Getting Schema and Exchange Schema Version from managed Domains

Question

Hello

I try to query the schema- and Exchange-schema-Version from our managed domains, but I don't find script samples.

regards Helmut

Comments

Hello!

Do we understand correctly that you need to get the functional level of a domain managed in Adaxes and the version of Exchange server in the domain? If so, please, clarify the following:

• What should be done with the received values? E.g. display them in the execution log, send in an email notification, etc.
• What should be done if there is more than one Exchange server in the domain?

If this is not what you meant, please, provide us with all the possible details regarding the desired behavior. Screenshots and live examples would be much appreciated.

---

Hello

I try to build a report for all relevant properties of a domain like

Schema Version: Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion

Exchange Schema Version: Get-ADObject -filter * -SearchBase ((Get-ADRootDSE).schemaNamingContext) -Properties * | Where-Object {$_.Name -eq "ms-Exch-Schema-Version-Pt"} https://eightwone.com/references/schema-versions/

I have also problems to build the statistic part from the report.

regards Helmut

# Iterate through the managed domains $managedDomainsPath = $Context.GetWellKnownContainerPath("ManagedDomains") $managedDomainsContainer = $Context.BindToObject($managedDomainsPath) $managedDomainsContainer.Filter = @("adm-ManagedDomain") foreach ($managedDomain in $managedDomainsContainer) {     $domain = $managedDomain.Get("DC")     $dn = $managedDomain.Get("distinguishedName")

    $rootDse = $Context.BindToObject("Adaxes://$domain/RootDSE")     $nc = $Context.BindToObject("Adaxes://$domain")

    $columnValues = @{ }

    # description     $descriptionID = "{a175415a-080d-4566-a412-95119b2307d5}"     try { $description = $nc.Get("description") }     catch { $description = "" }     $columnValues.Add($descriptionID, $description)

    # whenCreated     $whenCreatedID = "{7ef36b15-f7cf-461f-b8eb-a41312f460f3}"     try { $whenCreated = $nc.Get("whenCreated") }     catch { $whenCreated = "" }     $columnValues.Add($whenCreatedID, $whenCreated)

    # whenChanged     $whenChangedID = "{5848c842-7123-41c6-a289-c7458ddbe28d}"     try { $whenChanged = $nc.Get("whenChanged") }     catch { $whenChanged = "" }     $columnValues.Add($whenChangedID, $whenChanged)

    # msDS-Behavior-Version (Forest Mode)     $msDSBehaviorVersionID = "{4b3f4fd5-f8fd-4588-a2de-a8cf068e2f2a}"     try { $msDSBehaviorVersion = $nc.Get("msDS-Behavior-Version") }     catch { $msDSBehaviorVersion = "" }     Switch ($msDSBehaviorVersion)     {         "0" {$opModeForest = "Windows 2000 gemischt (DCs: NT, 2000, 2003)"}         "1" {$opModeForest = "Windows Server 2003 interim (DCs: NT, 2003)"}         "2" {$opModeForest = "Windows Server 2003 pur (DCs: 2003 oder neuer)"}         "3" {$opModeForest = "Windows Server 2008 (DCs: 2008 oder neuer)"}         "4" {$opModeForest = "Windows Server 2008 R2 (DCs: 2008 R2 oder neuer)"}         "5" {$opModeForest = "Windows Server 2012 (DCs: 2012 oder neuer)"}         "6" {$opModeForest = "Windows Server 2012 R2 (DCs: 2012 R2 oder neuer)"}         "7" {$opModeForest = "Windows Server 2016 (DCs: 2016 oder neuer)"}     }     $columnValues.Add($msDSBehaviorVersionID, "$msDSBehaviorVersion - $opModeForest")

