A maycontain object not always has an governs object

chasewilson / SchemaExtensionDsc

Intakes .LDF files and allows DSC to extend the Active Directory Schema using the LDIFDE tool

MIT License

1 stars 1 forks source link

This isn't validated so I hope we can find someone with knowledge

If you try this resource with the schemas for Skype for Business you will see that the test method always returns false. This is because there are objects that have an mayContain line but no governsID line. But the Scripte requires in that line both.

if ($governsObject.mayContain -match $mayId)

For example, you can test this with the ExternalSchema.ldf file from a skype for business iso. (I don't link it here, because I don't know if this is okay, but you can download it from the eval center) Make also sure your read the issue #6 .

So I don't know why this checks both. But maybe we can just remove the double check?

$schemaObjects = Get-ADObject -Filter * -SearchBase $schemaConfig -Properties 'adminDisplayName', 'attributeID', 'governsId', 'mayContain' ..... # also here we must respect the dn or the attribute Id. But sometimes in the ldf there is no attributeId $attributeObject = $schemaObjects | Where-Object -FilterScript {$_.mayContain -ne $null -and $_..mayContain -match $mayId}

chasewilson / SchemaExtensionDsc

A maycontain object not always has an governs object #7