Author Posts

August 22, 2018 at 11:13 am

some background, i have written an app that allows users to create exchange contacts and add them to DL's, all going well except i didnt click 99% of users wont have the AD CMDLETs

 

for speed i used get-adgroup to return the objects, then determine which of those were DG's by filtering on anything that contained the "@" within the mail attribute

$DLList = get-adgroup -Filter { name -like "Hs2*" } -Properties mail | select Name, Mail

 

$DLList = $DLList | where { $_.mail -like "*@*" } | select name -ExpandProperty name| Sort-Object

Update-ComboBox $combobox1 $DLList

 

some searching later and i cant find how to accomplish this without the AD module

 

as an extra i just want the Name of the group to come out rather than an ldap path

August 22, 2018 at 12:05 pm

It might be worth taking a look at 'Just Enough Administration'
https://docs.microsoft.com/en-us/powershell/jea/overview

August 22, 2018 at 12:43 pm

With JEA or New-PSSessionConfiguration, you can create a constrained end points and same can be used in your application. You will create an endpoint by giving permission to a DL or multiple users and the app can connect to the server using PowerShell remoting targeting the new custom PowerShell end point.

August 22, 2018 at 8:57 pm

thanks both will look at JEA

August 23, 2018 at 1:00 am

The key to the ADSISearcher accelerator is the "findall()" or "FindOne()" methods

([adsisearcher]"(&(objectClass=Group)(name=*@*))").FindAll()

If you simply want the names you will need to tease out the value like so

(([adsisearcher]"(&(objectClass=Group)(name=*@*))").FindAll() | select -ExpandProperty properties).name

August 23, 2018 at 3:51 am

You do not need to install the ADDS cmdlets on any machine. You can proxy any cmdlet from any server role to a host using Implicit PSRemoting. The cmdlet are only active during the session and removed when the session is closed.

See these articles.

'technet.microsoft.com/en-us/library/ff720181.aspx'

'blogs.technet.microsoft.com/heyscriptingguy/2013/09/08/remoting-the-implicit-way'

'blogs.technet.microsoft.com/heyscriptingguy/2011/10/04/use-powershell-active-directory-cmdlets-without-installing-any-software'

However, as noted by others, JEA allow you to limit only the cmdlets needed to do the job, vs all of them via implicit remoting. Well, that are use the ADSI option pointed to, though not as convenient as the native cmdlets, they still work.