NetCmdlets Part 3: PowerShell and Active Directory using /n software's LDAP cmdlet

MOW's "PowerShelled" blog is another awesome PowerShell resource. Of particular interest to me was MOWs series on PowerShell and Active Directory. He used the .Net System.DirectoryServices classes to do all the work.

here is how you can use /n software's LDAP cmdlet to manage directory servers like AD.

  1. The LDAP cmdlet supports plain connections as well as secure SSL connections.
  2. The LDAP cmdlet will work with any directory server, including AD, ADAM, OpenLDAP, Novell, etc.
  3. The LDAP cmdlet uses its own implementation of LDAP that has been developer tested for years, because it is built on top of the IPWorks SSL LDAPS component. So...there is no need to create an instance of System.DirectoryServices.DirectoryEntry.

First, to just test the connection the my directory server:

PS C:\ $root = get-ldap -server testboy -binddn dc=mydomain
PS C:\ $root

Host : testboy
DN : dc=mydomain
Successful : True

Instead of just binding anonymously, I can bind as a particular user (like admin):

PS C:\ $root = get-ldap -server testboy -binddn mydomain\admin -pass admin
PS C:\ $root

Host : testboy
DN : mydomain\administrator
Successful : True

Now I will search. I can specify a separate dn on which to perform the search (or I could also search using the dn that I've bound as), and the filter that I want to search for (-search). Here's a search of just the root node, which returns an array.

PS C:\ get-ldap -server testboy -binddn mydomain\admin -pass admin -dn dc=mydomain -search objectClass=*

Host DN Type Value
testboy CN=Builtin,DC=MYDOMAIN System.String[] System.String[]
testboy CN=Computers,DC=MYDOMAIN System.String[] System.String[]
testboy OU=Domain Controllers,DC=MYDOMAIN System.String[] System.String[]
testboy OU=Employees,DC=MYDOMAIN System.String[] System.String[]
testboy CN=ForeignSecurityPrincipals,DC=MYDOMAIN System.String[] System.String[]
testboy CN=Infrastructure,DC=MYDOMAIN System.String[] System.String[]
testboy OU=LancesUnit,DC=MYDOMAIN System.String[] System.String[]
testboy CN=LostAndFound,DC=MYDOMAIN System.String[] System.String[]
testboy CN=Microsoft Exchange System Objects,DC=MYDOMAIN System.String[] System.String[]
testboy CN=NTDS Quotas,DC=MYDOMAIN System.String[] System.String[]
testboy CN=Program Data,DC=MYDOMAIN System.String[] System.String[]
testboy CN=System,DC=MYDOMAIN System.String[] System.String[]
testboy CN=Users,DC=MYDOMAIN System.String[] System.String[]


I can access a particular node of the array just as any other:

PS C:\ (get-ldap -server testboy -binddn mydomain\admin -pass admin -dn dc=mydomain -search objectClass=*)[6]

Host DN Type Value
testboy OU=LancesUnit,DC=MYDOMAIN System.String[] System.String[]


What if I want to see all the attributes of this node? I can just add an -attr parameter:

PS C:\ (get-ldap -server testboy -binddn mydomain\admin -pass admin -dn dc=mydomain -search objectClass=* -attr $true)[6]

objectClass : {top, organizationalUnit}
ou : {LancesUnit}
distinguishedName : {OU=LancesUnit,DC=mydomain}
instanceType : {4}
whenCreated : {20051122214101.0Z}
whenChanged : {20051122214101.0Z}
uSNCreated : {382126}
uSNChanged : {382126}
name : {LancesUnit}
objectGUID : {?§'?Ùâ%GŸœÝš6w|¢}
objectCategory : {CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=mydomain, }
Host : testboy
DN : OU=LancesUnit,DC=mydomain


Get a list of employees:
PS C:\ get-ldap -server testboy -binddn DOMAIN\admin -pass admin -dn "ou=Employees,dc=DOMAIN" -search objectClass=*

To find a particular employee:
get-ldap -binddn DOMAIN\administrator -password admin -server testboy -dn ou=Employees,dc=DOMAIN -search cn=LRobinson

To get the attributes of a particular employee:
get-ldap -binddn DOMAIN\administrator -password admin -server testboy -dn ou=Employees,dc=DOMAIN -search cn=LRobinson -attr $true

Technorati : , , , , , ,

Print | posted on Wednesday, December 27, 2006 1:25 PM

Feedback

# re: NetCmdlets Part 3: PowerShell and Active Directory using /n software's LDAP cmdlet

Left by Jireck at 3/10/2010 11:31 AM
Gravatar Hello,

Good site on powershell !

you say :The LDAP cmdlet will work with any directory server, including AD, ADAM, OpenLDAP, Novell, etc.

I try to return a list of user with a connexion to a openldap server.

can you help me ?
I try :
get-ldap -server server.domain.fr -binddn "uid=poweruser,ou=xxx,dc=yyy" -password $secstring -dn "dc=mydc,dc=org" -search "cn=name"

How I insert $secstring password
i have can't convert System.String to System.Security.SecureString

Your comment:





 
 

Copyright © Lance Robinson

Design by Bartosz Brzezinski

Design by Phil Haack Based On A Design By Bartosz Brzezinski