%3CLINGO-SUB%20id%3D%22lingo-sub-972535%22%20slang%3D%22en-US%22%3EUsing%20PowerShell%20To%20Generate%20The%20Custom%20Expression%20For%20The%20Domain%20Attribute%20Flow%20(Single%20or%20Multiple%20Domain)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-972535%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3E%20First%20published%20on%20MSDN%20on%20Oct%2022%2C%202014%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EThe%20Following%20Script%20can%20be%20used%20to%20generate%20the%20IIF%20Statement%20for%20the%20Domain%20Custom%20Expression%20Attribute%20flow%20on%20the%20Inbound%20Sync%20rule.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20must%20first%20give%20an%20acknowledgement%20to%20%3CA%20href%3D%22https%3A%2F%2Fsocial.technet.microsoft.com%2FForums%2Fen-US%2F50088024-d86a-49dc-bb03-3243ebd677eb%2Fusing-powershell-to-generate-the-custom-expression-for-the-domain-attribute-flow%3Fforum%3Dilm2%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20Markus%20Vilcinskas%20%3C%2FA%3E%20for%20it%20was%20his%20script%20i%20used%20a%20baseline%20to%20build%20the%20IIF%20Statement%2C%26nbsp%3BI%20have%20added%20a%20few%20additional%20the%20following%20features%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E1.)%20support%20for%20multiple%20domains%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E2.)%20Updated%20with%20a%20folder%20picker%20that%20prompts%20with%20a%20folder%20picker%2C%20Folder%20selected%20will%20be%20used%20to%20save%20the%20generated%20text%20file%20that%20will%20contain%20the%20Custom%20Expression.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E3.)%20All%20Variables%20including%20the%20Forest%20information%20are%20set%20for%20you%20automatically%2C%20no%20editing%20of%20the%20script%20is%20needed.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%23%23%23%23%23----------Import-Module%20ActiveDirectory----------%20%3CBR%20%2F%3Eif(%40(get-module%20%7C%20where-object%20%7B%24_.Name%20-eq%20%22ActiveDirectory%22%7D%20).count%20-eq%200)%20%7Bimport-module%20ActiveDirectory%7D%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%23%23%23%23----------Select%20Folder%20to%20save%20output----------%20%3CBR%20%2F%3E%24object%26nbsp%3B%3D%26nbsp%3BNew-Object%26nbsp%3B-comObject%26nbsp%3BShell.Application%20%3CBR%20%2F%3E%24folder%26nbsp%3B%3D%26nbsp%3B%24object.BrowseForFolder(0%2C%26nbsp%3B%22Select%20File%20Output%20Location%20!%22%2C%200%2C%26nbsp%3B%22C%3A%5C%22)%20%3CBR%20%2F%3E%24Dir%20%3D%20%24folder.Self.Path%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%23%23%23----------Set%20Variables----------%20%3CBR%20%2F%3E%24ForestObject%20%3D%20Get-ADForest%20%3CBR%20%2F%3E%24ForestName%20%3D%20%24ForestObject.Name%20%3CBR%20%2F%3E%24ForestParCon%20%3D%20%24ForestObject.PartitionsContainer%20%3CBR%20%2F%3E%24ForestRoot%20%3D%20%24ForestObject.RootDomain%20%3CBR%20%2F%3E%24ForestDomains%20%3D%20%24ForestObject.Domains%20%3CBR%20%2F%3E%24DnsRoot%20%3D%20%24(get-addomain).DNSroot%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%23%23----------Build%20Forest%20DN----------%20%3CBR%20%2F%3E%24ForestDNItems%20%3D%20%24ForestName.ToString().Split('.')%20%3CBR%20%2F%3E%24ForestDNItems%20%3CBR%20%2F%3E%24ctr%20%3D%201%20%3CBR%20%2F%3E%5Bstring%5D%24out%20%3D%20%24null%20%3CBR%20%2F%3EForeach(%24ForestDNItem%20In%20%24ForestDNItems)%20%3CBR%20%2F%3E%7B%20%3CBR%20%2F%3E%24out%20%2B%3D%20'DC%3D'%20%2B%20%24ForestDNItem%20%3CBR%20%2F%3E%24ctr%20%2B%3D%201%20%3CBR%20%2F%3Eif(%24ctr%20-le%20%24ForestDNItems.count)%20%3CBR%20%2F%3E%7B%20%3CBR%20%2F%3E%24out%20%3D%20%24out%20%2B%20'%2C'%20%3CBR%20%2F%3E%7D%20%3CBR%20%2F%3E%7D%20%3CBR%20%2F%3E%24ForestDN%20%3D%20%24out%20%3CBR%20%2F%3E%24ForestDNItems.count%20%3CBR%20%2F%3E%24item%20%3D%20%24ForestDNItems%5B0%5D%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%23----------Build%20Custom%20Expression----------%20%3CBR%20%2F%3EClear-Host%20%3CBR%20%2F%3E%24objSearcher%20%3D%20New-Object%20