Active directory
There are 15 entries for the tag
Active directory
Here are a few one-liners that use NetCmdlets. Some of these I've blogged about before, some are new. Let me know if you have questions, which ones you find useful, or how you altered these to suit your own needs. Send email to a list of recipient addresses: import-csv users.csv | % { send-email -to $_.email -from lance@nsoftware.com -subject "Important Email" –message "Hello World!" -server 10.0.1.1 } Show the access control list for a specific Exchange folder: get-imap -server $mymailserver -cred...
This post is the fourth in a series of postings, containing examples of SharePoint WebParts that anybody can build all by themselves. To read all posts in this series, or to get started with the RSSBus WebPart, go here. #4 – List Active Directory Groups and Users This web part will list each user group and its members, as defined in your Active Directory (or other LDAP server) installation. Step one is to make sure you have the RSSBus Web Part installed. See here for instructions. Step two, make...
10 DIY SharePoint Web Parts 10 DIY SharePoint Web Parts is a series of postings containing examples of SharePoint WebParts that anybody can build all by themselves. These examples will require the use of the highly acclaimed RSSBus SharePoint WebPart. The RSSBus SharePoint Web Part isn’t like most others – it cannot be called a uni-tasker. It is the most exciting thing I’ve had the pleasure to work with in quite a while... its just a thing of beauty. What does it do? It lets you expose data to SharePoint...
I saw Jeff Hicks’ great Get-LocalMember post this morning, in which he has extensive demonstration of retrieving information about AD group members. I thought it might be a good time to show some of the power of the get-ldap cmdlet. Yes, using the get-ldap cmdlet does require familiarity with the LDAP protocol itself, so in this way it is for more advanced users who just need to do quick LDAP operations without a lot of required coding and with just one universal cmdlet. So, how do I list the group...
The userAccountControl attribute is used to control the access of a user account. This value can be set to the bitwise OR of a set of flag values, documented here: Property flag Value in hexadecimal Value in decimal SCRIPT 0x0001 1 ACCOUNTDISABLE 0x0002 2 HOMEDIR_REQUIRED 0x0008 8 LOCKOUT 0x0010 16 PASSWD_NOTREQD 0x0020 32 PASSWD_CANT_CHANGE Note You cannot assign this permission by directly modifying the UserAccountControl attribute. For information about how to set the permission programmatically,...
PS C:\> get-ldap -server testboy -cred $mycred -dn dc=JUNGLE -searchscope wholesubtree -search "(&(objectclass=user)(o... Again, there's no need for dozens of LDAP cmdlets. The two LDAP cmdlets included in NetCmdlets, get-ldap and set-ldap, are all you need for most tasks. The above command shows how you would search for disabled user accounts with the get-ldap cmdlet. Technorati Tags: PowerShell, LDAP, Active directory,...
In my previous posts about LDAP group membership, I've talked about how to get a list of groups, how to search for a particular groups members, and how to search for what groups a particular user belongs to. Up next: how to change group membership. To add or remove a user from a group, you need to modify the "member" attribute of the group itself. To do this we'll use the set-ldap cmdlet of NetCmdlets. Add a user to a group: To add a user to a group, set the DN parameter of set-ldap to the DN of...
In the last LDAP series post, I mentioned how to search for the members of a group. Now the opposite, here's how to search for what groups a particular user is a part of: To do this search, all I do is form a search filter that is searching for all groups that has a particular member in it. So really this is a slight alteration of the search for all groups. PS C:\> get-ldap -server testboy -cred $mycred -dn dc=JUNGLE -searchscope wholesubtree -search "(&(member=CN=Lance Robinson,CN=Users,DC=JUNGLE...
More with the ldap cmdlets in NetCmdlets, here's how to list the members of a particular group. I used the get-ldap command shown in the last post to get a list of all my admin groups, and save it in a $groups collection: PS C:\> $groups = get-ldap -server myserver -cred $mycred -dn dc=JUNGLE -searchscope wholesubtree -search "(&(objectclass=group)(... PS C:\> $groups Host DN ---- -- testboy CN=Administrators,CN=Builti... testboy CN=Schema Admins,CN=Users,DC=JUNGLE testboy...
NetCmdlets doesn't have a long list of Active Directory cmdlets for PowerShell. Instead, it has 2. And they aren't AD specific - they just implement the LDAP protocol itself so they can work with any LDAP server, Active Directory or not. Two cmdlets are all that is needed to make common tasks simple. One for setting values (set-ldap), and one for getting values (get-ldap). Here's how I can retrieve a list of all the "admin" groups: PS C:\> get-ldap -server myserver -cred $mycred -dn dc=JUNGLE...
Here's how you can change your active directory (or other ldap server) password with the set-ldap cmdlet in /n software NetCmdlets. Also, recently I also showed how to this using the IP*Works! SSL LdapS dev component. PS C:\> set-ldap -server myserver -binddn Domain\Administrator -password admin -dn "cn=BillyBob,ou=Employees,d... -newpassword mynewpassword -ssl implicit Update: the -password parameter is now a secure string. There is also a -credential parameter. So the cmd to change the...
Previously with NetCmdlets, authentication details were only accepted using plain text parameters. This is still supported, but now these cmdlets support PSCredentials through a new -credentials parameter. This works for almost all of the cmdlets included in NetCmdlets, like FTP, LDAP, HTTP, SMTP, Rexec, RSS, IM, SMS, SSH, etc. Here's an example with get-ldap. Before, you had to bind to the directory server using plain text parameters, like this: PS C:\> get-ldap -server testboy -binddn mydomain\admin...
MOW's "PowerShelled" blog is another awesome PowerShell resource. Of particular interest to me was MOWs series on PowerShell and Active Directory. He used the .Net System.DirectoryServices classes to do all the work. here is how you can use /n software's LDAP cmdlet to manage directory servers like AD. The LDAP cmdlet supports plain connections as well as secure SSL connections. The LDAP cmdlet will work with any directory server, including AD, ADAM, OpenLDAP, Novell, etc. The LDAP cmdlet uses its...
Last year I posted the rules about how to remotely change your LDAP password. Its not very obvious because of the fact that the procedure depends on what server you're using (Active Directory, OpenLDAP, Novell, etc), and even then how your server is configured. Here is how you would change your password using the LDAPS component of IP*Works!! SSL (note, an SSL connection is required in order to change your password remotely if you are an Active Directory user. Otherwise you can do this with the LDAP...
Using LDAP to authenticate users is common, fast, and easy way to do. A while back I wrote a tutorial about how this can be done in a web app using the IP*Works! LDAP component. This particular article was written using VB.Net code samples. Some people ask me for classic ASP code samples, here you go. Lots of people ask about how to change an Active Directory (orADAM) user password over LDAP. With Novell, SunOne, and OpenLdap, its not so difficult as long as you have the administrator permissions...