Nitzan

Nitzan

If this prod is rocking, don’t come a-knocking

Checking for conflicting oIDs

1 minute read

I got word that this script was useful for some other IT team, so it’s definitely blog-worthy!

The Story

I’ve inherited some AD forests with their schema extended by in-house software, using oIDs belonging to an MS pool, meaning that those numbers might be used by future schema extensions by MS and friends.
A very uneasy situation, because whenever I want to extend the schema we have to anticipate oID clashes, requiring forest recovery.
When we prepared the schema for a 2008R2 DC, I’ve created this nifty script to search for our schema entries and compare their oIDs to the ones in the ldf files that adPrep is using, to see if there are any conflicts.
Of course, this script is no replacement to backing up the forest, and maybe extending the schema in a lab before doing the real deal - It’ll just help you see if there are obvious conflicts.

Enjoy!

The Script

<#
.SYNOPSIS
Checks for conflicting OIDs in the current AD Schema and some ldf files
.DESCRIPTION
This script should be used to examine piratly-extended schemas (ones that were extended with oID not belonging to an isolated pool) before further extending them.
This script collects all oIDs from the schema partition of the current forest, and from all .ldf files in a specified folders, and tries to find conflicting ones.
If found, the conflicting AD object is presented.
.EXAMPLE
Check-ConflictingOIDs.ps1 -objectPattern 'MyApp*' -ldfPath 'C:\OCS 2007R2\'
Compares all objects starting with "MyApp" with all .ldf files found in "C:\OCS 2007R2\"
.LINK
My Blog: http://OneBoredAdmin.blogspot.com
#>
param(
[string]$objectPattern = '*',
[string]$ldfPath = '.'
)
 
# Get all OIDs from AD
ipmo active*
pushd ad:\
ls *schem* | cd
$ADIs = ls  | ?{$_.name -like $objectPattern} | ?{$_.objectClass -eq 'classSchema'} | Get-ADObject -prop 'governsId' | select Name,@{Name='uID' ;Expression= {$_.governsId}}
$ADIs += ls  | ?{$_.name -like $objectPattern} | ?{$_.objectClass -eq 'attributeSchema'} | Get-ADObject -prop 'attributeID' | select Name,@{Name= 'uID';Expression= {$_.attributeID}}
popd
 
# Get all OIDs from File
pushd $ldfPath
$files = ls *.ldf;
$FSIs = $files | Get-Content | ?{$_ -match '(governsID)|(attributeID):'} | %{$_ -replace '^.+: ',''}
popd;
 
# Compare all AD-OIDs to FS-OIDs
$bFound = $false
$ADIs | %{
if($FSIs -contains $_.uID) {
    if(!$bFound) {
        $bFound = $true;
        write-host 'CONFLICT FOUND!'
        }
    $_;
    }
}

You May Also Enjoy

Java SMPP helper

6 minute read

One of my projects involves communicating over SMS with cellular-connected IoT devices. The company already has a working infastructure for sending and recie...

Adding shortcuts to your search engine

3 minute read

I really like DuckDuckGo’s bangs, which basically directs your query elsewhere if you prefix it with !something. You could search the London zoo in gmaps by ...

Bridging Switcher’s UDP over OpenWRT

1 minute read

Seems like I’m doing this setup once every 3 years, then forget about it until the next time it breaks. I hope this is the last time I’m rediscovering this.

Invalid number: Nov

5 minute read

One of my current projects is migrating a big Java project from Java 8 to a supported version. Since we’re doing small, stable steps, we started with Java 11...