santisq/Convert-ADFilter.ps1

## Convert-ADFilter.ps1
using module ActiveDirectory
using namespace System.Reflection

function Convert-ADFilter {
    <#
    .SYNOPSIS
        Converts PowerShell-style filters used by the AD module into LDAP filters.

    .DESCRIPTION
        Convert-ADFilter uses the QueryParser from the AD module to convert PowerShell-style filters into LDAP
        filters.

        A connection to Active Directory is required to support a number of the value conversion methods used by
        the module. This command only supports default connections at this time.

        This command can be used to test filter conversion.

    .EXAMPLE
        $dn = 'CN=something,DC=domain,DC=com'
        $filter = '(name -like "something*" -or name -like "otherthing*") -and member -recursivematch $dn'
        Convert-ADFilter -Filter $filter

        Generates the LDAP filter (&(|(name=something*)(name=otherthing*))(member:1.2.840.113556.1.4.1941:=CN=something,DC=domain,DC=com))

    .EXAMPLE
        $date = Get-Date
        Convert-ADFilter -Filter 'lastLogonTimeStamp -lt $date'

        When an AD connection is available, generates the date-based filter.

    .EXAMPLE
        Convert-ADFilter -Filter 'LastLogonDate -lt "01/01/1601"'

        When an AD connection is available, generates the date-based filter.

    .EXAMPLE
        Convert-ADFilter -Filter 'enabled -eq $true'

        Generates the LDAP filter (!(userAccountControl:1.2.840.113556.1.4.803:=2))

    .EXAMPLE
        Convert-ADFilter -Filter 'objectGuid -eq "3af47167-c542-41c2-87cb-7a25032b2dec"'

        Generates the LDAP filter (objectGUID=\67\71\F4\3A\42\C5\C2\41\87\CB\7A\25\03\2B\2D\EC)
    #>

    [CmdletBinding()]
    param (
        # The filter to convert.
        [Parameter(Mandatory, Position = 1)]
        [Microsoft.ActiveDirectory.Management.Commands.TransformFilter()]
        [String] $Filter,

        # The command name affects the property mapping tables used to convert friendly attribute names into
        # AD attribute names.
        [ValidateNotNullOrEmpty()]
        [String] $CommandName = 'Get-ADUser'
    )

    try {
        $implementingType = (Get-Command -Name $CommandName -ErrorAction Stop).ImplementingType
        $assembly = $implementingType.Assembly

        $commandInstance = $implementingType::new()
        # SessionState must be set to support variable lookups
        [PowerShell].Assembly.GetType('System.Management.Automation.Internal.InternalCommand').
            GetField('state', 'Instance, NonPublic').
            SetValue($commandInstance, $executioncontext.SessionState)

        $factory = $implementingType.
            GetField('_factory', 'Instance, NonPublic').
            GetValue($commandInstance)

        try {
            # Required to support advanced attribute value type conversions
            $cmdletSessionInfo = $implementingType.InvokeMember(
                'GetCmdletSessionInfo',
                [BindingFlags]'Instance, NonPublic, InvokeMethod',
                $null,
                $commandInstance,
                @()
            )
        } catch {
            Write-Debug -Message $_.Exception.GetBaseException().Message

            # Limited offline support
            $cmdletSessionInfo = $assembly.GetType('Microsoft.ActiveDirectory.Management.Commands.CmdletSessionInfo').
                GetConstructor(@()).
                Invoke(@())
        }

        $factory.GetType().InvokeMember(
            'SetCmdletSessionInfo',
            [BindingFlags]'Instance, NonPublic, InvokeMethod',
            $null,
            $factory,
            @($cmdletSessionInfo)
        )

        # Create the SearchFilterConverterDelegate
        $convertSearchFilterDelegateType = $assembly.GetType('Microsoft.ActiveDirectory.Management.ConvertSearchFilterDelegate')

