LDAP
There are 20 entries for the tag
LDAP
Here are a few one-liners that use NetCmdlets. Some of these I've blogged about before, some are new. Let me know if you have questions, which ones you find useful, or how you altered these to suit your own needs. Send email to a list of recipient addresses: import-csv users.csv | % { send-email -to $_.email -from lance@nsoftware.com -subject "Important Email" –message "Hello World!" -server 10.0.1.1 } Show the access control list for a specific Exchange folder: get-imap -server $mymailserver -cred...
This post is the fourth in a series of postings, containing examples of SharePoint WebParts that anybody can build all by themselves. To read all posts in this series, or to get started with the RSSBus WebPart, go here. #4 – List Active Directory Groups and Users This web part will list each user group and its members, as defined in your Active Directory (or other LDAP server) installation. Step one is to make sure you have the RSSBus Web Part installed. See here for instructions. Step two, make...
I saw Jeff Hicks’ great Get-LocalMember post this morning, in which he has extensive demonstration of retrieving information about AD group members. I thought it might be a good time to show some of the power of the get-ldap cmdlet. Yes, using the get-ldap cmdlet does require familiarity with the LDAP protocol itself, so in this way it is for more advanced users who just need to do quick LDAP operations without a lot of required coding and with just one universal cmdlet. So, how do I list the group...
The userAccountControl attribute is used to control the access of a user account. This value can be set to the bitwise OR of a set of flag values, documented here: Property flag Value in hexadecimal Value in decimal SCRIPT 0x0001 1 ACCOUNTDISABLE 0x0002 2 HOMEDIR_REQUIRED 0x0008 8 LOCKOUT 0x0010 16 PASSWD_NOTREQD 0x0020 32 PASSWD_CANT_CHANGE Note You cannot assign this permission by directly modifying the UserAccountControl attribute. For information about how to set the permission programmatically,...
PS C:\> get-ldap -server testboy -cred $mycred -dn dc=JUNGLE -searchscope wholesubtree -search "(&(objectclass=user)(o... Again, there's no need for dozens of LDAP cmdlets. The two LDAP cmdlets included in NetCmdlets, get-ldap and set-ldap, are all you need for most tasks. The above command shows how you would search for disabled user accounts with the get-ldap cmdlet. Technorati Tags: PowerShell, LDAP, Active directory,...
In my previous posts about LDAP group membership, I've talked about how to get a list of groups, how to search for a particular groups members, and how to search for what groups a particular user belongs to. Up next: how to change group membership. To add or remove a user from a group, you need to modify the "member" attribute of the group itself. To do this we'll use the set-ldap cmdlet of NetCmdlets. Add a user to a group: To add a user to a group, set the DN parameter of set-ldap to the DN of...
In the last LDAP series post, I mentioned how to search for the members of a group. Now the opposite, here's how to search for what groups a particular user is a part of: To do this search, all I do is form a search filter that is searching for all groups that has a particular member in it. So really this is a slight alteration of the search for all groups. PS C:\> get-ldap -server testboy -cred $mycred -dn dc=JUNGLE -searchscope wholesubtree -search "(&(member=CN=Lance Robinson,CN=Users,DC=JUNGLE...
More with the ldap cmdlets in NetCmdlets, here's how to list the members of a particular group. I used the get-ldap command shown in the last post to get a list of all my admin groups, and save it in a $groups collection: PS C:\> $groups = get-ldap -server myserver -cred $mycred -dn dc=JUNGLE -searchscope wholesubtree -search "(&(objectclass=group)(... PS C:\> $groups Host DN ---- -- testboy CN=Administrators,CN=Builti... testboy CN=Schema Admins,CN=Users,DC=JUNGLE testboy...
NetCmdlets doesn't have a long list of Active Directory cmdlets for PowerShell. Instead, it has 2. And they aren't AD specific - they just implement the LDAP protocol itself so they can work with any LDAP server, Active Directory or not. Two cmdlets are all that is needed to make common tasks simple. One for setting values (set-ldap), and one for getting values (get-ldap). Here's how I can retrieve a list of all the "admin" groups: PS C:\> get-ldap -server myserver -cred $mycred -dn dc=JUNGLE...
