Hello,
I notice then getting an Group object via ADSI as follows
$GroupDN = Get-AdGroup TestGroup01 | Select-Object -ExpandProperty Distinguishedname
$Group = [ADSI]”LDAP://$GroupDN”
The .Add method no longer appears to exist (using Winows Server 2012 R2 with PowerShell v4)
Therefore using reflection as follows
$User = “CN=Jane,CN=Users,DC=LAB,DC=pri”
$NativeComObject = $Group.psbase.NativeObject
[System.__ComObject].InvokeMember(“member”,[System.Reflection.BindingFlags]::SetProperty,$null,$NativeComObject,$User)
$Group.commitchanges()
The above adds Jane to the group but removes all other members, (basically I am setting the value of the member attribute to Jane and that is all, hence removing the other users)
What is the correct syntax to add Jane but not remove the other members please
I am sure Jim will know the answer to this is he still contrabutes to this forum
Thanks
PowerShell Active Directory ADSI question
Forum rules
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Re: PowerShell Active Directory ADSI question
Use "Add-AdGroupMember" to add members to a group. There is no need to use the COM interface. That is only needed for groups on a workstation (local groups).
With Win 10 and later we also can use: "Add-LocalGroupMember"
With Win 10 and later we also can use: "Add-LocalGroupMember"
Re: PowerShell Active Directory ADSI question
If you want a pure ADSI solution then we would do it like this:
Code: Select all
$user = [adsi]'LDAP://CN=Jane,CN=Users,DC=LAB,DC=pri'
$group =([adsisearcher]'samaccountname=TestGroup01').FindOne().GetDirectoryEntry()
$group.Add($user.Path)
Re: PowerShell Active Directory ADSI question
Thanks Jim, that worked fine
The odd thing is I did not see the .Add method on the Group object (see below), but it still works I am sure in other versions of PowerShell I used to see the .Add method, any why it worked so that is all that matters, thanks again.
PS C:\Users\Administrator> $group | gm -Force
TypeName: System.DirectoryServices.DirectoryEntry
Name MemberType Definition
---- ---------- ----------
ConvertDNWithBinaryToString CodeMethod static string ConvertDNWithBinaryToString(psobject deInstance, psobject dnWithBinaryInstance)
ConvertLargeIntegerToInt64 CodeMethod static long ConvertLargeIntegerToInt64(psobject deInstance, psobject largeIntegerInstance)
pstypenames CodeProperty System.Collections.ObjectModel.Collection`1[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] pstypenames{get=P.
psadapted MemberSet psadapted {objectClass, cn, member, distinguishedName, instanceType, whenCreated, whenChanged, uSNCreated, uSNChanged, nTSecurityDescriptor, name, objectGU.
psbase MemberSet psbase {AuthenticationType, Children, Guid, ObjectSecurity, Name, NativeGuid, NativeObject, Parent, Password, Path, Properties, SchemaClassName, SchemaEntr.
psextended MemberSet psextended {ConvertLargeIntegerToInt64, ConvertDNWithBinaryToString}
psobject MemberSet psobject {BaseObject, Members, Properties, Methods, ImmediateBaseObject, TypeNames, get_BaseObject, get_Members, get_Properties, get_Methods, get_Immediate.
PSStandardMembers MemberSet PSStandardMembers {DefaultDisplayPropertySet}
cn Property System.DirectoryServices.PropertyValueCollection cn {get;set;}
distinguishedName Property System.DirectoryServices.PropertyValueCollection distinguishedName {get;set;}
dSCorePropagationData Property System.DirectoryServices.PropertyValueCollection dSCorePropagationData {get;set;}
groupType Property System.DirectoryServices.PropertyValueCollection groupType {get;set;}
instanceType Property System.DirectoryServices.PropertyValueCollection instanceType {get;set;}
member Property System.DirectoryServices.PropertyValueCollection member {get;set;}
name Property System.DirectoryServices.PropertyValueCollection name {get;set;}
nTSecurityDescriptor Property System.DirectoryServices.PropertyValueCollection nTSecurityDescriptor {get;set;}
objectCategory Property System.DirectoryServices.PropertyValueCollection objectCategory {get;set;}
objectClass Property System.DirectoryServices.PropertyValueCollection objectClass {get;set;}
objectGUID Property System.DirectoryServices.PropertyValueCollection objectGUID {get;set;}
objectSid Property System.DirectoryServices.PropertyValueCollection objectSid {get;set;}
sAMAccountName Property System.DirectoryServices.PropertyValueCollection sAMAccountName {get;set;}
sAMAccountType Property System.DirectoryServices.PropertyValueCollection sAMAccountType {get;set;}
uSNChanged Property System.DirectoryServices.PropertyValueCollection uSNChanged {get;set;}
uSNCreated Property System.DirectoryServices.PropertyValueCollection uSNCreated {get;set;}
whenChanged Property System.DirectoryServices.PropertyValueCollection whenChanged {get;set;}
whenCreated Property System.DirectoryServices.PropertyValueCollection whenCreated {get;set;}
The odd thing is I did not see the .Add method on the Group object (see below), but it still works I am sure in other versions of PowerShell I used to see the .Add method, any why it worked so that is all that matters, thanks again.
