Skip to content

Tools4ever-NIM/NIM-System-PowerShell-Microsoft-Active-Directory-MD

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
Microsoft Active Directory MD.ps1
Microsoft Active Directory MD.ps1
 
 
README.md
README.md
 
 

Repository files navigation

Microsoft Active Directory Multi-Domain

Description

This Multi-Domain variant of the Microsoft Active Directory connector supports operations on multiple domains in a forest. It shares most of the capabilities with the basic Active Directory connector, with the remarks below.

Data Tables

  • ACLs
  • Computers
  • Groups
  • Memberships
  • Organizational Units
  • Users

Actions

  • ACL
    • Create/Delete
  • Computers
    • Create/Update/Delete
  • Groups
    • Create/Update/Delete
  • Memberships
    • Add/Remove
  • Organizational Units
    • Create/Update/Delete
  • Users
    • Create/Update/Delete

Remarks

  • The NIM service running this connector must be part of the involved forest / root domain.
  • One set of credentials must be valid for operations on all involved domain controllers.
  • The domain controller marked as SchemaRoleOwner of the root domain is used to retrieve the available properties (schema) per Data Table (users/groups/...).
  • The Search base menu item, known from the basic Active Directory connector, is not available as it is non-trivial to apply to multiple domains.
  • Als long as there are full trusts between the domains, objects from any domain can be added as member of groups in any (other) domain, unless the involved Group Scope prohibits that.
  • Als long as there are full trusts between the domains, objects can be freely moved between domains, unless the object is member of a group whose Group Scope prohibits that, in which case the object should first be removed from that group.
  • Since multiple domains are involved and objectGUID is used to reference objects, a way is needed to find the domain to be addressed for Update and Delete operations. The Global Catalog of the root domain is used for that. This, however, requires replication to be completed after creation of objects. If addressed too fast, objects created in a subdomain may not yet be found in the Global Catalog of the root domain. For those situations, the distinguishedName is added as an optional attribute for Update and Delete operations - the domain can then be determined without querying the Global Catalog.

NIM Docs

The official NIM documentation can be found at: https://docs.nimsuite.com

About

Microsoft Active Directory Multi-Domain

docs.nimsuite.com/en/integrations/microsoft-active-directory.html

Topics

microsoft powershell ad active-directory

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 10

1.2.6 Latest
Sep 16, 2024
+ 9 releases

Contributors 2

  •  
  •  

Languages