private/resolveEntityReferences.ps1
|
function resolveEntityReferences { [CmdletBinding(DefaultParameterSetName = "rightsprefix")] Param( [Parameter(ParameterSetName = "rightsprefix")] [String]$RightsPrefix, [Parameter(ParameterSetName = "element")] [PSCustomObject]$rbacElement, [Hashtable]$RightsAndPrincipals, [Parameter(ParameterSetName = "element")] [switch]$IncludeParents, [Microsoft.ActiveDirectory.Management.ADDirectoryServer]$Server = (get-addomainController -Writable -Discover) ) begin { $Netbios = (get-addomain).netBiosName } Process { try { if ($rbacElement) { if ($includeParents) { if ( $rbacElement.Parents -and $rbacElement.parents.count -ge 1) { $rbacElement.parents.getEnumerator() | foreach-object { if ($_.value.DistinguishedName -eq $rbacElement.DistinguishedName) { throw "Circular reference from {0}, parent {1}" -f $rbacElement.distinguishedName,$_.value.distinguishedName } write-loghandler -level "Verbose" -message "Resolving Parent entities..." resolveEntityReferences -rbacElement $_.value -RightsAndPrincipals $RightsAndPrincipals } } else { write-loghandler -level "Debug" -message "IncludeParents specified for resolveEntityReference but no parents found on $($rbacElement.distinguishedName)" } } $template = $( switch ($rbacElement.type) { "Global" { $GlobalTemplate} "Org" { $OrgTemplate} "Component" { $ComponentTemplate} } ) } else { throw "Missing RBACElement in resolveEntityRef-- this should not happen" } } catch { $_.Exception.GetType().FullName throw $_ } foreach ($item in $RightsAndPrincipals.GetEnumerator()) { foreach ($entity in $item.value) { write-loghandler -level "Verbose" -message ("Resolving entity reference: {0} : {1}" -f $item.key, $entity) if (-not [String]::IsNullOrEmpty($entity) ) { $NotFoundResult = [PSCustomObject]@{ Name = $null ObjectSID = $Null ObjectClass = "Unknown" NetBIOS = $null SAMAccountName = $null } switch ($item.key) { "SIDS" { $FilterType = "ObjectSID" $FilterValue = $entity $filter = "$filterType -eq '$filterValue'" $NotFoundResult.ObjectSID = $entity } "Principals" { $FilterType = "Name" $FilterValue = $entity $filter = "$filterType -eq '$filterValue'" $NotFoundResult.Name = $entity } "Rights" { $RightDefinition = $Template['DefaultRights'].where({$_.nameSuffix -eq $entity}) $rightsPrefix = "{1}-{2}" -f $prePrefix,$Settings.Names.RightsName,$rbacelement.objectMidName $FilterType = "Name" $FilterValue = "{0}-{1}" -f $RightsPrefix, $entity if ($rightDefinition.count -eq 1) { if (-not $rightDefinition.DoNotPrefixGroupName) { $FilterValue = "{0}{1}" -f $settings['Names']['RightsPrefix'], $FilterValue write-loghandler -level "Verbose" -message "Adding Rights Prefix, new filtervalue $filterValue" } else { write-loghandler -level "Verbose" -message "SKIPPING Rights Prefix for $entity" } $filter = "$filterType -eq '$filterValue'" } else { write-loghandler -level "warning" -message "Failed to get hard ID on $entity in resolveEntityReferences" $filter = "$filterType -eq '$filterValue' -or $filterType -eq '$RightPrefix$filterValue'" } $NotFoundResult.Name = $FilterValue $NotFoundResult.ObjectClass = "Group" } } #$Filter = "{0} -eq '{1}'" -f $FilterType, $FilterValue $foundObjects = get-adObject -server $server -filter $Filter -properties ObjectSID | select-object Name, ObjectSID, ObjectClass if (-not $foundObjects) { $foundObjects = $NotFoundResult } $FoundObjects | foreach-object { [PSCustomObject]@{ Type = $item.key Name = $_.name SID = $_.ObjectSID ObjectClass = $_.objectClass GPORef = if ($_.objectSID) { "*$($_.ObjectSID)" } else { $_.name } StdRef = if ($_.objectSID) { $_.ObjectSID } else { $_.name } # This shouldnt be null, if we have a name we should use it. NetBIOS = if ( -not $null -eq $_.SAMAccountName) { "{0}\{1}" -f $netBios, $_.name } elseif ( -not $null -eq $_.name ) { "{0}\{1}" -f $netBios, $_.name } else { $null } } } } } } } } |