0

I'm Brand new to LDAP Directory related works and seeking your help in fetching all Available LDAP Groups using PowerShell script.

LDAP Server: xxxx.domain.com:636 and have one service account.

Here is full script:

# Define the LDAPS server, port, and credentials
$ldapServer = "my-ldap-server"
$ldapPort = 636 # LDAPS port
$ldapPath = "LDAP://$ldapServer:$ldapPort"
$ldapUser = "your-username"
$ldapPassword = "your-password"

# Create a new DirectoryEntry object with the LDAPS path and credentials
$directoryEntry = New-Object System.DirectoryServices.DirectoryEntry
$directoryEntry.Path = $ldapPath
$directoryEntry.Username = $ldapUser
$directoryEntry.Password = $ldapPassword
$directoryEntry.AuthenticationType = [System.DirectoryServices.AuthenticationTypes]::SecureSocketsLayer

# Create a new DirectorySearcher object
$directorySearcher = New-Object System.DirectoryServices.DirectorySearcher($directoryEntry)

# Define the filter to search for groups
$directorySearcher.Filter = "(objectClass=group)"

# Define the properties to load (e.g., group name, description)
$directorySearcher.PropertiesToLoad.Add("cn")
$directorySearcher.PropertiesToLoad.Add("description")

# Perform the search
$searchResults = $directorySearcher.FindAll()

# Loop through the results and display group information
foreach ($result in $searchResults) {
    $groupName = $result.Properties["cn"] -join ", "
    $groupDescription = $result.Properties["description"] -join ", "

    Write-Output "Group Name: $groupName"
    Write-Output "Description: $groupDescription"
    Write-Output "-------------------------"
}

# Clean up
$directorySearcher.Dispose()
$directoryEntry.Dispose()

I was able to verify test-connection and found 200 Status for the same. But i was not able to query for LDAP Groups. Can anyone of you help me in this regard.

Thanks in Advance.

Thanks, Siva

Improve this question
7
  • 1
    Is this an Active Directory LDAP server or a non-AD server? Commented Aug 4, 2024 at 9:31
  • @grawity_u1686 Yes i'm trying from Non-AD server. Commented Aug 5, 2024 at 3:08
  • In that case, do you have the correct attributes and objectClass name? You seem to be using AD ones, but AD LDAP uses a different schema than 'traditional' LDAP. Have you tried looking at a single group entry using some graphical LDAP browser? Commented Aug 5, 2024 at 5:04
  • @grawity_u1686 any example please? So that i can verify and confirm you Commented Aug 5, 2024 at 9:12
  • Apache Directory Studio is a commonly used one. My guess is that you want groupOfNames for the filter but only you can find out for sure. Commented Aug 5, 2024 at 9:13
Related questions
1104
How to run a PowerShell script
1116
How do you comment out code in PowerShell?
1000
How do I concatenate strings and variables in PowerShell?
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.