none
Using PowerShell To Generate The Custom Expression For The Domain Attribute Flow

    General discussion

  •   Summary
     

    The script code below generates the custom expression that is necessary to flow the domain attribute from AD DS to FIM.
    The custom expression is stored in the clipboard of your computer.

     Please see the following articles for more details:

     

    #--------------------------------------------------------------------------------------------------------
     Set-Variable -Name ForestDn -Value "DC=Fabrikam,DC=Com" -Option Constant
     Set-Variable -Name DnsRoot  -Value "fabrikam.com"       -Option Constant
    #--------------------------------------------------------------------------------------------------------
     Clear-Host
     $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
     $objSearcher.SearchRoot = "LDAP://CN=Partitions,CN=Configuration,$ForestDn" 
     $objSearcher.Filter     = "(&(objectclass=Crossref)(dnsRoot=$DnsRoot)(netBIOSName=*))"
     $dataList = @()
     
     $objSearcher.FindAll() | ForEach{
    	$Domain = New-Object DirectoryServices.DirectoryEntry "LDAP://$($_.Properties.ncname)"
        If($Domain.objectGuid -eq $null) {Throw "Partition not found"}
    	$DomainSid = New-Object System.Security.Principal.SecurityIdentifier($Domain.objectSid[0], 0)
    	
    	$newRecord = new-object psobject
        $newRecord | add-member noteproperty "Path"           $($_.Path)
        $newRecord | add-member noteproperty "NetBIOSName"    $($_.Properties.netbiosname)
        $newRecord | add-member noteproperty "SID"            $DomainSid.ToString()
    	
    	$dataList += $newRecord
     }
    
     If($dataList.length -eq 0) {Throw "L:No domain partitions found!"}
    
     $CustomExpression = ""
     $dataList | ForEach {
        $CustomExpression += 
    	   "IIF(Eq(Left(ConvertSidToString(objectSid),$($_.SID.Length)),""$($_.SID)""),""$($_.NetBIOSName)"","
     }
     $CustomExpression += """Unknown"""
     $dataList | ForEach {
        $CustomExpression += ")"
     }
    
     Write-Host "Domain partitions for forest"
     Write-Host "============================"
     Write-Host "Forest  : $ForestDn"
     Write-Host "DNS Root: $DnsRoot" 
     $dataList | Format-List
     Write-Host "Custom Expression:"
     Write-Host $CustomExpression
     Write-Host ""
     $CustomExpression | clip
    #--------------------------------------------------------------------------------------------------------
     Trap 
     { 
        $exMessage = $_.Exception.Message
        If($exMessage.StartsWith("L:"))
        {write-host "`n" $exMessage.substring(2) "`n" -foregroundcolor white -backgroundcolor darkblue}
        Else 
    	{write-host "`nError: " $exMessage "`n" -foregroundcolor white -backgroundcolor darkred}
        Exit 1
     }
    #--------------------------------------------------------------------------------------------------------
    

     

      Go to the FIM ScriptBox

    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
    Tuesday, March 30, 2010 9:16 PM
    Owner

All replies

  • Hi Markus,

        My subdomain is aaa.bbbb.com,I use this script gets the domain of the SSID,The following error:No such object on the server?

    No problem, my forest was wrong, thank you

     


    There is no fate but what we make!

    Tuesday, December 14, 2010 2:58 AM
  • I am having the same problem.  My domain is abc.domain.net.  I tried "DC=abc,DC=domain,DC=net" and  DnsRoot as "abc.domain.net" but I am still getting errors.
    Tuesday, March 13, 2012 9:00 PM
  • When I paste in the value for the CustomExpression, it errors:

    "The return type(Object) of function IIF is not Binary"

    Monday, February 29, 2016 6:20 AM