    # msDS-Behavior-Version (Domain Mode)     $msDSBehaviorVersionID = "{2b1942c5-aca7-4dc4-b476-3692dc0ff599}"     try { $msDSBehaviorVersion = $nc.Get("msDS-Behavior-Version") }     catch { $msDSBehaviorVersion = "" }     Switch ($msDSBehaviorVersion)     {         "0" {$opModeDomain = "Windows 2000"}         "1" {$opModeDomain = "Windows Server 2003"}         "2" {$opModeDomain = "Windows Server 2003"}         "3" {$opModeDomain = "Windows Server 2008"}         "4" {$opModeDomain = "Windows Server 2008 R2"}         "5" {$opModeDomain = "Windows Server 2012"}         "6" {$opModeDomain = "Windows Server 2012 R2"}         "7" {$opModeDomain = "Windows Server 2016"}     }     $columnValues.Add($msDSBehaviorVersionID, "$msDSBehaviorVersion - $opModeDomain")

    # schema version     $schemaID = {c317c2c0-9c9d-43a5-a2d5-9b9414163197}     #$schema = $rootDse.Get("schemaNamingContext")     #$schema = Get-AdmRootDSE -Server $domain     #$schemavalue = $Context.LogMessage($schema.Get("objectVersion"), "Information")     #$columnValues.Add($schemaID, "schemavalue - ")

# ********** Statistik **********

    # Create an instance of the DirectorySearcher class     $searcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher" $NULL, $False     $computerID = "{5df9fb3a-bb4b-4384-b322-473b0fb93913}"     $Context.DirectorySearcher.AppendFilter("(objectCategory=computer)")

    # Search for computers     try     {         $searchIterator = $Context.DirectorySearcher.ExecuteSearch()         $searchResults = $searchIterator.FetchAll().Count         while ($Context.MoveNext($searchIterator))         {             $computerCount++         }     }     finally     {         if ($searchIterator) { $searchIterator.Dispose() }     }

    $Context.Items.Add($Context.DirectorySearcher)

    # write to report     $Context.Items.Add($managedDomain, $columnValues )

}

---

Hello Helmut,

Thank you for the provided details. Could you, please, clarify what columns should be present in the report and format of their values? An example of a record would be much appreciated.

Also, please, clarify what data should be present in the statistic part. Should it be presented as a separate report? A live example would be much appreciated.

---

Hello

the statistic part is the count of the different object types like users, computers ...

PS C:\Users\s-ADSsvc0001> Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion

DistinguishedName : CN=Schema,CN=Configuration,DC=int,DC=sds-bs,DC=de Name              : Schema ObjectClass       : dMD ObjectGUID        : 782ed326-0708-4563-a6f4-dd458ea9416a objectVersion     : 88

PS C:\WINDOWS\system32> Get-ADObject -filter * -SearchBase ((Get-ADRootDSE).schemaNamingContext) -Properties * | Where-Object {$_.Name -eq "ms-Exch-Schema-Version-Pt"}

<br> adminDescription                : ms-Exch-Schema-Version-Pt adminDisplayName                : ms-Exch-Schema-Version-Pt attributeID                     : 1.2.840.113556.1.4.7000.102.97 attributeSyntax                 : 2.5.5.9 CanonicalName                   : xerox-hosting.local/Configuration/Schema/ms-Exch-Schema-Version-Pt CN                              : ms-Exch-Schema-Version-Pt Created                         : 31.07.2012 17:38:58 createTimeStamp                 : 31.07.2012 17:38:58 Deleted                         : Description                     : DisplayName                     : DistinguishedName               : CN=ms-Exch-Schema-Version-Pt,CN=Schema,CN=Configuration,DC=xerox-hosting,DC=local dSCorePropagationData           : {01.01.1601 01:00:00} instanceType                    : 4 isDeleted                       : isMemberOfPartialAttributeSet   : False isSingleValued                  : True LastKnownParent                 : lDAPDisplayName                 : msExchSchemaVersionPt Modified                        : 22.01.2020 13:54:51 modifyTimeStamp                 : 22.01.2020 13:54:51 msDS-IntId                      : -2075693490 Name                            : ms-Exch-Schema-Version-Pt nTSecurityDescriptor            : System.DirectoryServices.ActiveDirectorySecurity ObjectCategory                  : CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=xerox-hosting,DC=local ObjectClass                     : attributeSchema ObjectGUID                      : 54349ed6-2c08-4f7e-b0f2-e6c3847c0d4c oMSyntax                        : 2 ProtectedFromAccidentalDeletion : False rangeLower                      : 1 rangeUpper                      : 15332 schemaIDGUID                    : {213, 152, 129, 95...} sDRightsEffective               : 11 searchFlags                     : 0 showInAdvancedViewOnly          : True uSNChanged                      : 8929 uSNCreated                      : 8929 whenChanged                     : 22.01.2020 13:54:51 whenCreated                     : 31.07.2012 17:38:58

