Introducing the CPolydorou.ActiveDirectoryLDAP PowerShell module

I've been working with Active Directory for a very long time, even back when there was no PowerShell! Over those years, I've developed some functions to query the directory with the help of .NET and surprisingly those functions are still useful!

I've decided to try to convert them to PowerShell so that the can be an addition to my Active Directory module, when the Remote Server Administration Tools are not available. For that reason, I've created and published a new module named CPolydorou.ActiveDirectoryLDAP on the PowerShell gallery.

At this time, the module contains only two functions, Get-ActiveDirectoryDomainLDAP and Get-ActiveDirectoryForestLDAP. Those two return information about Active Directory domains and forests respectively.

Let's take a look on some examples.

Executing the "Get-ActiveDirectoryDomainLDAP" without parameters, will return information about the domain the local computer is joined to.

PS C:\> Get-ActiveDirectoryDomainLDAP

Name      Forest    DomainModeLevel DomainMode
----      ------    --------------- ----------
lab.local lab.local               6 Windows2012R2Domain

PS C:\>

If you are running the commands on a computer that is not joined to the domain or against a domain controller of another forest, you can specify the server and the credentials to use.

PS C:\> Get-ActiveDirectoryDomainLDAP -Server 10.0.0.11 -Credential $cred 

Name              Forest     DomainModeLevel DomainMode 
----              ------     --------------- ---------- 
client.test.local test.local               4 Windows2008R2Domain

PS C:\>

You may also use the name of the domain:

PS C:\> Get-ActiveDirectoryDomainLDAP -Name lab.local -Credential $cred 

Name      Forest    DomainModeLevel DomainMode 
----      ------    --------------- ---------- 
lab.local lab.local               6 Windows2012R2Domain 

PS C:\>

The "Get-ActiveDirectoryForestLDAP" has the same parameters and usage but it returns forest information:

PS C:\> Get-ActiveDirectoryForestLDAP

Name : lab.local
Sites : {HQ, DR}
Domains : {lab.local}
ForestModeLevel : 6
ForestMode : Windows2012R2Forest
RootDomain : lab.local

PS C:\> Get-ActiveDirectoryForestLDAP -Server 10.0.0.11 -Credential $cred

Name : client.test.local
Sites : {NewYork, London, Athens}
Domains : {client.test.local, test.local}
ForestModeLevel : 4
ForestMode : Windows2008R2Forest
RootDomain : test.local

PS C:\> Get-ActiveDirectoryForestLDAP -Name lab.local -Credential $cred

Name : lab.local
Sites : {HQ, DR}
Domains : {lab.local}
ForestModeLevel : 6
ForestMode : Windows2012R2Forest
RootDomain : lab.local

PS C:\>

More functions are going to be added in the next weeks, so stay tuned!

Popular posts from this blog

Domain Controller Machine Password Reset

Image
On my lab environment, I've configured two Active Directory sites since most enterprises have offices in more that one places. My lab however is not running 24/7 and the domain controllers in the second site are rarely turned on in order to save resources. This leads to issues with the Active Directory replication such as the "The target principal name is incorrect" error when I execute:  repadmin /syncall /AdeP. To remedy the issue, we have to reset the machine password of the domain controller that has been offline. First off, we are going to stop and disable the Kerberos Key Distribution Center (kdc) service on the problematic domain controller, in our case DC4. There may be some tickets in the cache so we should also clear them using klist purge Now it's time to change the machine password of the domain controller using the command netdom resetpwd /s:dc3 /ud:lab\administrator /pd:* Replace the "lab\administrator" with an account on your
Keep reading

Configuring a Certificate on Exchange Receive Connector

Today's article is about configuring Exchange receive connectors with specific certificates. Out of the box, Exchange uses self signed certificates to provide TLS secured mail flow. This will definitely be an issue if you expose the SMTP protocol to client computers since they won't trust the certificate. In this article we are going to configure a certificate that was issued by a third part authority to the Client Frontend receive connector. We'll start with getting the thumbprint of the certificate using the Get-ExchangeCertificate cmdlet: [PS] C:\> Get-ExchangeCertificate Thumbprint                               Subject ----------                               ------- 241B864DC82C664FECBA18B8D54987AAFB65B4C2 CN=*.lab.com, ... D4D210886B34E690191A1F008C78FDD0E7325DD4 CN=Exchange2013A 960171662EB261162F9C8CBE12E0B75D6F06ABB0 CN=Microsoft Exchange Server Auth Certificate 2690324B827A9F2B75D59104F81CAAA57CDD627B CN=WMSvc-Exchange2013A [PS]
Keep reading

Managing Active Directory User Certificates using PowerShell

I first came across user certificates when I was working with email certificates a few years ago and I have to admit that I had trouble updating the certificates on the objects! Most organizations have a Microsoft Active Directory Certification Authority that issues the certificates used internally. When a certificate is issued to a user, the Microsoft Certificate Service saves the public key in Active Directory. The userCertificate attribute is a multi-valued attribute that contains the DER-encoded X509v3 certificates issued to the user. Although we rarely need to pay attention to this attribute, there are cases where we have to update it. To make things easier, I've written PowerShell functions to Get, Remove, Import and Export the certificates on that field. To get the list of certificates for an object, use the Get-ActiveDirectoryObjectCertificate function: PS C:\> Get-ActiveDirectoryObjectCertificate -UserPrincipalName cpolydorou@lab.local DistinguishedName     
Keep reading