PS C:\Users\Administrator> $group | gm -Force
TypeName: System.DirectoryServices.DirectoryEntry
Name MemberType Definition
---- ---------- ----------
ConvertDNWithBinaryToString CodeMethod static string ConvertDNWithBinaryToString(psobject deInstance, psobject dnWithBinaryInstance)
ConvertLargeIntegerToInt64 CodeMethod static long ConvertLargeIntegerToInt64(psobject deInstance, psobject largeIntegerInstance)
pstypenames CodeProperty System.Collections.ObjectModel.Collection`1[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] pstypenames{get=P.
psadapted MemberSet psadapted {objectClass, cn, member, distinguishedName, instanceType, whenCreated, whenChanged, uSNCreated, uSNChanged, nTSecurityDescriptor, name, objectGU.
psbase MemberSet psbase {AuthenticationType, Children, Guid, ObjectSecurity, Name, NativeGuid, NativeObject, Parent, Password, Path, Properties, SchemaClassName, SchemaEntr.
psextended MemberSet psextended {ConvertLargeIntegerToInt64, ConvertDNWithBinaryToString}
psobject MemberSet psobject {BaseObject, Members, Properties, Methods, ImmediateBaseObject, TypeNames, get_BaseObject, get_Members, get_Properties, get_Methods, get_Immediate.
PSStandardMembers MemberSet PSStandardMembers {DefaultDisplayPropertySet}
cn Property System.DirectoryServices.PropertyValueCollection cn {get;set;}
distinguishedName Property System.DirectoryServices.PropertyValueCollection distinguishedName {get;set;}
dSCorePropagationData Property System.DirectoryServices.PropertyValueCollection dSCorePropagationData {get;set;}
groupType Property System.DirectoryServices.PropertyValueCollection groupType {get;set;}
instanceType Property System.DirectoryServices.PropertyValueCollection instanceType {get;set;}
member Property System.DirectoryServices.PropertyValueCollection member {get;set;}
name Property System.DirectoryServices.PropertyValueCollection name {get;set;}
nTSecurityDescriptor Property System.DirectoryServices.PropertyValueCollection nTSecurityDescriptor {get;set;}
objectCategory Property System.DirectoryServices.PropertyValueCollection objectCategory {get;set;}
objectClass Property System.DirectoryServices.PropertyValueCollection objectClass {get;set;}
objectGUID Property System.DirectoryServices.PropertyValueCollection objectGUID {get;set;}
objectSid Property System.DirectoryServices.PropertyValueCollection objectSid {get;set;}
sAMAccountName Property System.DirectoryServices.PropertyValueCollection sAMAccountName {get;set;}
sAMAccountType Property System.DirectoryServices.PropertyValueCollection sAMAccountType {get;set;}
uSNChanged Property System.DirectoryServices.PropertyValueCollection uSNChanged {get;set;}
uSNCreated Property System.DirectoryServices.PropertyValueCollection uSNCreated {get;set;}
whenChanged Property System.DirectoryServices.PropertyValueCollection whenChanged {get;set;}
whenCreated Property System.DirectoryServices.PropertyValueCollection whenCreated {get;set;}
Re: PowerShell Active Directory ADSI question
COM objects are only discoverable if they have the correct type library. The ADSI objects are documented. Older documentation addresses use in VBScript and other scripting environments. PowerShell can dig into these libraries and "find" the properties and methods on the LDAP provider but are not as successful with the WinNT provider. In all cases the Invoke" method of COM should work.