v0.6.0

What's Changed

• Handle unknown DNS lookup failure by @jborean93 in #80
• Use case insensitive check for requested props by @jborean93 in #83
• Pass-through env var for coverage collection by @jborean93 in #84
• Migrate to Alma for test runner by @jborean93 in #75
• Add default realm fallback on the krb5 ccache principal by @0xced in #86
• Update the publish task version for CVE by @jborean93 in #87
• Refactor Kerberos and make state Runspace by @jborean93 in #88

v0.6.0 - 2025-03-12

• Raised minimum PowerShell version to 7.4
• Updated DnsClient to 1.8.0 for some minor bugfixes
• Ensure a failure in a DNS lookup does not stop the module from importing but only errors when the value is used.
• Use a case insensitive lookup for requested properties and the returned LDAP attributes
• Add fallback for Linux/macOS default realm lookup to use the ccache principal realm if present
• Properly store AD sessions in a Runspace specific storage allowing multiple runspaces to run in parallel without affecting each other

New Contributors

• @0xced made their first contribution in #86

Full Changelog: v0.5.0...v0.6.0

v0.5.0

What's Changed

• Migrate to new build process by @jborean93 in #74
• Add Set-OpenADObject by @jborean93 in #76
• Add Move-OpenADObject and Rename-OpenADObject by @jborean93 in #77

v0.5.0 - 2024-03-21

• Added the following cmdlets:
  • Move-OpenADObject: Moves an AD object to another container
  • Rename-OpenADObject: Changes the name of an AD object
  • Set-OpenADObject: Sets existing AD objects
• Fix up deadlock when reading the AD schema with an auxiliary class that inherits from top

Full Changelog: v0.4.1...v0.5.0

v0.4.1

What's Changed

• Fix up SSPI context lifetime by @jborean93 in #73

v0.4.1 - 2023-10-16

• Fix up safe SSPI context handle lifetime handling to avoid process crash

Full Changelog: v0.4.0...v0.4.1

v0.4.0

What's Changed

• Use signing key from Azure by @jborean93 in #64
• Update CI steps for new Azure signing key workflow by @jborean93 in #65
• Fix up compiler warning for nullable operation by @jborean93 in #66
• Move to ALC based build by @jborean93 in #67
• Add cmdlets for adding and removing AD objects by @jborean93 in #68
• Added Get-OpenADRootDSE by @jborean93 in #69
• Prepare for v0.4.0 release by @jborean93 in #70

v0.4.0 - 2023-09-05

• Moved module code into a separate Assembly Load Context to avoid assembly conflicts for dependencies
• Added the following cmdlets:
  • New-OpenADObject: Creates new AD objects
  • Remove-OpenADObject: Removes AD objects
  • Get-OpenADRootDSE: Get the root directory server information tree
• Fixed up -LDAPFilter logic to align the \ escaping behaviour with OpenLDAP and the Get-AD* cmdlets
  • Before a filter with the char \ had to have 2 more chars [A-F0-9] which represented the characters hex value
  • Now if the \ does not have 2 characters after or they don't match the hex pattern, the \ and subsequent values are treated literally
• Fixed up some binary length calculations for the PSOpenAD.Security classes

Full Changelog: v0.3.0...v0.4.0

v0.3.0

What's Changed

• Fix CI failures by @jborean93 in #57
• Catch errors from ResolveService() when importing by @theaquamarine in #59
• Improve comments explaining primary group filter by @theaquamarine in #58
• Update CI workflow and settings by @jborean93 in #60
• Add Get-OpenADPrincipalGroupMembership cmdlet by @theaquamarine in #61
• SecurityIdentifier properties, methods, and operators by @theaquamarine in #62

Full Changelog: v0.2.0...v0.3.0

v0.2.0

v0.2.0 - 2022-11-04

• Added Get-OpenADGroupMember that returns members of a group by @theaquamarine in #54 - thanks @theaquamarine

New Contributors

• @theaquamarine made their first contribution in #54

Full Changelog: v0.1.1...v0.2.0

v0.1.1

v0.1.1 - 2022-07-28

• Fix up case insensitive matching for requested LDAP attributes/properties.

v0.1.0

v0.1.0 - 2022-07-09

• Fix up Get-OpenAD* calls where there is no valid metadata to calculate the valid properties.
• Minor tweaks to error messages when using an un-authenticated bind.

v0.1.0-preview5

v0.1.0-preview5 - 2022-06-27

• Fix up edge case for calculating input LDAP message lengths causing an unpack exception
• Make the AD object properties in a Get-* operation return with the first character in upper case to fit the PowerShell standard
• Validate the requested -Properties on Get-OpenAD* cmdlets are valid for the object class that is being queried
  • Invalid properties/attributes will result in a pipeling terminating error
• Various fixes to the tab completion of -Properties on Get-OpenAD*
  • The order will now be in alphabetical order
  • Include attributes that are defined on auxiliary types as well as sub types
• Ensures that the -Properties selected on Get-OpenAD* will exist in the output object
  • If a property was requested but not set on the LDAP object, the property will now be set to $null rather than be missing
  • This is a change from the Microsoft ActiveDirectory module which omits the properties entirely if the attribute did not have a value
• Ensure connections that have timed out are not reused causing a deadlock
• Ensure Get-OpenADUser also filtered by (objectClass=user) to avoid pulling in contacts

v0.1.0-preview4

v0.1.0-preview4 - 2022-06-15

• Added error handling for search request that ends with a referral
  • Currently the cmdlet will emit an error record with the referral URI which is similar to what the AD cmdlets do
• Have exceptions in the background recv thread tasks bubble up as inner exceptions to preserve the stack trace for better debugging
• Fix authentication with explicit credential on Windows
• Added -TracePath to New-OpenADSessionOption to help debug raw LDAP traffice exchanged in a session.
• Fix credential prompt when specifying -Credential my-username for a PSCredential parameter
• Have Get-OpenADWhoami return an object with more details on the LDAP session, like the domain controller DNS name, URI, and authentication method used.
  • The returned username value will also strip the leading u: prefix if it is present
• Added the DomainController property to the OpenADSession class to help identify the domain controller the session is connected to
• Fixed the default parameter sets of the Get-OpenAD* cmdlets to always use the default LDAP filter that selects all of that type unless an explicit filter or identity was provided
• Added -ClientCertificate to New-OpenADSessionOption that is used to authenticate using a client X.509 certificate
• Raise UnpackLDAPMessageException when failing to unpack a response from the server.
  • The exception contains the LDAPMessage property which is the raw byte string that was being unpacked.
• Added the DomainController property to the results of any Get-OpenAD* objects to help identify what domain controller returned that information