NetCmdlets - LDAP/Active Directory

LDAP/Active Directory

The LDAP cmdlet can be used to manage directory servers like Active Directory, ADAM, OpenLDAP, Novell, etc.  The get-ldap and set-ldap cmdlets support plain connections as well as secure SSL connections.

Binding

To bind to a directory server, simply specify the -server and -binddn parameters.  To bind with authentication, add the password parameter as well:

PS C:\ $root = get-ldap -server testboy -binddn dc=mydomain 
PS C:\ $root

Host : testboy
DN : dc=mydomain
Successful : True

Instead of just binding anonymously, I can bind as a particular user (like admin):

PS C:\ $root = get-ldap -server testboy -binddn mydomain\admin -pass admin 
PS C:\ $root

Host : testboy
DN : mydomain\administrator
Successful : True

Searching

To perform a search, first specify a separate dn (-dn) on which to perform the search (if no dn parameter is supplied, the binddn will be used), and the filter to search for (-search). Here's a search of just the root node, which returns an array.

PS C:\ get-ldap -server testboy -binddn mydomain\admin -pass admin -dn 
	dc=mydomain -search objectClass=*

Host	DN	Type	Value
testboy	CN=Builtin,DC=MYDOMAIN	System.String[]	System.String[]
testboy	CN=Computers,DC=MYDOMAIN	System.String[]	System.String[]
testboy	OU=Domain Controllers,DC=MYDOMAIN	System.String[]	System.String[]
testboy	OU=Employees,DC=MYDOMAIN	System.String[]	System.String[]
testboy	CN=ForeignSecurityPrincipals,DC=MYDOMAIN	System.String[]	System.String[]
testboy	CN=Infrastructure,DC=MYDOMAIN	System.String[]	System.String[]
testboy	OU=LancesUnit,DC=MYDOMAIN	System.String[]	System.String[]
testboy	CN=LostAndFound,DC=MYDOMAIN	System.String[]	System.String[]
testboy	CN=Microsoft Exchange System Objects,DC=MYDOMAIN	System.String[]	System.String[]
testboy	CN=NTDS Quotas,DC=MYDOMAIN	System.String[]	System.String[]
testboy	CN=Program Data,DC=MYDOMAIN	System.String[]	System.String[]
testboy	CN=System,DC=MYDOMAIN	System.String[]	System.String[]
testboy	CN=Users,DC=MYDOMAIN	System.String[]	System.String[]

I can access a particular node of the array just as any other:

PS C:\ (get-ldap -server testboy -binddn mydomain\admin -pass admin 
	-dn dc=mydomain -search objectClass=*)[6]

Host	DN	Type	Value
testboy	OU=LancesUnit,DC=MYDOMAIN	System.String[]	System.String[]

What if I want to see all the attributes of this node? I can just add an -attr parameter:

PS C:\ (get-ldap -server testboy -binddn mydomain\admin -pass admin 
	-dn dc=mydomain -search objectClass=* -attr $true)[6]

objectClass	: {top, organizationalUnit}
ou	: {LancesUnit}
distinguishedName	: {OU=LancesUnit,DC=mydomain}
instanceType	: {4}
whenCreated	: {20051122214101.0Z}
whenChanged	: {20051122214101.0Z}
uSNCreated	: {382126}
uSNChanged	: {382126}
name	: {LancesUnit}
objectGUID	: {?§'?Ùâ%GŸœÝš6w|¢}
objectCategory	: {CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=mydomain, }
Host	: testboy
DN	: OU=LancesUnit,DC=mydomain

Get a list of employees:

PS C:\ get-ldap -server testboy -binddn DOMAIN\admin -pass admin 
	-dn "ou=Employees,dc=DOMAIN" -search objectClass=*

To find a particular employee:

get-ldap -binddn DOMAIN\administrator -password admin -server testboy 
	-dn ou=Employees,dc=DOMAIN -search cn=LRobinson

To get the attributes of a particular employee:

get-ldap -binddn DOMAIN\administrator -password admin -server testboy 
	-dn ou=Employees,dc=DOMAIN -search cn=LRobinson -attr $true

Change Password

To change your Active Directory password with the set-ldap cmdlet, simply bind as someone with permissions to change the password, establish and ssl connection, and then use the -newpassword parameter.  For example, if you are the administrator and you'd like to change the password for "Bob" to "mynewpassword":

PS C:\> set-ldap -server myserver -binddn Domain\Administrator 
	-password admin -dn "cn=Bob,ou=Employees,dc=DOMAIN" 
	-newpassword mynewpassword -ssl implicit

NetCmdlets

We appreciate your feedback.  If you have any questions, comments, or suggestions about this article please contact our support team.