        $convertSearchFilterDelegate = $factory.
            GetType().
            GetMethod('BuildSearchFilter', [BindingFlags]'Instance, NonPublic').
            CreateDelegate($convertSearchFilterDelegateType, $factory)

        # Create the VariableExpressionConverter
        $evaluateVariableDelegateType = $assembly.GetType('Microsoft.ActiveDirectory.Management.EvaluateVariableDelegate')
        $evaluateVariableDelegate = $implementingType.
            GetMethod('EvaluateFilterVariable', [BindingFlags]'Instance, NonPublic').
            CreateDelegate($evaluateVariableDelegateType, $commandInstance)

        $variableExpressionConverterType = $assembly.GetType('Microsoft.ActiveDirectory.Management.VariableExpressionConverter')
        $variableExpressionConverter = $variableExpressionConverterType.
            GetConstructor('Instance, NonPublic', $null, @($evaluateVariableDelegateType), @()).
            Invoke(@($evaluateVariableDelegate))
    } catch {
        $PSCmdlet.ThrowTerminatingError($_)
    }

    try {
        # QueryParser
        $queryParserType = $assembly.GetType('Microsoft.ActiveDirectory.Management.QueryParser')
        $queryParser = $queryParserType.GetConstructor(
            'Instance, NonPublic',
            $null,
            @([String], $variableExpressionConverterType, $ConvertSearchFilterDelegateType),
            @()
        ).Invoke(@(
            $Filter,
            $variableExpressionConverter,
            $convertSearchFilterDelegate
        ))

        $filterExpressionTree = $queryParserType.
            GetProperty('FilterExpressionTree', [BindingFlags]'Instance, NonPublic').
            GetValue($queryParser)

        # Get the LDAP filter
        $filterExpressionTree.GetType().InvokeMember(
            'Microsoft.ActiveDirectory.Management.IADOPathNode.GetLdapFilterString',
            [BindingFlags]'Instance, NonPublic, InvokeMethod',
            $null,
            $filterExpressionTree,
            @()
        )
    } catch {
        Write-Error -ErrorRecord $_
    }
}
	using module ActiveDirectory
	using namespace System.Reflection

	function Convert-ADFilter {
	<#
	.SYNOPSIS
	Converts PowerShell-style filters used by the AD module into LDAP filters.

	.DESCRIPTION
	Convert-ADFilter uses the QueryParser from the AD module to convert PowerShell-style filters into LDAP
	filters.

	A connection to Active Directory is required to support a number of the value conversion methods used by
	the module. This command only supports default connections at this time.

	This command can be used to test filter conversion.

	.EXAMPLE
	$dn = 'CN=something,DC=domain,DC=com'
	$filter = '(name -like "something" -or name -like "otherthing") -and member -recursivematch $dn'
	Convert-ADFilter -Filter $filter

	Generates the LDAP filter (&(\|(name=something)(name=otherthing))(member:1.2.840.113556.1.4.1941:=CN=something,DC=domain,DC=com))

	.EXAMPLE
	$date = Get-Date
	Convert-ADFilter -Filter 'lastLogonTimeStamp -lt $date'

	When an AD connection is available, generates the date-based filter.

	.EXAMPLE
	Convert-ADFilter -Filter 'LastLogonDate -lt "01/01/1601"'

	When an AD connection is available, generates the date-based filter.

	.EXAMPLE
	Convert-ADFilter -Filter 'enabled -eq $true'

	Generates the LDAP filter (!(userAccountControl:1.2.840.113556.1.4.803:=2))

	.EXAMPLE
	Convert-ADFilter -Filter 'objectGuid -eq "3af47167-c542-41c2-87cb-7a25032b2dec"'

	Generates the LDAP filter (objectGUID=\67\71\F4\3A\42\C5\C2\41\87\CB\7A\25\03\2B\2D\EC)
	#>

	[CmdletBinding()]
	param (
	# The filter to convert.
	[Parameter(Mandatory, Position = 1)]
	[Microsoft.ActiveDirectory.Management.Commands.TransformFilter()]
	[String] $Filter,

