Private/Get-AdObjectType.ps1

function Get-AdObjectType {
    <#
    .SYNOPSIS
        Retrieves the type of an Active Directory object based on the provided identity.
 
    .DESCRIPTION
         The Get-AdObjectType function determines the type of an Active Directory object based on the given identity.
        It supports various object types, including AD users, computers, groups, organizational units, and group managed service accounts.
        The function can handle different input formats such as AD objects, DistinguishedName, SamAccountName, SID, and GUID.
        It also includes support for Well-Known SIDs.
 
    .PARAMETER Identity
        Specifies the identity of the Active Directory object. This parameter is mandatory.
 
        Accepted values:
        - ADAccount object
        - ADComputer object
        - ADGroup object
        - ADOrganizationalUnit object
        - ADServiceAccount object
        - String representing DistinguishedName
        - String representing SID (including Well-Known SIDs)
        - String representing samAccountName (including Well-Known SID name)
        - String representing GUID
 
 
    .EXAMPLE
        Get-AdObjectType -Identity "davader"
        Retrieves the type of the Active Directory object with the SamAccountName "davader".
 
    .EXAMPLE
        Get-AdObjectType -Identity "CN=davade,OU=Users,OU=BAAD,OU=Sites,DC=EguibarIT,DC=local"
        Retrieves the type of the Active Directory object with the
        DistinguishedName "CN=davade,OU=Users,OU=BAAD,OU=Sites,DC=EguibarIT,DC=local".
 
    .EXAMPLE
        Get-AdObjectType -Identity "S-1-5-21-3484526001-1877030748-1169500100-1646"
        Retrieves the type of the Active Directory object with the
        SID "S-1-5-21-3484526001-1877030748-1169500100-1646".
 
    .EXAMPLE
        Get-AdObjectType -Identity "35b764b7-06df-4509-a54f-8fd4c26a0805"
        Retrieves the type of the Active Directory object with the GUID
        "35b764b7-06df-4509-a54f-8fd4c26a0805".
 
    .OUTPUTS
        Microsoft.ActiveDirectory.Management.ADAccount or
        Microsoft.ActiveDirectory.Management.ADComputer or
        Microsoft.ActiveDirectory.Management.ADGroup or
        Microsoft.ActiveDirectory.Management.ADOrganizationalUnit or
        Microsoft.ActiveDirectory.Management.ADServiceAccount
 
    .NOTES
        Version: 1.3
            DateModified: 2/Oct/2024
            LasModifiedBy: Vicente Rodriguez Eguibar
                vicente@eguibar.com
                Eguibar Information Technology S.L.
                http://www.eguibarit.com
    #>


    [CmdletBinding(SupportsShouldProcess = $false, ConfirmImpact = 'low')]
    [OutputType(
        [Microsoft.ActiveDirectory.Management.ADAccount],
        [Microsoft.ActiveDirectory.Management.ADComputer],
        [Microsoft.ActiveDirectory.Management.ADGroup],
        [Microsoft.ActiveDirectory.Management.ADOrganizationalUnit],
        [Microsoft.ActiveDirectory.Management.ADServiceAccount])
    ]

    Param (
        # Param1
        [Parameter(Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true,
            ValueFromRemainingArguments = $false,
            HelpMessage = 'Identity of the object',
            Position = 0)]
        [ValidateNotNullOrEmpty()]
        [Alias('ID', 'SamAccountName', 'DistinguishedName', 'DN', 'SID', 'GUID')]
        $Identity
    )

    Begin {
        $txt = ($Variables.HeaderHousekeeping -f
            (Get-Date).ToShortDateString(),
            $MyInvocation.Mycommand,
            (Get-FunctionDisplay -HashTable $PsBoundParameters -Verbose:$False)
        )
        Write-Verbose -Message $txt

        ##############################
        # Module imports

        Import-MyModule -Name 'ActiveDirectory' -Verbose:$false

        ##############################
        # Variables Definition

        $ReturnValue = $null
        $newObject = $null

    } # End Begin Section

    Process {

        try {
            # Known Identities OR AD Objects
            if (
                $Identity -is [Microsoft.ActiveDirectory.Management.ADAccount] -or
                $Identity -is [Microsoft.ActiveDirectory.Management.ADComputer] -or
                $Identity -is [Microsoft.ActiveDirectory.Management.ADGroup] -or
                $Identity -is [Microsoft.ActiveDirectory.Management.ADOrganizationalUnit] -or
                $Identity -is [Microsoft.ActiveDirectory.Management.ADServiceAccount]
            ) {

