Export AD schema to XML with PowerShell

Having access to PowerShell in the Windows environment has been a major boon to us long-time infrastructure guys (and gals). One area that has become much easier using PowerShell and the ActiveDirectory module is the Active Directory schema.

I don’t know about you but I still struggle every time I go to use LDIFDE to export and/or import and/or compare schema between different directories. There is so much massaging I have to do to the LDF files.  Then when importing the schema into a new environment (which is inevitably 2 years since the last time I have done it) I have to stand on one foot, close one eye, cross my fingers, and press enter.

The good news is I have found a super-easy way to export the AD DS or LDS schema to XML.  Here is the command to export only the classSchema:

(Get-ADObject -Server {AD Server name and port} -searchbase {path to the AD schema} -Filter {(ObjectClass -eq ‘classSchema’)} -Properties * | ConvertTo-XML).Save({XML filename})

This command will create an XML file of all schema properties for classSchema but can, of course, change the filter to attributeSchema (for instance) or remove the filter altogether. While XML isn’t always the easiest format to read it’s a lot easier to read and work with than an LDF file.

Now that you have this schema output it’s really easy to read it back in to do some comparison or importing to a target directory using another PowerShell script like this:

[xml]$SchemaObjects = Get-Content {XML Schema File}

From there it’s just a matter of setting up a loop to read the content:

$SchemaObjects.Objects.objects | ForEach-Object {…}

If you take a look at this post (http://wp.me/p1wfR8-l) you can start to get an idea of how you might automate the whole schema comparison and/or migration process.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: