Lance's TextBox

About Me - Also see my RSS simple services site.

| Login

510 Posts | 7 Stories | 379 Comments | 258 Trackbacks

News

Lance Robinson is a product manager and software developer in Durham, Chapel Hill, Raleigh, and surrounding areas. More about Lance.

Search My Blog:

Twitter

lmrobins My Rat Terrier, Anna http://flic....BuTJ1 about 2 days ago

lmrobins My Rat Terrier, Anna http://flic....BqHpP about 2 days ago

lmrobins RSSBus passengers http://flic....BuSvA about 2 days ago

lmrobins @stahler and everybody else - have a great weekend! about 2 days ago

lmrobins @julesm some sugar will sweeten it up about 2 days ago

lmrobins I think IE8 rides the short bus about 2 days ago

lmrobins @jowyang thats is a horrible analogy, but point taken. about 2 days ago

lmrobins Google Reader is missing me since Twitter took hold about 2 days ago

lmrobins @MikeG1 they are almost always a let-down aren't they? The temptation to read them is still so great. I think I may need a support group. about 2 days ago

lmrobins RT @JohnDCook: I didn't realize the Mono project was so mature http://bit.l...ES => cross platform media player about 2 days ago

Post Categories

Blogs

Miscellanous

Noteworthy Stuff

NetCmdlets doesn't have a long list of Active Directory cmdlets for PowerShell. Instead, it has 2. And they aren't AD specific - they just implement the LDAP protocol itself so they can work with any LDAP server, Active Directory or not.

Two cmdlets are all that is needed to make common tasks simple. One for setting values (set-ldap), and one for getting values (get-ldap).

Here's how I can retrieve a list of all the "admin" groups:

PS C:\> get-ldap -server myserver -cred $mycred -dn dc=JUNGLE -searchscope wholesubtree 
 -search "(&(objectclass=group)(cn=*admin*))"


Host                                                        DN
----                                                        --
testboy                                                     CN=Administrators,CN=Builtin,DC=JUNGLE
testboy                                                     CN=Schema Admins,CN=Users,DC=JUNGLE
testboy                                                     CN=Enterprise Admins,CN=Users,DC=JUNGLE
testboy                                                     CN=Domain Admins,CN=Users,DC=JUNGLE
testboy                                                     CN=DnsAdmins,CN=Users,DC=JUNGLE

PS C:\>

As you can tell, the get-ldap cmdlet is very flexible. I can specify any custom search scope and perform a search for any filter I like. This particular search filter searches for any groups that contain "admin" anywhere in the cn.

A more complete group search might have a search filter like so: "(|(|(|(objectClass=posixGroup)(objectClass=groupOfUniqueNames))(objectClass=groupOfNames))(objectClass=group))"

The cmdlet can also return all the attributes of each DN returned if I just specify the -attr flag in the get-ldap command.

Technorati Tags: PowerShell, NetCmdlets, ldap, active directory

posted on Wednesday, August 01, 2007 10:28 AM

Feedback

No comments posted yet.

Post Feedback

Title:
Name:
Email: (never displayed)
Url:
Comments:
Enter the code shown above: Remember Me?