For Schema Version (objectVersion) and Exchange Schema Version (rangeUpper) it would be format number and values 88 and 15332.

regards Helmut

---

Hello Helmut,

Thank you for the provided details. Do we understand correctly that you need a single report that will include statistics? What values should be displayed in the printQueue and the Max OU depth columns? Are all the required columns displayed in the screenshot that you provided or there will be additional ones? If latter is the case, please, provide us with the column descriptions. For your information, Adaxes reports are limited to 20 columns maximum. If you need to display more properties, each property can be represented as a separate row grouped by values (e.g. by domain name). The report will look like the following:

Also, it looks like the Forest Mode and Domain Mode columns in your report are represented according to the same value (msDS-Behavior-Version of naming context). Should it be a single column or you would like to check and display the modes separately?

---

Hello,

printQueue = (Get-ADObject -LDAPFilter '(ObjectClass=PrintQueue)' ).count maxOU = (Get-ADOrganizationalUnit -Filter -Properties | select CanonicalName | %{ ($_ -split '/').count - 1 } | measure -Maximum).Maximum

In PS I would use (Get-ADDomain).DomainMode and (Get-ADForest).ForestMode to get information.

regards Helmut

Answer 1

Hello Helmut,

Thank you for the clarification. To create the report:

1. Launch Adaxes Administration Console.
2. In the Console Tree, right-click your service node.
3. In the context menu, navigate to New and click Report.
4. Specify a report name and select Script in the Generate the report using section.
5. Click Next three times.
6. Add the When Created and When Changed columns to the Default columns list.
7. In the Report-specific columns section, click Add.
8. Specify a Display name for the column (e.g. Forest Mode).
9. Click Next.
10. Select Template.
11. In the field below, enter a default value (e.g. empty). The value will never be present in the report and is only required to create the custom column.
12. Click Finish.
13. Repeat steps 7-12 for each custom column that should be present in the report (e.g. Domain Mode, Schema-Version, etc.).
14. Click Next.
15. Paste the below script into the corresponding field. In the script:
    • $forestModeColumnID – Specifies the identifier of the custom column that will display the mode of the forest the domain belongs to. To get the identifier:
      1. Click Back.
      2. In the Report-specific columns section, right click the custom column.
      3. In the context menu, navigate to Copy and click Column ID. The identifier will be copied to clipboard.
    • $domainModeColumnID – Specifies the identifier of the custom column that will display the domain mode.
    • $schemaColumnID – Specifies the identifier of the custom column that will display the domain schema version.
    • $exchangeSchemaColumnID – Specifies the identifier of the custom column that will display the Exchange schema version.
    • $userColumnID – Specifies the identifier of the custom column that will display the total number of user accounts in the domain.
    • $computerColumnID – Specifies the identifier of the custom column that will display the total number of computers in the domain.
    • $printQueueColumnID – Specifies the identifier of the custom column that will display the total number of print queues in the domain.
    • $groupColumnID – Specifies the identifier of the custom column that will display the total number of groups in the domain.
    • $contactColumnID – Specifies the identifier of the custom column that will display the total number of contacts in the domain.
    • $orgUnitColumnID – Specifies the identifier of the custom column that will display the total number of organizational units in the domain.
    • $maxOUdepthColumnID – Specifies the identifier of the custom column that will display the maximum OU depth in the domain.
    • $forestsAndDomainsModes – Maps the codes of forest and domain modes with their descriptions. Each code is mapped to the array of relevant values. The first element in the array describes the forest mode while the second one is for domain.

