This blog post is part of my second series about powershell classes,but this time, it is in collaboration with 4sysops.com

This series has a total of 6 posts that covers everything that needs to be known about powershell classes. You will learn how to use powershell classes to manage your Active Directory going gradually through complex concepts until you are a pro with classes. I recommend you follow each step chronologically since we are building a class from bottom up and keep adding new blocks of code in each chapter.

Quick reference:

  1. Introduction (here)
  2. Properties (here)
  3. Methods (here)
  4. Constructors (here)
  5. Inheritance (here)
  6. Polymorphism (here) This post

All the examples that are present on this page, and more globally throughout this series, are available on my github page here. (Exact reference to the file will be provided throughout the series).

Alternatively, I recommend you also read the first series I wrote on powershell classes. It will give you another concrete example, and walk you through some things that might not be fully covered in this series.

Using polymorphism in PowerShell classes

Classes are terrific!  I love them ! They can really give us a great amount of flexibility if we use them correctly. Until know, we have been using them only to create objects, and attach methods to them. Today, we will highlight another great feature of object oriented programming: Polymorphism (!).
You will see in this article how easy it can be to implement an inheritance relationship between two classes, and why you actually really want to start using it in your scripts. We will learn the fundamentals of “Polymorphism in powershel” which might add an extra layer of complexity (at first only!), but on the long term, it will definitely add a HUGE layer of flexibility to our code, with just a few simple lines.

Definition

First things first, lets look up the definition of Polymorphism in Wikipedia:

Polymorphism is the provision of a single interface to entities of different types. A polymorphic type is one whose operations can also be applied to values of some other type, or types.

Note: Starting to work with polymorphism makes only sense if you have assimilated all the basics of classes, specifically inheritance. If you would like to fresh up your knowledge, I recommend you read the beginning of this series here, or take a shortcut here.

Polymorphism is one of the four pillars of object-oriented programming. The concepts helps us write (or refactor) code, to have our inherited classes benefits from logic located in a parent class, and that, in the most transparent way possible.

Our Solution will demonstrate inheritance and polymorphism  work together, and we will show case how we can abstract complex logic into two simple lines of code. This solution will allow us to create a user in Active directory, generate his standard name (samaccountname), set the account in an appropriate OU, and assign the user to a few specific groups depending on the type of user that is created, all of that, dynamically, and with only, two lines of code.

Class Employee

This solution is based on Enums, inheritance and polymorphism. (If you want to know more about Enums you can read this article here ). We will be using the following Enums to list some core components of our infrastructure.

Note: The following examples require at least PowerShell version 5.0 and the Active Directory powershell module to be present.

The InternalBaseGroups and ExternalBaseGroups Enums contain a list of AD group names that are respectively only for employees of type internal or employees of type external. The EmployeeType Enum contains the types of employees that are present in our organization. For now, there is Internal and External employees. To demonstrate polymorphism, we will use a parent class “employee”, which has been slightly adopted from the previous series.

If you are following along, be sure to have the global groups that are listed in the Enum “InternalBaseGroups” and “ExternalBaseGroups” created .

Please read this class Employee through, and meet me at the end of it. Do not spend too much time figuring out the details of each part of this class because I will explain the most important parts of it below (Some of the methods have been explained in detail in the previous posts of this series).

The code here under can be found under: Employee_Part4.1.ps1 on the github repository of this series.

We are going to focus on three methods:

  • AddToGroup
  • AddGroupsFromEnum
  • AddToBaseGroups

The other methods have been discussed at the beginning of this series here.

The Hidden attribute

Notice that AddToGroup and AddGroupFromEnum methods are hidden methods. Using the hidden keyword will hide the visibility when we do a get-member on our instance.

Keep in mind, that hidden properties and methods become visible when we pipe our class to get-member –force

powershell polymorphism hidden methods

Theoretically, in any other object-oriented language, we would have set the method to private. Private does not exists in Powershell (yet?), and the nearest thing to private would be hidden.

