MOW's "PowerShelled" blog is another awesome PowerShell resource. Of particular interest to me was MOWs series on PowerShell and Active Directory. He used the .Net System.DirectoryServices classes to do all the work.
here is how you can use /n software's LDAP cmdlet to manage directory servers like AD.
- The LDAP cmdlet supports plain connections as well as secure SSL connections.
- The LDAP cmdlet will work with any directory server, including AD, ADAM, OpenLDAP, Novell, etc.
- The LDAP cmdlet uses its own implementation of LDAP that has been developer tested for years, because it is built on top of the IPWorks SSL LDAPS component. So...there is no need to create an instance of System.DirectoryServices.DirectoryEntry.
First, to just test the connection the my directory server:
PS C:\ $root = get-ldap -server testboy -binddn dc=mydomain
PS C:\ $root
Host : testboy
DN : dc=mydomain
Successful : True
Instead of just binding anonymously, I can bind as a particular user (like admin):
PS C:\ $root = get-ldap -server testboy -binddn mydomain\admin -pass admin
PS C:\ $root
Host : testboy
DN : mydomain\administrator
Successful : True
Now I will search. I can specify a separate dn on which to perform the search (or I could also search using the dn that I've bound as), and the filter that I want to search for (-search). Here's a search of just the root node, which returns an array.
PS C:\ get-ldap -server testboy -binddn mydomain\admin -pass admin -dn dc=mydomain -search objectClass=*
| Host |
DN |
Type |
Value |
| testboy |
CN=Builtin,DC=MYDOMAIN |
System.String[] |
System.String[] |
| testboy |
CN=Computers,DC=MYDOMAIN |
System.String[] |
System.String[] |
| testboy |
OU=Domain Controllers,DC=MYDOMAIN |
System.String[] |
System.String[] |
| testboy |
OU=Employees,DC=MYDOMAIN |
System.String[] |
System.String[] |
| testboy |
CN=ForeignSecurityPrincipals,DC=MYDOMAIN |
System.String[] |
System.String[] |
| testboy |
CN=Infrastructure,DC=MYDOMAIN |
System.String[] |
System.String[] |
| testboy |
OU=LancesUnit,DC=MYDOMAIN |
System.String[] |
System.String[] |
| testboy |
CN=LostAndFound,DC=MYDOMAIN |
System.String[] |
System.String[] |
| testboy |
CN=Microsoft Exchange System Objects,DC=MYDOMAIN |
System.String[] |
System.String[] |
| testboy |
CN=NTDS Quotas,DC=MYDOMAIN |
System.String[] |
System.String[] |
| testboy |
CN=Program Data,DC=MYDOMAIN |
System.String[] |
System.String[] |
| testboy |
CN=System,DC=MYDOMAIN |
System.String[] |
System.String[] |
| testboy |
CN=Users,DC=MYDOMAIN |
System.String[] |
System.String[] |
I can access a particular node of the array just as any other:
PS C:\ (get-ldap -server testboy -binddn mydomain\admin -pass admin -dn dc=mydomain -search objectClass=*)[6]
| Host |
DN |
Type |
Value |
| testboy |
OU=LancesUnit,DC=MYDOMAIN |
System.String[] |
System.String[] |
What if I want to see all the attributes of this node? I can just add an -attr parameter:
PS C:\ (get-ldap -server testboy -binddn mydomain\admin -pass admin -dn dc=mydomain -search objectClass=* -attr $true)[6]
| objectClass |
: {top, organizationalUnit} |
| ou |
: {LancesUnit} |
| distinguishedName |
: {OU=LancesUnit,DC=mydomain} |
| instanceType |
: {4} |
| whenCreated |
: {20051122214101.0Z} |
| whenChanged |
: {20051122214101.0Z} |
| uSNCreated |
: {382126} |
| uSNChanged |
: {382126} |
| name |
: {LancesUnit} |
| objectGUID |
: {?§'?Ùâ%GŸœÝš6w|¢} |
| objectCategory |
: {CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=mydomain, } |
| Host |
: testboy |
| DN |
: OU=LancesUnit,DC=mydomain |
Get a list of employees:
PS C:\ get-ldap -server testboy -binddn DOMAIN\admin -pass admin -dn "ou=Employees,dc=DOMAIN" -search objectClass=*
To find a particular employee:
get-ldap -binddn DOMAIN\administrator -password admin -server testboy -dn ou=Employees,dc=DOMAIN -search cn=LRobinson
To get the attributes of a particular employee:
get-ldap -binddn DOMAIN\administrator -password admin -server testboy -dn ou=Employees,dc=DOMAIN -search cn=LRobinson -attr $true
Technorati : NetCmdlets, active directory, ad, cmdlet, ldap, msh, powershell