	# The command name affects the property mapping tables used to convert friendly attribute names into
	# AD attribute names.
	[ValidateNotNullOrEmpty()]
	[String] $CommandName = 'Get-ADUser'
	)

	try {
	$implementingType = (Get-Command -Name $CommandName -ErrorAction Stop).ImplementingType
	$assembly = $implementingType.Assembly

	$commandInstance = $implementingType::new()
	# SessionState must be set to support variable lookups
	[PowerShell].Assembly.GetType('System.Management.Automation.Internal.InternalCommand').
	GetField('state', 'Instance, NonPublic').
	SetValue($commandInstance, $executioncontext.SessionState)

	$factory = $implementingType.
	GetField('_factory', 'Instance, NonPublic').
	GetValue($commandInstance)

	try {
	# Required to support advanced attribute value type conversions
	$cmdletSessionInfo = $implementingType.InvokeMember(
	'GetCmdletSessionInfo',
	[BindingFlags]'Instance, NonPublic, InvokeMethod',
	$null,
	$commandInstance,
	@()
	)
	} catch {
	Write-Debug -Message $_.Exception.GetBaseException().Message

	# Limited offline support
	$cmdletSessionInfo = $assembly.GetType('Microsoft.ActiveDirectory.Management.Commands.CmdletSessionInfo').
	GetConstructor(@()).
	Invoke(@())
	}

	$factory.GetType().InvokeMember(
	'SetCmdletSessionInfo',
	[BindingFlags]'Instance, NonPublic, InvokeMethod',
	$null,
	$factory,
	@($cmdletSessionInfo)
	)

	# Create the SearchFilterConverterDelegate
	$convertSearchFilterDelegateType = $assembly.GetType('Microsoft.ActiveDirectory.Management.ConvertSearchFilterDelegate')

	$convertSearchFilterDelegate = $factory.
	GetType().
	GetMethod('BuildSearchFilter', [BindingFlags]'Instance, NonPublic').
	CreateDelegate($convertSearchFilterDelegateType, $factory)

	# Create the VariableExpressionConverter
	$evaluateVariableDelegateType = $assembly.GetType('Microsoft.ActiveDirectory.Management.EvaluateVariableDelegate')
	$evaluateVariableDelegate = $implementingType.
	GetMethod('EvaluateFilterVariable', [BindingFlags]'Instance, NonPublic').
	CreateDelegate($evaluateVariableDelegateType, $commandInstance)

	$variableExpressionConverterType = $assembly.GetType('Microsoft.ActiveDirectory.Management.VariableExpressionConverter')
	$variableExpressionConverter = $variableExpressionConverterType.
	GetConstructor('Instance, NonPublic', $null, @($evaluateVariableDelegateType), @()).
	Invoke(@($evaluateVariableDelegate))
	} catch {
	$PSCmdlet.ThrowTerminatingError($_)
	}

	try {
	# QueryParser
	$queryParserType = $assembly.GetType('Microsoft.ActiveDirectory.Management.QueryParser')
	$queryParser = $queryParserType.GetConstructor(
	'Instance, NonPublic',
	$null,
	@([String], $variableExpressionConverterType, $ConvertSearchFilterDelegateType),
	@()
	).Invoke(@(
	$Filter,
	$variableExpressionConverter,
	$convertSearchFilterDelegate
	))

	$filterExpressionTree = $queryParserType.
	GetProperty('FilterExpressionTree', [BindingFlags]'Instance, NonPublic').
	GetValue($queryParser)

	# Get the LDAP filter
	$filterExpressionTree.GetType().InvokeMember(
	'Microsoft.ActiveDirectory.Management.IADOPathNode.GetLdapFilterString',
	[BindingFlags]'Instance, NonPublic, InvokeMethod',
	$null,
	$filterExpressionTree,
	@()
	)
	} catch {
	Write-Error -ErrorRecord $_
	}
	}