PowerShell: how to Split an Array into smaller Arrays (Chunks)?

Splitting an array in PowerShell into smaller arrays / chunks can come quite handy from time to time.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# Creating a new array
$inArray = @(1..20)
 
# Defining the chunk size
$chunkSize = 3
$outArray = @()
$parts = [math]::Ceiling($inArray.Length / $chunkSize)
 
# Splitting the array to chunks of the same size
for($i=0; $i -le $parts; $i++){
    $start = $i*$chunkSize
    $end = (($i+1)*$chunkSize)-1
    $outArray += ,@($inArray[$start..$end])
}
 
# Printing the output array in console
$outArray | ForEach-Object { "$_" }

PowerShell Function: make a Parameter dependent of the Value of another Parameter

I had the case where I needed to make sure that one switch parameter of a PowerShell function can only be used, if another parameter had a certain value.
For example: the switch parameter -MYSWITCH can only be used if the value of the parameter -Selection is set to “POSSIBLE”.

The following PowerShell function is written to do exactly that.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
function myFunction() {
 
    [cmdletbinding(
        DefaultParameterSetName='Default'
    )]
    Param
    (
        [Parameter()]
        [String]$Selection,
 
        [Parameter(ParameterSetName='Selection')]
        [ValidateScript({ $Selection -eq 'POSSIBLE' })]
        [Switch]$MYSWITCH
    )
 
    # Print out current ParameterSet Selection
    $PSCmdlet.ParameterSetName
}
 
# Selection is POSSIBLE and therefore, the -MYSWITCH switch is allowed
myFunction -Selection POSSIBLE -MYSWITCH 
 
# Selection is IMPOSSIBLE and therefore, the -MYSWITCH switch is NOT allowed => throws an error
myFunction -Selection IMPOSSIBLE -MYSWITCH
 
# Selection is IMPOSSIBLE and therefore, the -MYSWITCH switch is NOT allowed => works well because -MYSWITCH is not used
myFunction -Selection IMPOSSIBLE

If the -Selection is set to anything different then “POSSIBLE”, using the switch -MYSWITCH just throws an error. This is the expected behavior in that case.

Active Directory PowerShell Delegate Permission to Reset User Passwords for a specific Organizational Unit

Is there an easy solution to allow Helpdesk Users to reset passwords for user accounts for a specific Active Directory Organizational Unit (OU) with PowerShell?

Yes, there is! Just use the script/function below to set the necessary Active Directory Delegation.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
function Set-ResetPasswordDelegation(){
    param(
    [string]$OrganizationalUnit,
    [string]$DelegationGroupName
    )
 
    # Configuration Parameters
    $confADRight = "ExtendedRight"
    $confDelegatedObjectType = "bf967aba-0de6-11d0-a285-00aa003049e2" # User Object Type GUID
    $confExtendedRight = "00299570-246d-11d0-a768-00aa006e0529" # Extended Right PasswordReset GUID
 
    # Collect and prepare Objects
    $delegationGroup = Get-ADGroup -Identity $DelegationGroupName
    $delegationGroupSID = [System.Security.Principal.SecurityIdentifier] $delegationGroup.SID
    $delegationGroupACL = Get-Acl -Path "AD:\$OrganizationalUnit"
 
    # Build Access Control Entry (ACE)
    $aceIdentity = [System.Security.Principal.IdentityReference] $delegationGroupSID
    $aceADRight = [System.DirectoryServices.ActiveDirectoryRights] $confADRight
    $aceType = [System.Security.AccessControl.AccessControlType] "Allow"
    $aceInheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance] "Descendents"
    $ace = New-Object System.DirectoryServices.ActiveDirectoryAccessRule($aceIdentity, $aceADRight, $aceType, $confExtendedRight, $aceInheritanceType,$confDelegatedObjectType)
 
    # Apply ACL
    $delegationGroupACL.AddAccessRule($ace)
    Set-Acl -Path "AD:\$OrganizationalUnit" -AclObject $delegationGroupACL
}
 
# Calling the function
Set-ResetPasswordDelegation -OrganizationalUnit "OU=Users,DC=pwsh,DC=ch" -DelegationGroupName "ServiceDesk-PasswordReset-Allow"