Transforms/trustAttributes.ps1
|
[CmdletBinding()] param ( [Parameter()] [Switch] $FullLoad ) if($FullLoad) { # From [MS-ADTS]/6.1.6.7.9 # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/1f8d7ea1-fcc1-4833-839a-f94d67c08fcd Add-Type @' using System; [Flags] public enum TrustAttributes: uint { TRUST_ATTRIBUTE_NON_TRANSITIVE = 0x00000001, TRUST_ATTRIBUTE_UPLEVEL_ONLY = 0x00000002, TRUST_ATTRIBUTE_QUARANTINED_DOMAIN = 0x00000004, TRUST_ATTRIBUTE_FOREST_TRANSITIVE = 0x00000008, TRUST_ATTRIBUTE_CROSS_ORGANIZATION = 0x00000010, TRUST_ATTRIBUTE_WITHIN_FOREST = 0x00000020, TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL = 0x00000040, TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION = 0x00000040, TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION = 0x00000200, TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION = 0x00000800, TRUST_ATTRIBUTE_PIM_TRUST = 0x00000400 } '@ } #add attributes that can be processed by this transform $SupportedAttributes = @('trustAttributes') # This is mandatory definition of transform that is expected by transform architecture $codeBlock = New-LdapAttributeTransformDefinition -SupportedAttributes $SupportedAttributes $codeBlock.OnLoad = { param( [string[]]$Values ) Process { foreach($Value in $Values) { [TrustAttributes].GetEnumValues().ForEach({if(($Value -band $_) -eq $_) {$_}}) } } } $codeBlock.OnSave = { param( [TrustAttributes[]]$Values ) Process { $retVal = 0 $Values.ForEach({ $retVal = $retVal -bor $_}) [BitConverter]::ToInt32([BitConverter]::GetBytes($retVal),0) } } $codeBlock |