System.DirectoryServices.DirectorySearcher%20%3CBR%20%2F%3E%24objSearcher.SearchRoot%20%3D%20%22%20%3CA%20href%3D%22https%3A%2F%2F%24ForestParCon%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%22%3E%20LDAP%3A%2F%2F%24ForestParCon%20%3C%2FA%3E%20%22%20%3CBR%20%2F%3E%24objSearcher.Filter%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%3D%20%22(%26amp%3B(objectclass%3DCrossref)(dnsRoot%3D%24DnsRoot)(netBIOSName%3D*))%22%20%3CBR%20%2F%3E%24dataList%20%3D%20%40()%20%3CBR%20%2F%3EForeach(%24ForestDomain%20in%20%24ForestDomains)%20%3CBR%20%2F%3E%7B%20%3CBR%20%2F%3E%24dataList%20%2B%3D%20Get-ADDomain%20%24ForestDomain%20%3CBR%20%2F%3E%7D%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf(%24dataList.length%20-eq%200)%20%7BThrow%20%22L%3ANo%20domain%20partitions%20found!%22%7D%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%24dataList%20%7C%20ForEach%20%7B%20%3CBR%20%2F%3E%24CustomExpression%20%2B%3D%20%3CBR%20%2F%3E%22IIF(Eq(Left(ConvertSidToString(objectSid)%2C%24(%24_.DomainSID.Value.Length))%2C%22%22%24(%24_.DomainSID)%22%22)%2C%22%22%24(%24_.NetBIOSName)%22%22%2C%22%20%3CBR%20%2F%3E%7D%20%3CBR%20%2F%3E%24CustomExpression%20%2B%3D%20%22%22%22Unknown%22%22%22%20%3CBR%20%2F%3Efor%20(%24i%3D1%3B%20%24i%20-le%20%24dataList.length%3B%20%24i%2B%2B)%20%3CBR%20%2F%3E%7B%20%3CBR%20%2F%3E%24CustomExpression%20%2B%3D%20%22)%22%20%3CBR%20%2F%3E%7D%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWrite-Host%20%22Domain%20partitions%20for%20forest%22%20%3CBR%20%2F%3EWrite-Host%20%22%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%3D%22%20%3CBR%20%2F%3EWrite-Host%20%22Forest%26nbsp%3B%20%3A%20%24ForestDn%22%20%3CBR%20%2F%3EWrite-Host%20%22DNS%20Root%3A%20%24DnsRoot%22%20%3CBR%20%2F%3E%24dataList%20%7C%20Format-List%20%3CBR%20%2F%3EWrite-Host%20%22Custom%20Expression%3A%22%20%3CBR%20%2F%3EWrite-Host%20%24CustomExpression%20%3CBR%20%2F%3EWrite-Host%20%22%22%20%3CBR%20%2F%3E%24CustomExpression%20%7C%20clip%20%3CBR%20%2F%3E%23--------------------------------------------------------------------------------------------------------%20%3CBR%20%2F%3ETrap%20%3CBR%20%2F%3E%7B%20%3CBR%20%2F%3E%24exMessage%20%3D%20%24_.Exception.Message%20%3CBR%20%2F%3EIf(%24exMessage.StartsWith(%22L%3A%22))%20%3CBR%20%2F%3E%7Bwrite-host%20%22%60n%22%20%24exMessage.substring(2)%20%22%60n%22%20-foregroundcolor%20white%20-backgroundcolor%20darkblue%7D%20%3CBR%20%2F%3EElse%20%3CBR%20%2F%3E%7Bwrite-host%20%22%60nError%3A%20%22%20%24exMessage%20%22%60n%22%20-foregroundcolor%20white%20-backgroundcolor%20darkred%7D%20%3CBR%20%2F%3EExit%201%20%3CBR%20%2F%3E%7D%20%3CBR%20%2F%3E%23----------Save%20Custom%20Expression%20to%20previously%20selected%20folder----------%20%3CBR%20%2F%3E%24Fileoutput%20%3D%20%24Dir%20%2B%20%22%5C%22%20%2B%20%22ObjectSidIIFStatement.txt%22%20%3CBR%20%2F%3Eecho%20%24customexpression%20%26gt%3B%20%24Fileoutput%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%23%23%20%3CA%20href%3D%22http%3A%2F%2Fblogs.msdn.com%2Fconnector_space%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20http%3A%2F%2Fblogs.msdn.com%2Fconnector_space%20%3C%2FA%3E%20%23%23%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmsdnshared.blob.core.windows.net%2Fmedia%2FMSDNBlogsFS%2Fprod.evol.blogs.msdn.com%2FCommunityServer.Components.PostAttachments%2F00%2F10%2F56%2F65%2F21%2FDomainObjectSid_IIFStatement.ps1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20DomainObjectSid_IIFStatement.ps1%20%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-972535%22%20slang%3D%22en-US%22%3E%3CP%3EFirst%20published%20on%20MSDN%20on%20Oct%2022%2C%202014%20The%20Following%20Script%20can%20be%20used%20to%20generate%20the%20IIF%20Statement%20for%20the%20Domain%20Custom%20Expression%20Attribute%20flow%20on%20the%20Inbound%20Sync%20rule.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-972535%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAnthonyMarsiglia%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

