This simple Powershell module demonstrates how to use robust and powerfull objects from System.DirectoryServices.Protocols (S.DS.P) from Powershell.

Unlike ADSI objects, S.DS.P interacts directly with LDAP protocol, without underlying COM layer, which makes it more robust and powerful. While S.DS.P is more often used in server application, I like using them from Powershell scripts as well.

Using S.DS.P, you will also get a pretty good picture how the LDAP protocol data looks like on the wire.

Any LDAP server can be contacted, including AD and AD LDS - it's just about LDAP protocol; nothing is product-specific.

Module attached to this article demostrates the following:

Module also contains cmdlet Get-RootDSE that demonstrates how to get basic information about LDAP server you want to connect to

Search results are returned as custom objects with properties containing values of directory attributes, so results can be easily pipelined to Export-Csv cmdlet to provide text output.

Do you want to participate in module development? Source code published on Github - feel free to contribute!

***

UPDATE 3.5.2019

***

UPDATE 1.9.2018

***

UPDATE 31.8.2018

***

UPDATE 12.5.2018

***

UPDATE 19.8.2017

***

UPDATE 30.4.2017

***

UPDATE 8.2.2017

***

UPDATE 18.5.2016

***

UPDATE 8.3.2016

***

UPDATE 2.12.2015

***

UPDATE 13.4.2015

***

UPDATE 27.3.2015

***

UPDATE 9.11.2013

***

UPDATE 3.10.2012

***

UPDATE 25.7.2012

***

This is a work in progress, more cmdlets can come; let me know if interested in specific functionality

More about System.DirectoryServices.Protocols here:  http://msdn.microsoft.com/en-us/library/bb332056.aspx

 

PowerShell
Edit|Remove
#This command connects to local machine on port 389 and performs the search 
Find-LdapObject -LdapConnection localhost -SearchFilter:"(&(sn=smith)(objectClass=user)(objectCategory=organizationalPerson))" -SearchBase:"cn=Users,dc=myDomain,dc=com" 
 
#--- 
#This command connects to user's domain and performs the search, returning value of objectSid attribute as byte stream 
Find-LdapObject -LdapConnection (Get-LdapConnection) -SearchFilter:"(&(cn=jsmith)(objectClass=user)(objectCategory=organizationalPerson))" -SearchBase:"ou=Users,dc=myDomain,dc=com" -PropertiesToLoad:@("sAMAccountName","objectSid"-BinaryProperties:@("objectSid") 
 
#--- 
#This command connects to given LDAP server and performs the search via SSL 
Find-LdapObject -LdapConnection (Get-LdapConnection -LdapServer:mydc.mydomain.com -EncryptionType SSL) -SearchFilter:"(&(sn=smith)(objectClass=user)(objectCategory=organizationalPerson))" -SearchBase:"ou=Users,dc=myDomain,dc=com" 
 
#--- 
#The following commands create the LDAP connection object and pass it as parameter. Connection remains open and is ready for reuse in subsequent searches 
$MyConnection=Get-LdapConnection -LdapServer:mydc.mydomain.com -Port 389 
 
Find-LdapObject -LdapConnection:$MyConnection -SearchFilter:"(&(sn=smith)(objectClass=user)(objectCategory=organizationalPerson))" -SearchBase:"cn=Users,dc=myDomain,dc=com" 
 
Find-LdapObject -LdapConnection:$MyConnection -SearchFilter:"(&(cn=myComputer)(objectClass=computer)(objectCategory=organizationalPerson))" -SearchBase:"ou=Computers,dc=myDomain,dc=com" -PropertiesToLoad:@("cn","managedBy") 
 
#--- 
#This one-liner lists sAMAccountName, first and last name, and DN of all users who are members of at least one group whose name starts with "SEC_" string 
$MyConnection=Get-LdapConnection -LdapServer:mydc.mydomain.com -Port 389 
Find-LdapObject -LdapConnection:$MyConnection -SearchFilter:"(&(cn=SEC_*)(objectClass=group)(objectCategory=group))" -SearchBase:"cn=Groups,dc=myDomain,dc=com" |  
Find-LdapObject -LdapConnection:$MyConnection -ASQ:"member" -SearchScope:Base -SearchFilter:"(&(objectClass=user)(objectCategory=organizationalPerson))" -propertiesToLoad:@("sAMAccountName","givenName","sn"| 
Select-Object * -Unique