Skip to content

Commit 65080fd

Browse files
msheldont4emsheldont4e
committed
Update Microsoft Active Directory MD.ps1
- Added Option to exclude OU(s) for collection
1 parent bc381ab commit 65080fd

1 file changed

Lines changed: 103 additions & 9 deletions

File tree

Microsoft Active Directory MD.ps1

Lines changed: 103 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1258,9 +1258,10 @@ function Get-ADObjectACL-ADSI {
12581258
[ValidateRange(1, [Int32]::MaxValue)] [Int32] $ResultSetSize,
12591259
[ValidateNotNull()] [String[]] $SearchBases,
12601260
[System.DirectoryServices.SearchScope] $SearchScope = 'Subtree',
1261-
[String] $Server
1261+
[String] $Server,
1262+
[ValidateNotNull()] [String[]] $ExcludeSearchBases
12621263
)
1263-
1264+
12641265
$args = @{
12651266
# These parameters always have a value
12661267
LDAPFilter = $LDAPFilter
@@ -1300,6 +1301,23 @@ function Get-ADObjectACL-ADSI {
13001301
}
13011302
}
13021303

1304+
if ($ExcludeSearchBases -and $ExcludeSearchBases.Length -gt 0) {
1305+
$filteredObjects = [System.Collections.ArrayList]@()
1306+
foreach ($obj in $objects) {
1307+
$isExcluded = $false
1308+
foreach ($excludeBase in $ExcludeSearchBases) {
1309+
if ($obj.distinguishedName -like "*,$excludeBase") {
1310+
$isExcluded = $true
1311+
break
1312+
}
1313+
}
1314+
if (-not $isExcluded) {
1315+
[void]$filteredObjects.Add($obj)
1316+
}
1317+
}
1318+
$objects = $filteredObjects
1319+
}
1320+
13031321
foreach ($result in $objects) {
13041322
$directoryEntry = Get-DirectoryServicesDirectoryEntry $Credential (Make-LDAPPath $Server $result.objectGUID)
13051323

@@ -1500,7 +1518,8 @@ function Get-ADObject-ADSI {
15001518
[ValidateRange(1, [Int32]::MaxValue)] [Int32] $ResultSetSize,
15011519
[ValidateNotNull()] [String[]] $SearchBases,
15021520
[System.DirectoryServices.SearchScope] $SearchScope = 'Subtree',
1503-
[String[]] $Servers
1521+
[String[]] $Servers,
1522+
[ValidateNotNull()] [String[]] $ExcludeSearchBases
15041523
)
15051524

15061525
$args = @{
@@ -1524,19 +1543,45 @@ function Get-ADObject-ADSI {
15241543

15251544
$servers_not_null = if ($Servers) { $Servers } else { @('') }
15261545

1546+
$objects = [System.Collections.ArrayList]@()
1547+
15271548
foreach ($server in $servers_not_null) {
15281549
if ($server) {
15291550
$args.Server = $server
15301551
}
15311552

15321553
if ($SearchBases -eq $null) {
1533-
Get-ADObjectSingleSearchBase-ADSI @args
1554+
foreach ($obj in (Get-ADObjectSingleSearchBase-ADSI @args)) {
1555+
[void]$objects.Add($obj)
1556+
}
15341557
}
15351558
else {
15361559
foreach ($searchbase in $SearchBases) {
1537-
Get-ADObjectSingleSearchBase-ADSI @args -SearchBase $searchbase
1560+
foreach ($obj in (Get-ADObjectSingleSearchBase-ADSI @args -SearchBase $searchbase)) {
1561+
[void]$objects.Add($obj)
1562+
}
1563+
}
1564+
}
1565+
}
1566+
1567+
if ($ExcludeSearchBases -and $ExcludeSearchBases.Length -gt 0) {
1568+
$filteredObjects = [System.Collections.ArrayList]@()
1569+
foreach ($obj in $objects) {
1570+
$isExcluded = $false
1571+
foreach ($excludeBase in $ExcludeSearchBases) {
1572+
if ($obj.distinguishedName -like "*,$excludeBase") {
1573+
$isExcluded = $true
1574+
break
1575+
}
1576+
}
1577+
if (-not $isExcluded) {
1578+
[void]$filteredObjects.Add($obj)
15381579
}
15391580
}
1581+
$filteredObjects
1582+
}
1583+
else {
1584+
$objects
15401585
}
15411586
}
15421587

@@ -1990,7 +2035,8 @@ function Get-ADUser-ADSI {
19902035
[ValidateRange(1, [Int32]::MaxValue)] [Int32] $ResultSetSize,
19912036
[ValidateNotNull()] $SearchBases,
19922037
[System.DirectoryServices.SearchScope] $SearchScope = 'Subtree',
1993-
[String[]] $Servers
2038+
[String[]] $Servers,
2039+
[ValidateNotNull()] [String[]] $ExcludeSearchBases
19942040
)
19952041

19962042
$args = @{
@@ -2043,6 +2089,10 @@ function Get-ADUser-ADSI {
20432089
$args.Servers = $Servers
20442090
}
20452091

2092+
if ($ExcludeSearchBases) {
2093+
$args.ExcludeSearchBases = $ExcludeSearchBases
2094+
}
2095+
20462096
Get-ADObject-ADSI @args
20472097
}
20482098

