To and Fro, Back and Forward Links

  • Article

I seem to have acquired a post sack. It has the initials NP on it...

Hmmm, what's inside? This one looks interesting...

  

"...Dear, Sir,

How can I use PowerShell to check that a backlink is populated for an object in AD?

Yours, faithfully,

Mr Johnny Face..."

 

Well, Johnny, I just happen to have written a function for that very same eventuality... what a coincidence!

It can be found here: Check-ADBackLinkProperty

  

You supply the DistinguishedName of the object, along with the target backlink attribute name, to the function and it tests whether the attribute is a valid backlink.

Here's an example of how to use the function:

Check-ADBackLinkProperty -DN "CN=Bobby Dazzler,OU=User Accounts,DC=Contoso,DC=Com" -Property MemberOf

 

For example:

 

And, here's some of the more interesting bits from the function...

First, let's get a all of the linked schema objects (check out the LDAPFIlter):

 

#Get schema attributes that are linked

$SchemaNC = (Get-ADRootDSE).schemaNamingContext

$LinkedSchema = Get-ADObject -SearchBase $SchemaNC

                             -LDAPFilter "(linkId=*)"

                             -Property linkId, lDAPDisplayName

  

 

Now, lets see  the property passed to the function exists in our linked schema:

 

#See if our passed property has a link ID

$LinkedProperty = $LinkedSchema | Where-Object {$_.lDAPDisplayName -eq $Property}

If ($LinkedProperty -eq $Null) {

Write-Error "Passed property - $Property - is not a linked property"

} #End of If ($LinkedProperty -eq $Null)

 

If we have a valid linked property, let's test to see if it's a backlink or forward link - forward links are recognised by an even numbered link ID, whereas backlinks have an odd number for the link ID.

This allows us to employ the modulus operator - % - to test if we are dealing with a link ID value neatly divisible by two, i.e. an even number and therefore a forward link:

 

If (($LinkedProperty.LinkId % 2) -eq 0) {

Write-Host "Passed property - $Property - is a forward link"

} #End of If ($LinkedProperty.LinkId % 2)

 

Finally, if we have a back link, we collect details from the AD object and add it to a custom PS object for the function to return.

 

#Get details of the property

$ADObject = Get-ADObject -Identity $DN -Properties $Property | Select-Object -ExpandProperty $Property

#Check whether Get-ADObject has returned values

If ($ADObject -ne $Null) {

#Create a custom object to store the different pieces of information we've collected

$ADCustomObject = [PSCustomObject]@{

DistinguishedName = $DN

LinkID = $($LinkedProperty.LinkId)

$Property = $ADObject

} #End of $ADCustomObject...

 

#Return the new object

Return $ADCustomObject

 

The object returned by the function can then be piped into another cmdlet. Here, Select-Object let's us look at the populated backlink values:

 

Get-ADUser bobbydazzler | Check-ADBackLinkProperty -Property MemberOf | Select-Object -ExpandProperty MemberOf

 

 For example:

 

Oh, there's also a sister function to check forward links - Check-ADForwardLinkProperty

 

Best return that sack to its owner and get my own...