Article: AN0002434Updated: 29.05.2020
This function will create threetext files with Protected objects (Active Directory Protected Groups and Accounts):
- List of MS Active Directory groups marked as Protected objects
- List of members of these groups
- List of accounts marked as Protected objects
Main prerequisites for use
| Prerequisite |
Description |
|
Module Active Directory PowerShell Microsoft
|
In order to read information about users from LDAP it is necessary to install Powershell module for Active Directory. |
| Remote Differential Compression |
In order to read information about users from LDAP it is necessary to enable this function of the Windows system on server executing this functionality. |
| AD DS and AD LDS Tools |
In order to read information about users from LDAP it is necessary to enable this function of the Windows system on server executing this functionality. |
| Powershell v3 |
Microsoft Powershell version 3 or higher. |
Description
The files contain following information.
File with the MS Active Directory groups marked as Protected objects
| Column name in the headline |
Description |
| GroupName |
Name of the group. |
| GroupDistinguishedName |
Distingushed name of the group containing path to the group location. |
| GroupCategory |
Category of the group (Security, Distribution). |
| GroupScope |
Scope of the group (DomainLocal, Global, Universal). |
| GroupObjectClass |
Class of the object. |
| GroupObjectGUID |
GUID objektu. |
| GroupSamAccountName |
Name of the group supporting old operating systems. |
| GroupSID |
SID of the group. |
File with members of the MS Active Directory groups marked as Protected objects
| Column name in the headline |
Description |
| GroupName |
Name of the group. |
| GroupDistinguishedName |
Distingushed name of the group containing path to the group location. |
| GroupSID |
Group SID. |
| MemberName |
Name of the group member. |
| MemberDistinguishedName |
Distinguished name of the group member. |
| MemberObjectClass |
Class of the group member (computer, group, user). |
| MemberObjectGUID |
GUID of the group member. |
| MemberSamAccountName |
Name of the group member supporting old operating systems. |
| MemberSID |
SID of the group member. |
File with accounts marked as Protected object
| Column name in the headline |
Description |
| UserName |
User login. Např. altman |
| UserDistinguishedName |
Distingushed name of the user account containing path to the account location. |
| UserEnabled |
Information whether, the Windows account is enabled or blocked. |
| UserGivenName |
First name of the user. |
| Lastname |
Last name of the user. |
| Email |
User email. |
| Enabled (Yes/No) |
Information whether, the Windows account is enabled or blocked. |
| Phone |
Phone of the user. |
| Fax |
Fax of the user. |
| SID |
User SID. |
| Description |
User description. |
| Office |
User location (office). |
| PasswordExpired |
Information whether user`s password has expired. |
Parameters
Include hereinafter stated parameters in the file og_configuration.ps1 (generic parameters shared with other functions) or in the file OG_PC-Start.config (specific parameters of this function). Parameter configuration is described in the documentation of the programme Piklo.
| Parameter |
Description |
Example |
| [string]$LogFile |
Path to the file, in which log of the function shall be stored. |
[string]$LogFile = "\\servername\OGoutput\ADGroupMembers\LogFile_AD-ProtectedGroups.txt" |
| [string]$OutFileAdGroups |
Path to the file, in which output with groups shall be stored. |
[string]$OutFileAdGroups = "\\servername\OGoutput\ADGroupMembers\OutFile_AD-ProtectedGroups.txt"
|
| [string]$OutFileAdGroupMembers |
Path to the file, in which output with group members shall be stored. |
[string]$OutFileAdGroupMembers = "\\servername\OGoutput\ADGroupMembers\OutFile_AD-ProtectedGroupMembers.txt" |
| [string]$OutFileAdProtectedUsers |
Path to the file, in which output with users marked as Protected object shall be stored. |
[string]$OutFileAdProtectedUsers = "\\servername\OGoutput\ADUsers.txt" |
| [string]$OutFileEncoding |
Coding of the output file. Possible options are "UTF8", "Unicode" and "DEFAULT". The value "DEFAULT" makes the file being created in the ANSI encoding. |
[string]$OutFileEncoding = "UTF8"
|
| [string]$Delimiter |
Value separator in the records. Possible values are: "t" - tab, ";" - semicolon a "," - comma. |
[string]$Delimiter = "t"
|
| [string]$HeaderOutFile |
Defines, wheather the output file shall include header with column names ("1") or not ("0").
|
[string]$HeaderOutFile = "1"
|
Call
The function is called by means of the programme Piklo, that is part of ObjectGears package, from ObjectGears script. Result of the call has to be assigned to a variable, with which the script can further work.
a = OG.Process.RunPiklo('OG_AD-ProtectedObjects','-type C')