Artikel: AN0002434Aktualisiert: 29.05.2020
Die vorgegebene Sprachenversion vom Artikeltext wird angezeigt, weil es kein Text von der ausgewählten Sprache und Version gibt.
This function will create threetext files with Protected objects (Active Directory Protected Groups and Accounts):
- List of MS Active Directory groups marked as Protected objects
- List of members of these groups
- List of accounts marked as Protected objects
Main prerequisites for use
Prerequisite |
Description |
Module Active Directory PowerShell Microsoft
|
In order to read information about users from LDAP it is necessary to install Powershell module for Active Directory. |
Remote Differential Compression |
In order to read information about users from LDAP it is necessary to enable this function of the Windows system on server executing this functionality. |
AD DS and AD LDS Tools |
In order to read information about users from LDAP it is necessary to enable this function of the Windows system on server executing this functionality. |
Powershell v3 |
Microsoft Powershell version 3 or higher. |
Description
The files contain following information.
File with the MS Active Directory groups marked as Protected objects
Column name in the headline |
Description |
GroupName |
Name of the group. |
GroupDistinguishedName |
Distingushed name of the group containing path to the group location. |
GroupCategory |
Category of the group (Security, Distribution). |
GroupScope |
Scope of the group (DomainLocal, Global, Universal). |
GroupObjectClass |
Class of the object. |
GroupObjectGUID |
GUID objektu. |
GroupSamAccountName |
Name of the group supporting old operating systems. |
GroupSID |
SID of the group. |
File with members of the MS Active Directory groups marked as Protected objects
Column name in the headline |
Description |
GroupName |
Name of the group. |
GroupDistinguishedName |
Distingushed name of the group containing path to the group location. |
GroupSID |
Group SID. |
MemberName |
Name of the group member. |
MemberDistinguishedName |
Distinguished name of the group member. |
MemberObjectClass |
Class of the group member (computer, group, user). |
MemberObjectGUID |
GUID of the group member. |
MemberSamAccountName |
Name of the group member supporting old operating systems. |
MemberSID |
SID of the group member. |
File with accounts marked as Protected object
Column name in the headline |
Description |
UserName |
User login. Např. altman |
UserDistinguishedName |
Distingushed name of the user account containing path to the account location. |
UserEnabled |
Information whether, the Windows account is enabled or blocked. |
UserGivenName |
First name of the user. |
Lastname |
Last name of the user. |
Email |
User email. |
Enabled (Yes/No) |
Information whether, the Windows account is enabled or blocked. |
Phone |
Phone of the user. |
Fax |
Fax of the user. |
SID |
User SID. |
Description |
User description. |
Office |
User location (office). |
PasswordExpired |
Information whether user`s password has expired. |
Parameters
Include hereinafter stated parameters in the file og_configuration.ps1 (generic parameters shared with other functions) or in the file OG_PC-Start.config (specific parameters of this function). Parameter configuration is described in the documentation of the programme Piklo.
Parameter |
Description |
Example |
[string]$LogFile |
Path to the file, in which log of the function shall be stored. |
[string]$LogFile = "\\servername\OGoutput\ADGroupMembers\LogFile_AD-ProtectedGroups.txt" |
[string]$OutFileAdGroups |
Path to the file, in which output with groups shall be stored. |
[string]$OutFileAdGroups = "\\servername\OGoutput\ADGroupMembers\OutFile_AD-ProtectedGroups.txt"
|
[string]$OutFileAdGroupMembers |
Path to the file, in which output with group members shall be stored. |
[string]$OutFileAdGroupMembers = "\\servername\OGoutput\ADGroupMembers\OutFile_AD-ProtectedGroupMembers.txt" |
[string]$OutFileAdProtectedUsers |
Path to the file, in which output with users marked as Protected object shall be stored. |
[string]$OutFileAdProtectedUsers = "\\servername\OGoutput\ADUsers.txt" |
[string]$OutFileEncoding |
Coding of the output file. Possible options are "UTF8", "Unicode" and "DEFAULT". The value "DEFAULT" makes the file being created in the ANSI encoding. |
[string]$OutFileEncoding = "UTF8"
|
[string]$Delimiter |
Value separator in the records. Possible values are: "t" - tab, ";" - semicolon a "," - comma. |
[string]$Delimiter = "t"
|
[string]$HeaderOutFile |
Defines, wheather the output file shall include header with column names ("1") or not ("0").
|
[string]$HeaderOutFile = "1"
|
Call
The function is called by means of the programme Piklo, that is part of ObjectGears package, from ObjectGears script. Result of the call has to be assigned to a variable, with which the script can further work.
a = OG.Process.RunPiklo('OG_AD-ProtectedObjects','-type C')