[Issue] - Health Checker - Remove AD Module dependencies

[dpaulson45]

Describe the issue
Been seeing a lot of odd issues with the AD cmdlets, we just need to remove them and come up with ways to get the information without using them.

Commands that need to be removed:

Get-ADComputer
Get-ADPrincipalGroupMembership
Get-ADObject

Need to use LDAP Query to find the information that we need.

[Shinbaum]

$ComputerName="NY-EX19-01"
$adsisearcher = New-Object system.directoryservices.directorysearcher
$DomainDN = "DC="+(Get-ExchangeServer $ComputerName).OrganizationalUnit.Split("/")[0].Replace(".",",DC=")
$adsisearcher = New-Object system.directoryservices.directorysearcher
$adsisearcher.SearchRoot = 'LDAP://' + $DomainDN
$adsisearcher.Filter = "(&(objectCategory=computer)(objectClass=computer)(cn=$ComputerName))"
$adsisearcher.FindOne().Properties.distinguishedname

#Need to check that (Get-ExchangeServer $ComputerName).OrganizationalUnit always has the right domain, and in FQDN format
#Need to check that $adsisearcher will go to another domain correctly to do the query

[dpaulson45]

@Shinbaum if you change $adsisearcher.SearchRoot = 'LDAP://' + $DomainDN to $adsisearcher.SearchRoot = 'GC://' + $DomainDN then it will work, as long as the DC that we pick is also a GC.

[Shinbaum]

$ComputerName="NY-EX19-01"
$adsisearcher = New-Object system.directoryservices.directorysearcher
$DomainDN = "DC="+(Get-ExchangeServer $ComputerName).OrganizationalUnit.Split("/")[0].Replace(".",",DC=")
$adsisearcher = New-Object system.directoryservices.directorysearcher
$adsisearcher.SearchRoot = 'GC://' + $DomainDN
$adsisearcher.Filter = "(&(objectCategory=computer)(objectClass=computer)(cn=$ComputerName))"
$adsisearcher.FindOne().Properties.distinguishedname

Works in my lab, but all the DCs are GCs. Can directorysearcher pick a DC that is not a GC?

[dpaulson45]

Could use this function to find the GC.

Shared/ActiveDirectoryFunctions/Get-GlobalCatalogServer.ps1

[Shinbaum]

$ComputerName="NY-EX19-01"
$ADSite = (Get-ExchangeServer -Identity $ComputerName).Site.Name
$GC = ([System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Forest.FindGlobalCatalog($ADSite)).Name
$adsisearcher = New-Object system.directoryservices.directorysearcher
$DomainDN = "DC="+(Get-ExchangeServer $ComputerName).OrganizationalUnit.Split("/")[0].Replace(".",",DC=")
$adsisearcher = New-Object system.directoryservices.directorysearcher
$adsisearcher.SearchRoot = 'GC://' + $GC + "/" + $DomainDN
$adsisearcher.Filter = "(&(objectCategory=computer)(objectClass=computer)(cn=$ComputerName))"
$adsisearcher.FindOne().Properties.distinguishedname

#This will error if there is no GC in the same site as the Exchange server

[dpaulson45]

That would likely be fine, since it isn't supported to be that way.