Here's how you can change your active directory (or other ldap server) password with the set-ldap cmdlet in /n software NetCmdlets. Also, recently I also showed how to this using the IP*Works! SSL LdapS dev component. PS C:\> set-ldap -server myserver -binddn Domain\Administrator -password admin -dn "cn=BillyBob,ou=Employees,d... -newpassword mynewpassword -ssl implicit Update: the -password parameter is now a secure string. There is also a -credential parameter. So the cmd to change the...
Previously with NetCmdlets, authentication details were only accepted using plain text parameters. This is still supported, but now these cmdlets support PSCredentials through a new -credentials parameter. This works for almost all of the cmdlets included in NetCmdlets, like FTP, LDAP, HTTP, SMTP, Rexec, RSS, IM, SMS, SSH, etc. Here's an example with get-ldap. Before, you had to bind to the directory server using plain text parameters, like this: PS C:\> get-ldap -server testboy -binddn mydomain\admin...
MOW's "PowerShelled" blog is another awesome PowerShell resource. Of particular interest to me was MOWs series on PowerShell and Active Directory. He used the .Net System.DirectoryServices classes to do all the work. here is how you can use /n software's LDAP cmdlet to manage directory servers like AD. The LDAP cmdlet supports plain connections as well as secure SSL connections. The LDAP cmdlet will work with any directory server, including AD, ADAM, OpenLDAP, Novell, etc. The LDAP cmdlet uses its...
Last year I posted the rules about how to remotely change your LDAP password. Its not very obvious because of the fact that the procedure depends on what server you're using (Active Directory, OpenLDAP, Novell, etc), and even then how your server is configured. Here is how you would change your password using the LDAPS component of IP*Works!! SSL (note, an SSL connection is required in order to change your password remotely if you are an Active Directory user. Otherwise you can do this with the LDAP...
I added a small feature so that if you don't know what DN to bind to and your directory server is Active Directory, you can click on a little "?" button and the application will attempt to discover a root binding DN for you. Updated copy of the LDAP browser (c# source code and compiled exe) can be downloaded here
This article on ASP Alliance explains how to use the IP*Works! .Net LDAP component in an ASP.Net web application. A lot of people have emailed me asking about how to do this in classic ASP. For those people, here is the same information told from the perspective of the classic ASP developer, using the Ldap component from IPWorks ASP Edition...
This article on ASP Alliance explains how to use the IP*Works! .Net LDAP component in an ASP.Net web application. A lot of people have emailed me asking about how to do this in classic ASP. For those people, here is the same information told from the perspective of the classic ASP developer, using the Ldap component from IPWorks ASP Edition. Performing Web Authentication and Administration with LDAP Providing a login interface for a website, as well as an administrator interface for maintaining a...
When you connect to a directory server, you can do a DSE search to determine if it is an AD server or not. If the supportedCapabilities attribute contains the value "1.2.840.113556.1.4.800", you know it is AD. How do you perform a root DSE search using the IP*Works! Ldap component? This is discussed in an LDAP tutorial on the nsoftware website. Basically its just a search in which the DN is blank, the search filter is "objectClass=*", and you have a base level search scope...
Here is a sample LDAP Browser with csharp source code. This was built using the IP*Works! LDAP component. This zip includes the .net exe, but not that if you actually want to compile you will need to download and install IPWorks
Using LDAP to authenticate users is common, fast, and easy way to do. A while back I wrote a tutorial about how this can be done in a web app using the IP*Works! LDAP component. This particular article was written using VB.Net code samples. Some people ask me for classic ASP code samples, here you go. Lots of people ask about how to change an Active Directory (orADAM) user password over LDAP. With Novell, SunOne, and OpenLdap, its not so difficult as long as you have the administrator permissions...
In my experiences with AD, SunOne (iPlanet), Siemens, and Novell directory servers, root DSE searches turn up a full set of results. This search request is sent like so: Dim ldap as new nsoftware.IPWorks.Ldap() ldap.ServerName = SERVERNAME ldap.DN = "" ldap.SearchScope = ssBaseObject ldap.Search "objectClass=*" By default, when no attributes are provided in the search request itself, these directory servers will return all the attributes. Today, someone pointed out to me that the OpenLDAP server...