Verify otherWellKnownObjects Integrity

  • Article

A while ago, I blogged about Messing with otherWellKnownObjects, https://blogs.technet.com/b/provtest/archive/2009/07/15/messing-with-otherwellknownobjects.aspx. I received request asking me how I know if there is any problem with the attribute as otherWellKnownObject attributes have been widely used in HMC as a cross reference.

Here I am providing you a Powershell script to verify if the cross reference is broken.

Save the following to say, VerifyOWO.ps1. Then change the highlighted portion below and then run it. It will then query each of the objects, extract the otherWellKnownObject attribute and see if it is HMC related. If it is, see if it is referencing a deleted object. If it is, then put a '- DELETED' at the back of the output. Here, another step to help you to check the health of your environment.

#################################################

$LDAP = "OU=Hosting,dc=hmc45, dc=com"

$domain = "LDAP://" + $LDAP
$directoryEntry = New-Object System.DirectoryServices.DirectoryEntry $domain

function f([int]$a)
{

 if ($a -lt 16) {
$r = "0" + [Convert]::ToString($a, 16)
} else {
$r = [Convert]::ToString($a, 16)
}
return $r
}

function GUID([String]$guid, [int]$dash)
{

 $p0,$p1,$p2,$p3,$p4,$p5,$p6,$p7,$p8,$p9,$p10,$p11,$p12,$p13,$p14,$p15 = $guid.split(" ")

 $p0 = f($p0)
$p1 = f($p1)
$p2 = f($p2)
$p3 = f($p3)
$p4 = f($p4)
$p5 = f($p5)
$p6 = f($p6)
$p7 = f($p7)
$p8 = f($p8)
$p9 = f($p9)
$p10 = f($p10)
$p11 = f($p11)
$p12 = f($p12)
$p13 = f($p13)
$p14 = f($p14)
$p15 = f($p15)

 if($dash -eq "0") {
$guid = $p0 + $p1 + $p2 + $p3 + "-" + $p4 +$p5 + "-" + $p6 + $p7 + "-" + $p8 + $p9 + "-" + $p10 + $p11 + $p12 + $p13 + $p14 + $p15
} else {
$guid = $p0 + $p1 + $p2 + $p3 + $p4 + $p5 + $p6 + $p7 + $p8 + $p9 + $p10 + $p11 + $p12 + $p13 + $p14 + $p15
}

 return $guid
}

function HMCGUID([String]$guid)
{

 switch ($guid)
{

  "7DEF010C6019A1458068D74AD1A3C1FA" { $return = "FolderUsers"}
"A276E3A170F0C24699770F593818501E" { $return = "FolderAdmins"}
"D22DFCC5B73645E99E16C9AD3D61F34F" { $return = "OfflineAddressList"}
"9E444526CB6F4D5C9A59C9A84E26B627" { $return = "AddressList" }
"89FB25B7DF784FC198A493E2E8A0EE7E" { $return = "GlobalAddressList" }
"4619BE598BF441DB8C9DB0482E62E386" { $return = "MultiGroupPointer" }
"3B6FF4FA8AA248039AD8F9493A43B704" { $return = "ChildOrgCreators" }
"65F37ECB46704F0E9300E1FB48E1096E" { $return = "UserCreators" }
"58888CFC8F7F430C8183102CD5758D81" { $return = "ForeignOwnerOrg"}
"CC016CF08DEF4EA4A05C9C54B198785A" { $return = "ThisOrganizationRoot"}
"3841BDA6D81C4095B9BBB838808F5A55" { $return = "DefaultOCSPool"}
"B7AE2ABCCBAD41A28973559FCA154DB0" { $return = "OwningOrg" }
"EA755D448CE64157A20E82B7CCBE14B0" { $return = "OrgType" }
default {$return = $guid}
}
return $return
}

$dumpfile = "OrgName,OrgDN,WGUID,Known,DNString,Deleted`n"

$query = new-object system.directoryservices.directorysearcher
$query.SearchRoot = $directoryEntry
$query.PageSize = 1000
$query.filter = ("(objectClass=organizationalUnit)")
$orgs = $query.findAll()

$count = 0
$deletedcount = 0
$errorOrg = ""

Foreach($org in $orgs)
{
$org = $org.GetDirectoryEntry()

 $orgDN = $org.distinguishedName
$orgName = $org.name

 $orgName
$orgDN

 $owkos = $org.otherWellKnownObjects
$gp = [reflection.bindingflags]::GetProperty

 foreach ($owko in $owkos)
{
$objtype = $owko.gettype()
$DNStringoutput = $objtype.invokemember("dnstring",$gp,$null,$owko,$null)

$strWKGUID = ($objtype.invokemember("BinaryValue",$gp,$null,$owko,$null))
$BinaryValueoutput = GUID $strWKGUID 1
$BinaryValueoutput = $BinaryValueoutput.ToUpper()
$KnownWGUID = HMCGUID $BinaryValueoutput

$deleted = $false

if($DNStringoutput.contains("CN=Deleted Objects") -eq $true) {
$deleted = $true
$deletedcount ++
$errorOrg = $errorOrg + " " + $orgName + " - " + $KnownWGUID + " object has been deleted`n"

}

# " " + $KnownWGUID + ":" + $DnStringoutput

if($deleted -eq $true) {
" " + $KnownWGUID + " - DELETED! -"
} else {
" " + $KnownWGUID
}

$dumpfile = $dumpfile + $orgName + ";" + $orgDN + ";" + $BinaryValueoutput + ";" + $KnownWGUID + ";" + $DNStringoutput + ";" + $deleted + "`n"

}

" "
" "
$count++

}

Set-Content "VerifyWKO.csv" $dumpfile

"Org processed: $count"
"Deleted oWKO found: $deletedcount"
" "
"Error Orgs:"

$errorOrg