LDAP - Search for Active Directory Groups in PowerShell

News

Search My Blog:

My Stats

Posts - 472
Comments - 277
Trackbacks - 265

Twitter

lmrobins Finally got my Azure invitation code. No clue when I'll actually be able to use it. about 3 hours ago

lmrobins Oops...nope. Apples iTunes will not give me MP3s. Too bad, so sad. Yay for Amazon MP3! about 21 hours ago

lmrobins iTunes might actually get some of my money after they go DRM free about 21 hours ago

lmrobins Grillin up some pork chops! Mmmmmmm about 4 days ago

lmrobins Lance thinks PowerShell and RSSBus together make a powerful punch! about 4 days ago

lmrobins @Scobleizer attrs of enterprise 2.0 could be social collab, but also data portability, exposed data normalization, simple services, etc about 4 days ago

lmrobins @Scobleizer enterprise 2.0 does not require social collaboration be baked in about 4 days ago

lmrobins Dear God, in the winter when it gets dark before I get off work, please only let it rain on weekdays when I am sitting at my desk. Thanks. about 4 days ago

lmrobins somebody just asked me this: How can I download your podcasts with my iPhone 3G? about 4 days ago

lmrobins @twhirl please stop showing read tweets after a restart. about 4 days ago

Post Categories

Blogs

Miscellanous

Noteworthy Stuff

LDAP - Search for Active Directory Groups in PowerShell

NetCmdlets doesn't have a long list of Active Directory cmdlets for PowerShell. Instead, it has 2. And they aren't AD specific - they just implement the LDAP protocol itself so they can work with any LDAP server, Active Directory or not.

Two cmdlets are all that is needed to make common tasks simple. One for setting values (set-ldap), and one for getting values (get-ldap).

Here's how I can retrieve a list of all the "admin" groups:

PS C:\> get-ldap -server myserver -cred $mycred -dn dc=JUNGLE -searchscope wholesubtree 
 -search "(&(objectclass=group)(cn=*admin*))"


Host                                                        DN
----                                                        --
testboy                                                     CN=Administrators,CN=Builtin,DC=JUNGLE
testboy                                                     CN=Schema Admins,CN=Users,DC=JUNGLE
testboy                                                     CN=Enterprise Admins,CN=Users,DC=JUNGLE
testboy                                                     CN=Domain Admins,CN=Users,DC=JUNGLE
testboy                                                     CN=DnsAdmins,CN=Users,DC=JUNGLE

PS C:\>

As you can tell, the get-ldap cmdlet is very flexible. I can specify any custom search scope and perform a search for any filter I like. This particular search filter searches for any groups that contain "admin" anywhere in the cn.

A more complete group search might have a search filter like so: "(|(|(|(objectClass=posixGroup)(objectClass=groupOfUniqueNames))(objectClass=groupOfNames))(objectClass=group))"

The cmdlet can also return all the attributes of each DN returned if I just specify the -attr flag in the get-ldap command.

Technorati Tags: PowerShell, NetCmdlets, ldap, active directory

posted @ Wednesday, August 01, 2007 10:28 AM | Filed Under [ PowerShell ]

Comments

No comments posted yet.

Lance's TextBox

About Me - Also see my RSS simple services site.

News

My Stats

Twitter

Tag Cloud

Recent Comments

Recent Posts

Archives

Post Categories

Blogs

Miscellanous

Noteworthy Stuff

Popular Posts

LDAP - Search for Active Directory Groups in PowerShell

posted @ Wednesday, August 01, 2007 10:28 AM | Filed Under [ PowerShell ]

Comments