Archives for October 2015

An extra 100ns for free?

So I was reading up on the AD Module filters. I found a thing, Microsoft usually says keep it simple. I found an over complex way of initializing a date variable. So what did the documentation suggest:

Whoa.. Yes you can use .NET but if possible use Powershell cmdlets. Do we have any cmdlet we can use? Get-Date. Get-Date can be initialized with year, month and day.

That looks easier to read so it is better. But are they the same. And they arent. So what is the difference? Let’s convert it to the FileTime structure.

Here we see that we get a 100-nanosecond difference. Im not really sure why. But now we know that if you want the real 12am you cant use Get-Date. As it will add a 100ns extra. Bonus link to MSDN article for DateTime Structure.

Updating AD group membership if the user has a mobilenumber

Background:

So I was at a customers location and well we got talking about scripts. They had the need for a script that populates a group if the user has a cellphone number configured and remove him the number is removed after.
They had already a script that did it. The script did what was needed but I felt there was room for improvement, so I got rid of a try catch where the catch was empty. That is just as bad as ON ERROR RESUME NEXT from the old VBScript days. Anyway I thought later there has got to be a better way of doing this.

The old way:

This is a compressed version written from memory.

The improved way:

So why not just be happy. Well there is still performance improvements and let the DC do the heavy lifting. Lets start using LDAPFilter.

But I only want user from one part of my AD

Okay so now we got new requirements of course but that is really simple. Lets just instruct the Get-ADUser to search only in one part using SearchBase.

So just add the searchbase parameter and path.