Geeks With Blogs

News

qrcode

Lance Robinson

Create Your Badge

Lance Robinson is a software engineer in Durham, Chapel Hill, Raleigh, and surrounding areas. More about Lance.

 Subscribe


Lance's TextBox » About Me » My Resume »Twitter

NetCmdlets doesn't have a long list of Active Directory cmdlets for PowerShell.  Instead, it has 2.  And they aren't AD specific - they just implement the LDAP protocol itself so they can work with any LDAP server, Active Directory or not.

 

Two cmdlets are all that is needed to make common tasks simple.  One for setting values (set-ldap), and one for getting values (get-ldap).

Here's how I can retrieve a list of all the "admin" groups:

PS C:\> get-ldap -server myserver -cred $mycred -dn dc=JUNGLE -searchscope wholesubtree 
-search "(&(objectclass=group)(cn=*admin*))"


Host DN
---- --
testboy CN=Administrators,CN=Builtin,DC=JUNGLE
testboy CN=Schema Admins,CN=Users,DC=JUNGLE
testboy CN=Enterprise Admins,CN=Users,DC=JUNGLE
testboy CN=Domain Admins,CN=Users,DC=JUNGLE
testboy CN=DnsAdmins,CN=Users,DC=JUNGLE

PS C:\>

As you can tell, the get-ldap cmdlet is very flexible.  I can specify any custom search scope and perform a search for any filter I like.  This particular search filter searches for any groups that contain "admin" anywhere in the cn. 

A more complete group search might have a search filter like so:  "(|(|(|(objectClass=posixGroup)(objectClass=groupOfUniqueNames))(objectClass=groupOfNames))(objectClass=group))"

The cmdlet can also return all the attributes of each DN returned if I just specify the -attr flag in the get-ldap command.

 

Posted on Wednesday, August 1, 2007 10:28 AM PowerShell | Back to top


Comments on this post: LDAP - Search for Active Directory Groups in PowerShell

No comments posted yet.
Your comment:
 (will show your gravatar)


Copyright © Lance Robinson | Powered by: GeeksWithBlogs.net