@@ -2140,7 +2190,8 @@ function Get-ADComputer-ADSI {
21402190
[ValidateRange(1, [Int32]::MaxValue)] [Int32] $ResultSetSize,
21412191
[ValidateNotNull()] $SearchBases,
21422192
[System.DirectoryServices.SearchScope] $SearchScope = 'Subtree',
2143-
[String[]] $Servers
2193+
[String[]] $Servers,
2194+
[ValidateNotNull()] [String[]] $ExcludeSearchBases
21442195
)
21452196

21462197
$args = @{
@@ -2188,6 +2239,10 @@ function Get-ADComputer-ADSI {
21882239
$args.SearchBases = $SearchBases
21892240
}
21902241

2242+
if ($ExcludeSearchBases) {
2243+
$args.ExcludeSearchBases = $ExcludeSearchBases
2244+
}
2245+
21912246
$args.Server = Get-ADRidMasterFromGuid -GUID $Identity -Credential $Credential
21922247

21932248
Get-ADObject-ADSI @args
@@ -2287,7 +2342,8 @@ function Get-ADGroup-ADSI {
22872342
[ValidateRange(1, [Int32]::MaxValue)] [Int32] $ResultSetSize,
22882343
[ValidateNotNull()] $SearchBases,
22892344
[System.DirectoryServices.SearchScope] $SearchScope = 'Subtree',
2290-
[String[]] $Servers
2345+
[String[]] $Servers,
2346+
[ValidateNotNull()] [String[]] $ExcludeSearchBases
22912347
)
22922348

22932349
$args = @{
@@ -2338,6 +2394,10 @@ function Get-ADGroup-ADSI {
23382394
$args.Servers = $Servers
23392395
}
23402396

2397+
if ($ExcludeSearchBases) {
2398+
$args.ExcludeSearchBases = $ExcludeSearchBases
2399+
}
2400+
23412401
Get-ADObject-ADSI @args
23422402
}
23432403

@@ -2436,7 +2496,8 @@ function Get-ADOrganizationalUnit-ADSI {
24362496
[ValidateRange(1, [Int32]::MaxValue)] [Int32] $ResultSetSize,
24372497
[ValidateNotNull()] $SearchBases,
24382498
[System.DirectoryServices.SearchScope] $SearchScope = 'Subtree',
2439-
[String[]] $Servers
2499+
[String[]] $Servers,
2500+
[ValidateNotNull()] [String[]] $ExcludeSearchBases
24402501
)
24412502

24422503
$args = @{
@@ -2494,6 +2555,10 @@ function Get-ADOrganizationalUnit-ADSI {
24942555
$args.Servers = $Servers
24952556
}
24962557

2558+
if ($ExcludeSearchBases) {
2559+
$args.ExcludeSearchBases = $ExcludeSearchBases
2560+
}
2561+
24972562
Get-ADObject-ADSI @args
24982563
}
24992564

@@ -2645,6 +2710,12 @@ function Idm-SystemInfo {
26452710

26462711
$dcs = @( $domains | ForEach-Object { @{ display = $_.Name; value = $_.RidRoleOwner.Name } } )
26472712

2713+
$ou_params = @{}
2714+
if ($connection_params.Credential) { $ou_params.Credential = $connection_params.Credential }
2715+
$ou_params.Servers = @($domains | ForEach-Object { $_.RidRoleOwner.Name })
2716+
2717+
$organizational_units = @( Get-ADOrganizationalUnit-ADSI @ou_params -Properties @('distinguishedName', 'canonicalName') -LDAPFilter '*' | Sort-Object -Property 'canonicalName' | ForEach-Object { @{ display = $_.canonicalName; value = $_.distinguishedName } } )
2718+
26482719
@(
26492720
@{
26502721
name = 'domains'
@@ -2665,6 +2736,25 @@ function Idm-SystemInfo {
26652736
}
26662737
value = @($dcs | ForEach-Object { $_.value })
26672738
}
2739+
@{
2740+
name = 'exclude_searchbases'
2741+
type = 'grid'
2742+
label = 'Exclude search bases'
2743+
tooltip = 'Organization Units to exclude from searching (improves performance by skipping OUs with many objects)'
2744+
table = @{
2745+
rows = $organizational_units
2746+
settings_grid = @{
2747+
selection = 'multiple'
2748+
key_column = 'value'
2749+
checkbox = $true
2750+
filter = $true
2751+
columns = @(
2752+
@{ name = 'display'; display_name = 'Organizational Unit' }
2753+
)
2754+
}
2755+
}
2756+
value = @()
2757+
}
26682758
@{
26692759
name = 'resultpagesize'
26702760
type = 'textbox'
@@ -4170,6 +4260,10 @@ function ConvertSystemParams {
41704260
if ($system_params.resultpagesize -and $system_params.resultpagesize -ne '0') {
41714261
$out_params.ResultPageSize = $system_params.resultpagesize
41724262
}
4263+
4264+
if ($system_params.exclude_searchbases -and $system_params.exclude_searchbases.Length -gt 0) {
4265+
$out_params.ExcludeSearchBases = $system_params.exclude_searchbases
4266+
}
41734267
}
41744268

41754269
if ($Update -or $Delete) {

0 commit comments

Comments
 (0)