PS Script: search for a object in AD or LDAP fast or from a non domain joined pc with support for workflows – Part 1
PS Script: search for a object in AD or LDAP fast or from a non domain joined pc with support for workflows – Part 2
Version update 1.2 Release and explanation
This is the second part of a 2 part post. In this post I will release the more versatile function of the function described in part 1. This functions for searching AD or LDAP databases has broad support for all kind of query`s from domain joined or non domain joined computers. Like the other function it is based on the .NET LDAP class “System.DirectoryServices”. Due to the use of this class there is no need for the active directory PowerShell module. This will speedup the runtime of your PowerShell script or run spaces if you use workflows. I will explain workflows in a later post. This function “Get-LdapObject” is build for supportability in any environment and it can query AD configuration partitions for reading objects of exchange for example. The main use of this function is fast command line query`s without the need to install the AD module or as a replacement of that module.
You can find the scripts in the TechNet gallery or under the script section of this site.
Technet gallery:
Get-Ldapobject
Get-Ldapobjectfast
So let`s jump in to the action and view the functions flexibility on a domain joined computer without the AD module:
If we run a default query for the first user that has the letters “sc” at the start of the samaccountname we see that the function returns the Schema admins object. Under the hood the function will query the local domain and the root OU path. This means you can very fast test your LDAP query`s as it will return only the first hit if the Boolean “findall” is not set.
Of course you can still use the “-DC” and “-OU” to specify which domain controller or sub OU you want to search or any of the other parameters to filter your search results.
If we run the same query from a non domain joined computer, we see it will throw an error stating it needs the DC and the OU. Because the computer is not part of a domain there is no way to determine what domain or LDAP database should be used.
Just like the Get-Ldapobjectfast function if we provide the username, DC and OU again the function works from a non-domain joined computer that does not have the AD modules installed.
But you also said it would be versatile how about that.??
Well the function is a all in one no matter if it is a user, computer or object. You can even query the configuration partition by just using the switch “-configurationNamingContext”. This gives you the benefit of being able to very fast query for example Exchange properties. Let`s say I want to find all Exchange servers in the AD site “test”.
And so it will be. Just query for the objectclass “msexchexchangeserver” and a valid site distinguished Name ( this cannot be a wild card !! objects containing a DN can never be searched using wildcards)
Wait it gets better what about all servers of version 15 or all the autodiscover SCP point`s for all Exchange servers.
There you go, if it`s in AD you can query it with one and the same function for any pc domain joined or not without any dependency`s :).
Now that we have a solid base of AD functions the next time we will start with the cool stuff like connecting to exchange from any computer.
And of course this function can be used together with Get-Dc to use a up and running DC.
Leave any comment here and rate the script if you like it on the TechNet gallery.
Cheers
Martijn ( Scriptkiddie ) van Geffen