Summary: Microsoft Active Directory PFE Adam Haynes talks about a Windows PowerShell script he wrote to find Active Directory backup status without using repadmin.
Ed Wilson is here. Today is the first of five guest blogs written by Microsoft PFE Adam Haynes with some help along the way from his friend Microsoft PFE Shubert Somer. Here is a little bit of information about Adam and Shubert.
Adam Haynes: I started with Microsoft in the phone queues and later made the move to Premier Field Engineering. My specialty is Active Directory, but I like to be a jack-of-all-trades. I have a pretty short attention span and am always on the lookout for interesting problems or new hobbies. Occasionally, I get hooked on something and Windows PowerShell is one of those somethings. I even have a Windows PowerShell script to pick out our meals for the week. How about that … Windows PowerShell makes food magically appear!?
Shubert Somer: I went from an education in Mathematics to an over-long diversion into the airline industry. After enough years working with airline fares, schedule, and passengers, a career working with machines seemed like a really good idea. I have an enormous thirst for solving problems and have worked in voice network programming, database development, web tools, workflow, automation, and SharePoint. I have been “OO” since FoxPro 3, and a .NET guy since version 1.0. Currently, I am most intrigued by software development processes—from dream to design to development to delivery. I am a confirmed technology junkie, an avid golfer, and an enthusiastic cyclist. I’ve been told I have a home in North Carolina, which I look forward to being able to spend more than two or three weeks at a time in some day.
Take it away, Adam ...
The more that I learn and use Windows PowerShell, the more awesome it is to me, as I am sure you are already aware. There seems to be a cmdlet for everything in Windows Server 2012 with a 10-fold increase in the number of cmdlets available compared to earlier versions. I am an Active Directory PFE, and as I learned more about the Active Directory module in Windows Server 2008 R2, I started finding the limits of in-the-box cmdlets.
There are other options, of course, but I like to do my own thing and thought I would see how the Windows PowerShell to .NET Framework transition would be for me. I am not a developer by any means, but I spent some time learning the .NET “Fundamentals” and then promptly remembered: There is a reason I am not a developer. It turns out that, working for Microsoft, I have some developer friends that were willing to answer my questions, and I wanted to share some of those conversations with you.
Initially, what I really wanted was a way to get the backup status of Active Directory without using repadmin /showbackup.
I assume that you are familiar with where this data is stored in Active Directory. If not, search for dsaSignature and then come back. Sure, I could call repadmin from within Windows PowerShell, and parse the strings, but THIS …. IS ….POWERSHELL and, tonight, we dine in .NET!!! I want objects and I should be able to do something a lot easier than pattern-matching a bunch of text. After looking at some samples on the web and fumbling through our MSDN site for answers, this is the result:
[string]$dnsRoot = (Get-ADDomain).DNSRoot
[string]$Partitions = (Get-ADRootDSE).namingContexts
$contextType = [System.DirectoryServices.ActiveDirectory.DirectoryContextType]::Domain
$context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext($contextType,$dnsRoot)
$domainController = [System.DirectoryServices.ActiveDirectory.DomainController]::findOne($context)
ForEach($partition in $partitions)
$domainControllerMetadata = $domainController.GetReplicationMetadata($partition)
$dsaSignature = $domainControllerMetadata.Item("dsaSignature")
Write-Host "$partition was backed up $($dsaSignature.LastOriginatingChangeTime.DateTime)`n"
We are not going to spend any time talking about the Active Directory module or the ForEach loop. That is all in the manual a.k.a. Get-Help. As I stated before, I found a few places on the web to get me started—most of this script was already available. What I didn’t find were any good explanations from an administrator’s perspective as to what was actually happening with the .NET objects—why each line was necessary or what it was doing.
We are not going to dive into Active Directory backup and restore either, but we do need to cover some of the .NET Framework concepts to understand why this script works. There is a lot of subtlety and ambiguity in programming vocabulary, so we will be keeping it pretty general and informal. If you are already familiar with Windows PowerShell, then most of this should be a quick review. Specifically, we are going to discuss the following terms and how they apply to the sample script above:
Type\Class – A class is a blueprint or template of what a code object should look like and be able to do. For the purposes of this blog, you can consider a Type to be the same thing, with this distinction: Generally, you will see “type” used more as an adjective and “class” used more as a noun. We’ll see some examples of that distinction later on.
- If you were looking at a mechanical equivalent, you might think of the plans (drawings and details) for each of the parts of a car or even of the car itself as making up the “class” of those parts or of the entire car.
Object – An object is an instance of a class, or what was constructed when we used the class.
- To continue the automotive analogy, the physical parts of a car or the physical car itself would be “objects.” (Following from the type/class distinction above, the blueprint/plans that a particular car was built from would be that car’s “type.”)
Method – A method is a function of the class, and therefore, an action that an object can do.
- Looking at our car “object,” its methods might be Start, Stop, Turn, etc.
Constructor – A constructor is a special method that contains code to create an object from the classes “blueprint” and initialize it with any default or provided values.
- The automotive analogy kind of falls apart here, so we won’t belabor it, but you might think of the factory that builds each part of the car (or the entire car) from the plans and drawings. That factory will need some “insert tab A into slot B” instructions on how to use the blueprints, and those instructions would be the “constructor.” The important thing to note is that you need an outside agency to do the actual building—in the auto example, this agency is a factory. In our .NET world, this “factory” is the .NET Framework. We’ll see how that works when we step through the script.
Property – A property is a piece of information about the object itself.
- In our car analogy this would be things like the car’s color, size, weight, etc.
Member – Collectively, the constructors, methods, and properties of a class are known as its “members.”
You may have noticed that I have used “we” a few times. In the next post, I will introduce a developer PFE friend of mine to help me better explain what this means from a developer’s perspective. Speaking the same language always helps when learning new things. The goal here is to grow your Windows PowerShell skills beyond the cmdlets in case you need a bit more than what comes in the box.
Thank you, Adam. I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at firstname.lastname@example.org, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.
Ed Wilson, Microsoft Scripting Guy