                Write-Verbose -Message (' ┝━━━━━━► Known AD Object Type: {0}' -f $Identity.GetType().Name)
                $ReturnValue = $Identity

            } elseif ($Identity -is [string]) {

                Write-Verbose -Message ('Identity is a string: {0}. Trying to resolve it!' -f $Identity)

                # Check if it's a well-known SID name (including Foreign Security Principals)
                $sid = Test-NameIsWellKnownSid -Name $Identity

                if ($sid) {
                    Write-Verbose -Message ('Found well-known SID for name: {0}. Returning SecurityIdentifier object.' -f $Identity)
                    $ReturnValue = $sid
                } else {
                    if (Test-IsValidDN -ObjectDN $Identity) {

                        Write-Verbose -Message 'Looking for DistinguishedName'
                        $newObject = Get-ADObject -Filter { DistinguishedName -like $Identity }

                    } elseif (Test-IsValidSID -ObjectSID $Identity) {

                        Write-Verbose -Message 'Looking for ObjectSID'
                        $newObject = Get-ADObject -Filter { ObjectSID -like $Identity }

                    } elseif (Test-IsValidGUID -ObjectGUID $Identity) {

                        Write-Verbose -Message 'Looking for ObjectGUID'
                        $newObject = Get-ADObject -Filter { ObjectGUID -like $Identity }

                    } else {

                        Write-Verbose -Message 'Looking for SamAccountName'
                        $newObject = Get-ADObject -Filter { (Name -like $identity) -or (SamAccountName -like $identity) }

                    } #end If-ElseIf-Else

                } #end If WellKnownSid

            } #end If-ElseIf Identity

        } Catch {
            throw ('Unsupported Identity type: {0}' -f $Identity.GetType().Name)
            return $null
        } #end If-ElseIf-Else




        If ($newObject -and (-not $ReturnValue)) {
            # once we have the object, lets get it from AD
            Switch ($newObject.ObjectClass) {

                'user' {
                    Write-Verbose -Message '# ┝━━━━━━━━━━► AD User Object from STRING'
                    [Microsoft.ActiveDirectory.Management.ADAccount]$ReturnValue = Get-ADUser -Identity $newObject
                }

                'group' {
                    Write-Verbose -Message '# ┝━━━━━━━━━━► AD Group Object from STRING'
                    [Microsoft.ActiveDirectory.Management.AdGroup]$ReturnValue = Get-ADGroup -Identity $newObject
                }

                'computer' {
                    Write-Verbose -Message '# ┝━━━━━━━━━━► AD Computer Object from STRING'
                    [Microsoft.ActiveDirectory.Management.ADComputer]$ReturnValue = Get-ADComputer -Identity $newObject
                }

                'organizationalUnit' {
                    Write-Verbose -Message '# ┝━━━━━━━━━━► AD Organizational Unit Object from STRING'
                    [Microsoft.ActiveDirectory.Management.organizationalUnit]$ReturnValue = Get-ADOrganizationalUnit -Identity $newObject
                }

                'msDS-GroupManagedServiceAccount' {
                    Write-Verbose -Message '# ┝━━━━━━━━━━► AD Group Managed Service Account from STRING'
                    [Microsoft.ActiveDirectory.Management.ADServiceAccount]$ReturnValue = Get-ADServiceAccount -Identity $newObject
                }

                Default {
                    Write-Error -Message ('# ┝━━━━━━━━━━► Unknown object type for identity: {0}' -f $Identity)

                    return $null
                }
            } # End Switch

        } #end If

    } # End Process Section

    End {
        $txt = ($Variables.FooterHousekeeping -f $MyInvocation.InvocationName,
            'getting AD object type (Private Function).'
        )
        Write-Verbose -Message $txt

        if ($null -ne $ReturnValue) {
            Write-Output $ReturnValue
        } #end If
    } # End End Section

} #end Function