Tuesday, September 17, 2013

Use PowerShell to get AD schema information

Sometimes when I engage in FIM 2010 or Active Directory projects, I get the question: "Okay, then which attributes do we actually have in our Active Directory then?". It is a fair question and often knowing the site's actual Active Schema at a given point in time can be useful.

Instead of going to the Active Directory Schema snap-in and manual browsing through the scheam, I've created a small PowerShell script that enables you to dump the schema for a user (or other objectclass) into CSV files (or into the PowerShell pipeline) for further processing.

You may find this information about your Active Directory useful or just fun, so here's there script -

$schema = [directoryservices.activedirectory.activedirectoryschema]::getcurrentschema()
$schema.FindClass("user").mandatoryproperties | select name, commonname, description, syntax | export-csv user-mandatory-attributes.csv -Delimiter ';'
$schema.FindClass("user").optionalproperties | select name, commonname, description, syntax | export-csv user-optional-attributes.csv -Delimiter ';'


There is also a short version of the script if you don't want any fancy selecting and exporting, but just want the attribute information in your pipeline -

$objuserclass=[adsi]”LDAP://schema/user”
$objuserclass.mandatoryproperties
$objuserclass.optionalproperties


Feel free to modify it to your specific needs and of course make sure that you run it as a user that has permission to dive into the Active Directory schema.

Enjoy.

2 comments:

Chris Salzgeber said...

How can I determine which attributes are multi-valued? I'm trying to programmatically join multi-valued attributes when exporting data for Active Directory objects to a Csv file.

LifeCh4nge said...

You need to write them to a new-object and then export them. My task was a little different so I used a combination of these 2 methods.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/49ce234a-6038-4209-9965-631b0da980b3/return-result-on-both-getmailbox-and-getmailboxstatistics
http://blogs.perficient.com/microsoft/2013/01/how-to-combine-powershell-cmdlet-output-in-a-single-csv-file/