is necessary to enable this function of the Windows system on server executing this functionality.
    Powershell v3 Microsoft Powershell version 3 or higher.

    Description

    The files contain following information.

    File with the MS Active Directory groups marked as Protected objects

    Column name in the headline Description
    GroupName Name of the group.
    GroupDistinguishedName Distingushed name of the group containing path to the group location.
    GroupCategory Category of the group (Security, Distribution).
    GroupScope Scope of the group (DomainLocal, Global, Universal).
    GroupObjectClass Class of the object.
    GroupObjectGUID GUID objektu.
    GroupSamAccountName Name of the group supporting old operating systems.
    GroupSID SID of the group.

    File with members of the MS Active Directory groups marked as Protected objects

    Column name in the headline Description
    GroupName Name of the group.
    GroupDistinguishedName Distingushed name of the group containing path to the group location.
    GroupSID Group SID.
    MemberName Name of the group member.
    MemberDistinguishedName Distinguished name of the group member.
    MemberObjectClass Class of the group member (computer, group, user).
    MemberObjectGUID GUID of the group member.
    MemberSamAccountName Name of the group member supporting old operating systems.
    MemberSID SID of the group member.

    File with accounts marked as Protected object

    Column name in the headline Description
    UserName User login. Např. altman
    UserDistinguishedName Distingushed name of the user account containing path to the account location.
    UserEnabled Information whether, the Windows account is enabled or blocked.
    UserGivenName First name of the user.
    Lastname Last name of the user.
    Email User email.
    Enabled (Yes/No) Information whether, the Windows account is enabled or blocked.
    Phone Phone of the user.
    Fax Fax of the user.
    SID User SID.
    Description User description.
    Office User location (office).
    PasswordExpired Information whether user`s password has expired.

    Parameters

    Include hereinafter stated parameters in the file og_configuration.ps1 (generic parameters shared with other functions) or in the file OG_PC-Start.config (specific parameters of this function). Parameter configuration is described in the documentation of the programme Piklo.

    Parameter Description Example
    [string]$LogFile Path to the file, in which log of the function shall be stored. [string]$LogFile = "\\servername\OGoutput\ADGroupMembers\LogFile_AD-ProtectedGroups.txt"
    [string]$OutFileAdGroups Path to the file, in which output with groups shall be stored.

    [string]$OutFileAdGroups = "\\servername\OGoutput\ADGroupMembers\OutFile_AD-ProtectedGroups.txt"

    [string]$OutFileAdGroupMembers Path to the file, in which output with group members shall be stored. [string]$OutFileAdGroupMembers = "\\servername\OGoutput\ADGroupMembers\OutFile_AD-ProtectedGroupMembers.txt"
    [string]$OutFileAdProtectedUsers Path to the file, in which output with users marked as Protected object shall be stored. [string]$OutFileAdProtectedUsers = "\\servername\OGoutput\ADUsers.txt"
    [string]$OutFileEncoding Coding of the output file. Possible options are "UTF8", "Unicode" and "DEFAULT". The value "DEFAULT" makes the file being created in the ANSI encoding.

    [string]$OutFileEncoding = "UTF8"

    [string]$Delimiter Value separator in the records. Possible values are: "t" - tab, ";" - semicolon a "," - comma.

    [string]$Delimiter = "t"

    [string]$HeaderOutFile

    Defines, wheather the output file shall include header with column names ("1") or not ("0").

    [string]$HeaderOutFile = "1"

    Call

    The function is called by means of the programme Piklo, that is part of ObjectGears package, from ObjectGears script. Result of the call has to be assigned to a variable, with which the script can further work.

    a = OG.Process.RunPiklo('OG_AD-ProtectedObjects','-type C')

×