$forestModeColumnID = "{b47db9c1-6b9a-4312-8d7b-4d69336aa16c}" # TODO: modify me
$domainModeColumnID = "{90a580fc-a678-4212-bea2-d3093a01bb56}" # TODO: modify me
$schemaColumnID = "{2d732de9-03a5-4e02-ae40-a3587f5dc23b}" # TODO: modify me
$exchangeSchemaColumnID = "{cb7dc10e-ee6b-4a5e-8f35-450ce131a920}" # TODO: modify me
$userColumnID = "{54094fe2-584a-4862-9966-9718a1d788be}" # TODO: modify me
$computerColumnID = "{732fce8b-9da5-4ce1-990f-9a665adc07ec}" # TODO: modify me
$printQueueColumnID = "{dce7d34d-443f-4187-bf42-f6f447c5f4c2}" # TODO: modify me
$groupColumnID = "{f73ab889-1b85-4f4e-b701-7ff55834e578}" # TODO: modify me
$contactColumnID = "{72dc50fb-c440-46ed-b430-52349170d19c}" # TODO: modify me
$orgUnitColumnID = "{3f9be349-6863-4873-883c-6fd7b421e0c3}" # TODO: modify me
$maxOUdepthColumnID = "{43a38318-3e70-4b12-aec3-71172318929a}" # TODO: modify me
$forestsAndDomainsModes = @{
    0 = @("Windows 2000 gemischt (DCs: NT, 2000, 2003)","Windows 2000");
    1 = @("Windows Server 2003 interim (DCs: NT, 2003)", "Windows Server 2003");
    2 = @("Windows Server 2003 pur (DCs: 2003 oder neuer)", "Windows Server 2003");
    3 = @("Windows Server 2008 (DCs: 2008 oder neuer)", "Windows Server 2008");
    4 = @("Windows Server 2008 R2 (DCs: 2008 R2 oder neuer)", "Windows Server 2008 R2");
    5 = @("Windows Server 2012 (DCs: 2012 oder neuer)", "Windows Server 2012");
    6 = @("Windows Server 2012 R2 (DCs: 2012 R2 oder neuer)", "Windows Server 2012 R2");
    7 = @("Windows Server 2016 (DCs: 2016 oder neuer)", "Windows Server 2016")
} # TODO: modify me

function AddCalculatedValue($columnID, $searchFilter)
{
    try
    {
        $Context.DirectorySearcher.SearchFilter = $searchFilter
        $searchIterator = $Context.DirectorySearcher.ExecuteSearch()
        $searchResults = $searchIterator.FetchAll()
        $columnValues.Add($columnID, $searchResults.Count)
    }
    finally
    {
        # Release resources
        if ($searchIterator) { $searchIterator.Dispose() }
    }
}

# Iterate through the managed domains
$managedDomainsPath = $Context.GetWellKnownContainerPath("ManagedDomains")
$managedDomainsContainer = $Context.BindToObject($managedDomainsPath)
$managedDomainsContainer.Filter = @("adm-ManagedDomain")
foreach ($managedDomain in $managedDomainsContainer)
{
    $domainFQDN = $managedDomain.Get("DC")
    $rootDse = $Context.BindToObject("Adaxes://$domainFQDN/RootDSE")
    $namingContext = $Context.BindToObject("Adaxes://$domainFQDN")
    $columnValues = @{ }

