I had a need for translating Active Directory object names from any to any form. For instance lab\administrator to cn=administrator,cn=users,dc=lab,dc=local and back. I remembered having seen a cool function called NameTranslate somewhere to see if I could use it somehow.

When searching the internet I found some vbscript code which created an object called “Nametranslate”. Since I absolutely hate vbscript I decided to translate this script into a native PowerShell script. First step was to create a new ComObject like so:

[...]

The snippet below will return all computer object is the specified OU. Just replace the LDAP query with the one you want. The “searchscope” property should be set to “subtree” if you want to do a recursive search.

$dirEntry = new-object directoryservices.directoryentry(“LDAP://ou=XXXX,dc=DOMAIN,DC=COM”)
$dirSearcher = new-object directoryservices.directorysearcher
$dirSearcher.searchroot = $dirEntry
$dirSearcher.Filter = “objectclass=Computer”
$dirSearcher.SearchScope = “base” (or “onelevel” or “subtree”)
$dirSeacher.FindAll()

Check if the current user is member of a certain group:

“*\domain users” | %{$grp = $_ ;  ([security.principal.WindowsIdentity]::GetCurrent()).Groups | %{$_.Translate([System.Security.Principal.NTAccount])} | where-object {$_ -like $grp} } | %{$true}

“builtin\users” | %{$grp = $_ ; ([security.principal.WindowsIdentity]::GetCurrent()).Groups | %{$_.Translate([System.Security.Principal.NTAccount])} | where-object {$_ -like $grp} } | %{$true}

“NT AUTHORITY\Authenticated Users” | %{$grp = $_ ; ([security.principal.WindowsIdentity]::GetCurrent()).Groups | %{$_.Translate([System.Security.Principal.NTAccount])} | where-object {$_ -like $grp} } | %{$true}