Monthly Archives: May 2015

Active Directory Friday: Determine the forest functional level

Knowing the Forest Functional Level can be important when implementing new products or when considering to upgrade your functional level. This information can be view in the ‘Active Directory Domains and Trusts’ console, but for the purpose of this article we will take a look how this information can be retrieved programmatically, or to be more specific: How to retrieve this using PowerShell.

In the following example we use the Get-ADForest cmdlet to Retrieve information about the current forest. In particular the property we are interested in is the ForestMode property:

1
Get-ADForest | Select-Object ForestMode

Alternatively the [adsi] type accelerator can be used, this has the advantage that it works on any computer that has PowerShell installed as it does not rely on having the Active Directory module installed, the following code will retrieve the Forest Functional level:

1
([adsi]"LDAP://CN=Partitions,$(([adsi](“LDAP://RootDSE”)).configurationNamingContext)").'msDS-Behavior-Version'

The problem with this is that the value of the Forest Functional Level is stored as an integer. Luckily for us this integer can be found on MSDN. So by combining the previous command with a switch statement we can get the expected output:

1
2
3
4
5
6
7
8
9
switch (([adsi]"LDAP://CN=Partitions,$(([adsi](“LDAP://RootDSE”)).configurationNamingContext)").'msDS-Behavior-Version') {
    0 {'DS_BEHAVIOR_WIN2000'}
    1 {'DS_BEHAVIOR_WIN2003_WITH_MIXED_DOMAINS'}
    2 {'DS_BEHAVIOR_WIN2003'}
    3 {'DS_BEHAVIOR_WIN2008'}
    4 {'DS_BEHAVIOR_WIN2008R2'}
    5 {'DS_BEHAVIOR_WIN2012'}
    6 {'DS_BEHAVIOR_WIN2012R2'}
}

For more information about the Forest Functional Level I have included a TechNet article that goes in depth about the implications of the various forest and domain functional levels. For more information about the msDS-Behavior-Version attribute I have included the link to the MSDN entry.

Forest Functional Level
Understanding Active Directory Domain Services (AD DS) Functional Levels
msDS-Behavior-Version: Forest Functional Level
Share

Sixth DuPSUG meeting, an overview

Today I attended the Dutch PowerShell User Group meeting, colloquially known as DuPSUG. It was the first meeting of 2015 and it was a day filled with exciting sessions focusing on Desired State Configuration, OMI, AST and Azure Pack. Inovativ was kind enough to host the day at their headquarters in Amstelveen.

Blog of the Presenters
Jeffrey Snover
Bartek Bielawski
Ben Gelens
Jeff Wouters
Stefan Stranger
Interesting Links
Dutch PowerShell User Group Site
Monad Manifesto
Share

Get-OrphanHomeFolder – New version in TechNet Script Gallery

I received two requests for new functionality in the Get-OrphanHomeFolder script. This script compares the folder names in a specified path to existing samaccountnames. If the script does not find a match it will list the folder as a possible orphaned folder, it also displays if an account is disabled. The script is available for download in the TechNet script library: Get-OrphanHomeFolder.

A simple example of how to use this function is as follows:

.EXAMPLE 
.\Get-OrphanHomeFolder.ps1 -HomeFolderPath \\Server01\Home -FolderSize

Description:
Will list all the folders in the \\Server01\Home path. For each of these folders it will query AD using the foldername, if the query does not return an AD account or a disabled AD account an error will be logged and the size of the folder will be reported

Using more parameters specific folders can be excluded from results and all orphaned folders are moved to another folder:

.EXAMPLE    
.\Get-OrphanHomeFolder.ps1 -HomeFolderPath \\Server02\Fileshare\Home -MoveFolderPath \\Server03\Fileshare\MovedHomeFolders -ExcludePath \\Server02\Fileshare\Home\JBrasser,\\\\Server02\Fileshare\Home\MShajin -UseRobocopy 
 
Description: 
Will list all the folders in the \\Server02\Fileshare\Home folder and will move orphaned folders using robocopy, excluding JBrasser and MShajin, to \\Server03\Fileshare\MovedHomeFolders while displaying results to console 

The complete function is available in the TechNet Script Library. To view this script or to participate in the discussions about this script either comment here or in the TechNet Script Gallery. Because some of the new functionality, specifically the parameter sets and support for common parameter, the latest version of Connect-Mstsc is not compatible with PowerShell 2.0. To remedy this problem I have uploaded a PowerShell 2.0 compatible version as well.

TechNet Script Library
My entries in TechNet Script Gallery
Get-OrphanHomeFolder
Share