    # Description
    try
    {
        $description = $namingContext.Get("description")
    }
    catch
    {
        $description = $NULL
    }
    $columnValues.Add("description", $description)

    # When created
    $whenCreated = $namingContext.Get("whenCreated")
    $columnValues.Add("whenCreated", $whenCreated)

    # When changed
    try
    {
        $whenChanged = $namingContext.Get("whenChanged")
    }
    catch
    {
        $whenChanged = $NULL
    }
    $columnValues.Add("whenChanged", $whenChanged)

    # Forest mode
    $forestFunctionalLevel = $rootDse.Get("forestFunctionality")
    $columnValues.Add($forestModeColumnID, "$forestFunctionalLevel - $($($forestsAndDomainsModes[$forestFunctionalLevel])[0])")

    # Domain mode
    $domainFunctionalLevel = $rootDse.Get("domainFunctionality")
    $columnValues.Add($domainModeColumnID, "$domainFunctionalLevel - $($($forestsAndDomainsModes[$domainFunctionalLevel])[1])")

    # Schema version
    $configurationNamingContextDN = $rootDse.Get("configurationNamingContext")
    $schema = $Context.BindToObject("Adaxes://CN=Schema,$configurationNamingContextDN")
    $schemaVersion = $schema.Get("objectVersion")
    $columnValues.Add($schemaColumnID, "schemavalue - $schemaVersion")

    # Exchange schema version
    try
    {
        $exchangeSchema = $Context.BindToObject("Adaxes://CN=ms-Exch-Schema-Version-Pt,CN=Schema,$configurationNamingContextDN")
        $exchangeSchemaVersion = $exchangeSchema.Get("rangeUpper")
    }
    catch
    {
        $exchangeSchemaVersion = $NULL
    }
    $columnValues.Add($exchangeSchemaColumnID, $exchangeSchemaVersion)

    $Context.DirectorySearcher.BaseObjectPath = "Adaxes://$domainFQDN"

    # Users
    AddCalculatedValue $userColumnID "(&(sAMAccountType=805306368)(|(!(msExchRecipientTypeDetails=*))(!(msExchRecipientTypeDetails:1.2.840.113556.1.4.804:=7276219883574))))"

    # Computers
    AddCalculatedValue $computerColumnID "(objectCategory=computer)"

    # Print queues
    AddCalculatedValue $printQueueColumnID "(objectClass=printQueue)"

    # Groups
    AddCalculatedValue $groupColumnID "(objectCategory=group)"

    # Contacts
    AddCalculatedValue $contactColumnID "(objectClass=contact)"

    # OUs
    try
    {
        $Context.DirectorySearcher.SearchFilter = "(objectClass=organizationalUnit)"
        $Context.DirectorySearcher.SetPropertiesToLoad(@("distinguishedName"))
        $searchIterator = $Context.DirectorySearcher.ExecuteSearch()
        $searchResults = $searchIterator.FetchAll()
        $columnValues.Add($orgUnitColumnID, $searchResults.Count)

        # Max OU depth
        $maxOUdepth = 0
        $domainDN = $rootDse.Get("rootDomainNamingContext")
        foreach ($searchResult in $searchResults)
        {
            $OUDNstr = $searchResult.GetPropertyByName("distinguishedName").Value.Replace(",$domainDN", "")
            $OUDNobj = New-Object "Softerra.Adaxes.Ldap.DN" $OUDNstr
            $OUdepth = $OUDNobj.RDNs.Count
            if ($OUdepth -gt $maxOUdepth)
            {
                $maxOUdepth = $OUdepth
            }
        }
        $columnValues.Add($maxOUdepthColumnID, $maxOUdepth)
    }
    finally
    {
        if ($searchIterator) { $searchIterator.Dispose() }
    }

    # Add to report
    $Context.Items.Add($managedDomain, $columnValues)
}

16. Click Next twice and finish creating the report.