Using PowerShell To Generate The Custom Expression For The Domain Attribute Flow (Single or Multiple Domain)

The Following Script can be used to generate the IIF Statement for the Domain Custom Expression Attribute flow on the Inbound Sync rule.

I must first give an acknowledgement to Markus Vilcinskas for it was his script i used a baseline to build the IIF Statement, I have added a few additional the following features:

 1.) support for multiple domains

2.) Updated with a folder picker that prompts with a folder picker, Folder selected will be used to save the generated text file that will contain the Custom Expression.

3.) All Variables including the Forest information are set for you automatically, no editing of the script is needed.


#####----------Import-Module ActiveDirectory----------
if(@(get-module | where-object {$_.Name -eq "ActiveDirectory"} ).count -eq 0) {import-module ActiveDirectory}

####----------Select Folder to save output----------
$object = New-Object -comObject Shell.Application
$folder = $object.BrowseForFolder(0, "Select File Output Location !", 0, "C:\")
$Dir = $folder.Self.Path

###----------Set Variables----------
$ForestObject = Get-ADForest
$ForestName = $ForestObject.Name
$ForestParCon = $ForestObject.PartitionsContainer
$ForestRoot = $ForestObject.RootDomain
$ForestDomains = $ForestObject.Domains
$DnsRoot = $(get-addomain).DNSroot

##----------Build Forest DN----------
$ForestDNItems = $ForestName.ToString().Split('.')
$ctr = 1
[string]$out = $null
Foreach($ForestDNItem In $ForestDNItems)
        $out += 'DC=' + $ForestDNItem
        $ctr += 1
            if($ctr -le $ForestDNItems.count)
                    $out = $out + ','
$ForestDN = $out
$item = $ForestDNItems[0]

#----------Build Custom Expression----------
 $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
 $objSearcher.SearchRoot = "LDAP://$ForestParCon"
 $objSearcher.Filter     = "(&(objectclass=Crossref)(dnsRoot=$DnsRoot)(netBIOSName=*))"
 $dataList = @()
 Foreach($ForestDomain in $ForestDomains)
 $dataList += Get-ADDomain $ForestDomain

 If($dataList.length -eq 0) {Throw "L:No domain partitions found!"}

 $dataList | ForEach {
    $CustomExpression +=
 $CustomExpression += """Unknown"""
 for ($i=1; $i -le $dataList.length; $i++)
 $CustomExpression += ")"

 Write-Host "Domain partitions for forest"
 Write-Host "============================"
 Write-Host "Forest  : $ForestDn"
 Write-Host "DNS Root: $DnsRoot"
 $dataList | Format-List
 Write-Host "Custom Expression:"
 Write-Host $CustomExpression
 Write-Host ""
 $CustomExpression | clip
    $exMessage = $_.Exception.Message
    {write-host "`n" $exMessage.substring(2) "`n" -foregroundcolor white -backgroundcolor darkblue}
    {write-host "`nError: " $exMessage "`n" -foregroundcolor white -backgroundcolor darkred}
    Exit 1
#----------Save Custom Expression to previously selected folder----------
$Fileoutput = $Dir + "\" + "ObjectSidIIFStatement.txt"
echo $customexpression > $Fileoutput


## ##