Why is it important to have hidden methods? Hidden  is the only way we have to set a scope on properties or methods in powershell.

AddGroupsFromEnum

The AddGroupsFromEnum method takes a string as input. It will list all the values (names) that the enum contains, and call the addToGroup method with each element from the list. In our case, it happens to be the name of an AD group. It will then add our user to that specific group using “Add-ADGroupMember”.

Also, we have introduced in this version of the employee class the following property

This property is important because it will contain the Enum name of our employee base type group,which will contain the list of Active directory groups we want to add to our user. The value is limited to be any string, but in our case, we it can be either InternalBaseGroups or ExternalBaseGroups.

For the polymorphism to work, it is important that the property BaseGroupEnumName is set in an inherited class, not in the Employee Class.

And finally the AddToBaseGroups method:

This method is the key to our polymorphic approach of these classes. We can see, that the method AddToBaseGroups, will actually call another method named AddGroupsFromEnum . As we discussed above, this method requires a string represents the name of an existing Enum. To keep things dynamic, the value of this string is set in our child classes under the parameter called BaseGroupsEnumName (more about that in just a minute). Using this methodology, we can use the code of our parent class, no matter which child class will be calling this method. It is agnostic to the child type (it just has to be a child from Employee).

These were the important methods and properties for our polymorphism example. Now we will create two classes that inherit from our parent class Employee, : ExternalEmployee and InternalEmployee

ExternalEmployee and InternalEmployee classes

The code here under can be found under: Employee_Part5.ps1 on the github repository of this series.

ExternalEmployee

InternalEmployee

Both classes are similar. They contain only one single constructor accepting two strings (FirstName and LastName). In the end, they just inherit everything from their parent class Employee. They have the same set of properties and methods as their parent class Employee.

Note: When you use inheritance, the parent class (in our case, Employee) must have a parameter-less constructor declared (it can be left empty). Otherwise you won’t be able to instantiate your class.

Property wise, each implementation has three new properties, which will have another value depending in which class it is located. The properties are:

  • EmployeeType
  • OU
  • BaseGroupEnumName

The PowerShell Polymorphism approach

The baseGroupEnumName is crucial in our case, because this is the link between all the classes, and binds the polymorphic approach of our solution.

Now that we have explained all the internal mechanism, we can create an instance of each, and compare the results.

To create an internal employee we will do as so:

We can see that our user has been created in the internal OU, and that the groups that are listed in the InternalBaseGroups have been added to the user.

To create an External employee we will do as so:

We can see that the user has been created in the External OU, and that the groups that are listed in the ExternalBaseGroups Enum have been added to the user. If the base groups of one of these type of users evolves, we can simply add or remove content into the appropriate Enum. It gives us flexibility, without changing any logic inside our code.

Notice how the both steps are identical. We set the values in each child class, and call inherited methods from our parent class, which actually use the properties that have been set in our child class (EmployeeType or OU for instance). We will be calling the same AddToBaseGroups method, and add our user to a different set of AD groups according to it’s type. This is how polymorphism works. And it is Awesome!

polymorpism outro:

This was the end of my second series on powershell classes. I leave the intro section here again, so you can navigate easily to the next chapter you would like to read again.

This series has a total of 6 posts that covers everything that needs to be known about powershell classes. You will learn how to use powershell classes to manage your Active Directory going gradually through complex concepts until you are a pro with classes. I recommend you follow each step chronologically since we are building a class from bottom up and keep adding new blocks of code in each chapter. The complete

Quick reference:

  1. Introduction (here)
  2. Properties (here)
  3. Methods (here)
  4. Constructors (here)
  5. Inheritance (here)
  6. Polymorphism (here) This post

All the examples that are present on this page, and more globally throughout this series, are available on my github page here. (Exact reference to the file will be provided throughout the series).

Alternatively, I recommend you also read the other series I wrote on powershell classes. It will give you another concrete example, and walk you through some things that might not be fully covered in this series.