0

I hear that COM type libraries are supposed to be automatically accessible in PowerShell with no explicit load. So why doesn't ActiveDs work?

PS > new-object -com ActiveDs.LargeInteger
New-Object : Cannot load COM type ActiveDs.LargeInteger.
At line:1 char:11
+ new-object <<<<  -com ActiveDs.LargeInteger
    + CategoryInfo          : InvalidType: (:) [New-Object], PSArgumentException
    + FullyQualifiedErrorId : CannotLoadComObjectType,Microsoft.PowerShell.Commands.NewObjectCommand

This is a follow-up to Use PowerShell to wrap an existing COM object which asks a related but different question.

Improve this question

1 Answer 1

Reset to default
1

Can't you explore using the DirectoryEntry as there is virtually nothing that can be accomplished via ActiveDS that cannot be accomplished using DirectoryEntry.

Object creation

#$dn = [adsi] "LDAP://192.168.30.200:389/dc=dom,dc=fr"
$dn = New-Object System.DirectoryServices.DirectoryEntry ("LDAP://192.168.234.200:389/dc=dom,dc=fr","[email protected]","admin")

# OU creation
$Monou = $dn.create("OrganizationalUnit", "ou=Monou")
$Monou.put("Description", "Une description")
$Res = $Monou.Setinfo()

# User creation
$objUtilisateur = $Monou.create("inetOrgPerson", "cn=Marc Assin")
$objUtilisateur.setinfo()

Object search

#$dn = [adsi] "LDAP://192.168.30.200:389/dc=dom,dc=fr"
$dn = New-Object System.DirectoryServices.DirectoryEntry ("LDAP://192.168.234.200:389/dc=dom,dc=fr","[email protected]","admin")

# Recherche d'un utilisateur
$Rech = new-object System.DirectoryServices.DirectorySearcher($dn)
$Rech.filter = "(([email protected]))"
$Rech.SearchScope = "subtree"
$Rech.PropertiesToLoad.Add("distinguishedName");
$Rech.PropertiesToLoad.Add("sAMAccountName");  
$Rech.PropertiesToLoad.Add("lastLogon");  
$Rech.PropertiesToLoad.Add("telephoneNumber");
$Rech.PropertiesToLoad.Add("memberOf");
$Rech.PropertiesToLoad.Add("distinguishedname");
$Rech.PropertiesToLoad.Add("otherHomePhone"); # téléphone domicile autre

$liste = $Rech.FindOne()
#$liste = $Rech.findall()

Edited :

The datas ('lockoutDuration', 'forceLogoff', 'lockOutObservationWindow', 'maxPwdAge', 'minPwdAge) you are looking for are in fact attributes of the domain object itself.

# Here is the way to retreive the domain object
$dn = New-Object System.DirectoryServices.DirectoryEntry ("LDAP://DomainDnsNameOrIP:389/DC=SILOGIX,DC=fr","[email protected]","totoPwd")

Now if you look at the result of $dn | fl * most of the attributes can be retreived writting $dn.Properties.PROPERTYNAMEHERE[0] -> $dn.Properties.minPwdLength[0]. But some of then will give you the result : System.__ComObject. For these last ones the method I use the following :

$dsLookFor = new-object System.DirectoryServices.DirectorySearcher($dn)
$dsLookFor.SearchScope = "base"; 
$n = $dsLookFor.PropertiesToLoad.Add("modifiedcount");
$n = $dsLookFor.PropertiesToLoad.Add("lockOutObservationWindow");
$n = $dsLookFor.PropertiesToLoad.Add("maxPwdAge");
$n = $dsLookFor.PropertiesToLoad.Add("minPwdAge");
$res = $dsLookFor.FindOne()
$res.Properties.lockoutobservationwindow[0]
# An attribute may be multivalued so $res.Properties.lockoutobservationwindow should be a collection
$a = $res.Properties.lockoutobservationwindow[0]
# Retrive the duration (you'll use datetime structure for dates)
[timespan]([math]::Abs($a))
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Actually DirectoryServices is the whole reason that I need ActiveDs. DS returns some COM objects from ADS.
Ok, but which type do you need ? you can see in the samples above that I reach DirectoryServices types.
Many properties return COM objects, including 'lockoutDuration', 'forceLogoff', 'lockOutObservationWindow', 'maxPwdAge', 'minPwdAge'
Why would Abs succeed on a __ComObject? It doesn't for me: $fl = ($adroot.Properties.GetEnumerator() | ?{ $_.PropertyName -eq 'forceLogoff' })[0] [math]::Abs($fl) Cannot find an overload for "Abs" and the argument count: "1". At line:1 char:1 + [math]::Abs($fl) + ~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodException + FullyQualifiedErrorId : MethodCountCouldNotFindBest
In my examples I just add $n = $dsLookFor.PropertiesToLoad.Add("forceLogoff"); and after findOne I can see $res.Properties.forcelogoff[0] it gives -9223372036854775808 (-1 -> never). BE CAREFULL $res.Properties.forceLogoff[0] gives nothing here forcelogoff seems to be case sensitive you have to type it in lowercases.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.