First published on MSDN on Oct 22, 2014

The Following Script can be used to generate the IIF Statement for the Domain Custom Expression Attribute flow on the Inbound Sync rule.

 

I must first give an acknowledgement to Markus Vilcinskas for it was his script i used a baseline to build the IIF Statement, I have added a few additional the following features:

 

1.) support for multiple domains

 

2.) Updated with a folder picker that prompts with a folder picker, Folder selected will be used to save the generated text file that will contain the Custom Expression.

 

3.) All Variables including the Forest information are set for you automatically, no editing of the script is needed.

 

 

 

#####----------Import-Module ActiveDirectory----------
if(@(get-module | where-object {$_.Name -eq "ActiveDirectory"} ).count -eq 0) {import-module ActiveDirectory}

 

####----------Select Folder to save output----------
$object = New-Object -comObject Shell.Application
$folder = $object.BrowseForFolder(0, "Select File Output Location !", 0, "C:\")
$Dir = $folder.Self.Path

 

###----------Set Variables----------
$ForestObject = Get-ADForest
$ForestName = $ForestObject.Name
$ForestParCon = $ForestObject.PartitionsContainer
$ForestRoot = $ForestObject.RootDomain
$ForestDomains = $ForestObject.Domains
$DnsRoot = $(get-addomain).DNSroot

 

##----------Build Forest DN----------
$ForestDNItems = $ForestName.ToString().Split('.')
$ForestDNItems
$ctr = 1
[string]$out = $null
Foreach($ForestDNItem In $ForestDNItems)
{
$out += 'DC=' + $ForestDNItem
$ctr += 1
if($ctr -le $ForestDNItems.count)
{
$out = $out + ','
}
}
$ForestDN = $out
$ForestDNItems.count
$item = $ForestDNItems[0]

 

#----------Build Custom Expression----------
Clear-Host
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = " LDAP://$ForestParCon "
$objSearcher.Filter     = "(&(objectclass=Crossref)(dnsRoot=$DnsRoot)(netBIOSName=*))"
$dataList = @()
Foreach($ForestDomain in $ForestDomains)
{
$dataList += Get-ADDomain $ForestDomain
}

 

If($dataList.length -eq 0) {Throw "L:No domain partitions found!"}

 

$dataList | ForEach {
$CustomExpression +=
"IIF(Eq(Left(ConvertSidToString(objectSid),$($_.DomainSID.Value.Length)),""$($_.DomainSID)""),""$($_.NetBIOSName)"","
}
$CustomExpression += """Unknown"""
for ($i=1; $i -le $dataList.length; $i++)
{
$CustomExpression += ")"
}

 

Write-Host "Domain partitions for forest"
Write-Host "============================"
Write-Host "Forest  : $ForestDn"
Write-Host "DNS Root: $DnsRoot"
$dataList | Format-List
Write-Host "Custom Expression:"
Write-Host $CustomExpression
Write-Host ""
$CustomExpression | clip
#--------------------------------------------------------------------------------------------------------
Trap
{
$exMessage = $_.Exception.Message
If($exMessage.StartsWith("L:"))
{write-host "`n" $exMessage.substring(2) "`n" -foregroundcolor white -backgroundcolor darkblue}
Else
{write-host "`nError: " $exMessage "`n" -foregroundcolor white -backgroundcolor darkred}
Exit 1
}
#----------Save Custom Expression to previously selected folder----------
$Fileoutput = $Dir + "\" + "ObjectSidIIFStatement.txt"
echo $customexpression > $Fileoutput

 

 

 

## http://blogs.msdn.com/connector_space ##

 

DomainObjectSid_IIFStatement.ps1