<< A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

–A–

ADSI, connect to – see also instances, list for what you need to put into the connection string

$ldapPath = "LDAP://123.45.67.89:12389/CN=test1,DC=test,DC=local"
$adsi = [ADSI]$ldapPath
$adsi.psbase.Children | % {$_.distinguishedName} # List objects in the Configuration partition

–B–

–C–

certificate-related connection problems

When trying to connect to an LDS instance using ADSI edit with all the same connection settings fields as when attempting to connect to port 389 except this time use port 686 and check the "Use SSL-based Encryption", "Operation failed. Error code: 0x8007203a The server is not operational." error. Same error without the "Use SSL-based Encryption". It worked fine when using the regular LDAP port.

Test-NetConnection -ComputerName 123.45.67.89 -Port 636

works

also tried ldp.exe. If don't check the "Use SSL-based Encryption" box, get:

ld = ldap_open("localhost", 636);
Established connection to localhost.
Retrieving base DSA information...
Server error: <empty>
Error<94>: ldap_parse_result failed: No result present in message
Server error: <empty>
Getting 0 entries:
-----------
Server error: <empty>

If check that "Use SSL-based Encryption" box:

Server error: <empty>
0x51 = ldap_unbind(ld);
ld = ldap_sslinit("localhost", 636, 1);
Error 81 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to localhost.

Verify SSL Certificate: Ensure that the SSL certificate is correctly installed on the server. The certificate must be trusted by the client machine. Check the certificate using the certutil command:

certutil -viewstore "My"

will pop up a screen showing local cert, check certificate path tab

–D–

–E–

–F–

–G–

–H–

–I–

instance, delete

$instance = "test1"
Stop-Service -Name "ADAM_$instance"
Uninstall-WindowsFeature -Name "ADLDS_$instance"
Remove-Item -Path "C:\Program Files\Microsoft ADAM\$instance" -Recurse -Force
sc.exe delete "ADAM_$instance" # delete the service

instances, list

Get-WmiObject -Class Win32_Service | ? {$_.Name -like "*ADAM*"}

or if Class Win32_Service does not work

Get-CimInstance -Class Win32_Service | ? {$_.Name -like "*ADAM*"}

instances, list with key properties – see also ADLDSInfo.ps1

lists important stuff like

$ldsServices = Get-CimInstance -Class Win32_Service | ? {$_.Name -like "*ADAM*"}
$server = "123.45.67.89"
Add-Type - AssemblyName System.DirectoryServices.Protocols # without this, New-Object below fails
# Query the registry for port numbers and distinguished names
foreach ($service in $ldsServices) {
    $serviceName = $service.Name
    $registryPath = "HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName\Parameters"
    $serviceDetails = Get-ItemProperty -Path $registryPath
    $ldapPort = $serviceDetails."Port LDAP"
    $sslPort = $serviceDetails."Port SSL"
    Write-Output "Service Name: $serviceName"
    Write-Output " LDAP Port: $ldapPort"
    Write-Output " SSL Port: $sslPort"
    # Connect to the LDAP server and retrieve naming contexts
    $ldapPath = "LDAP://$($server):$ldapPort/RootDSE"
    $directoryEntry = $null; $namingContexts = $null
    $directoryEntry = New-Object DirectoryServices.DirectoryEntry($ldapPath)
    Write-Output " Path: $($server):$ldapPort"
    try {
        $directoryEntry.RefreshCache()
        $namingContexts = $directoryEntry.Properties["namingContexts"]
        Write-Output " Naming Contexts:"
        foreach ($context in $namingContexts) {
            Write-Output "  $context"
        }
    }
    catch {write-host "server is not operational" -ForegroundColor Red}
    Write-Host "----------------------------------------" -ForegroundColor Blue
}

instance port, change

If you try the command below from a PowerShell command, it just hangs. Instead, run from a cmd prompt. And stop the instance service ahead of time or your ldap port and ssl port commands will complain until you stop the service.

dsdbutil

At the dsdbutil prompt, type:

activate instance ntds
ldap port 50389
ssl port 50636
quit

or

Stop-Service -Name ADAM_InstanceName

navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_InstanceName\Parameters and Modify the values for LDAP Port and SSL Port as needed.

then

Start-Service -Name ADAM_InstanceName

instance location default – C:\Program Files\Microsoft ADAM

–J–

–K–

–L–

.ldf files location – C:\Windows\ADAM

–M–

modules

–N–

–O–

–P–

ports of an instance, change – see instance port, change

–Q–

–R–

–S–

schema partition, show

$server = "localhost:389"
$schemaPartition = (Get-ADRootDSE -Server $server).schemaNamingContext
Get-ADObject -Identity $schemaPartition -Server $server -Properties ObjectGUID | select Name, ObjectGUID

"Select or type a Distinguished Name or Naming Contect" – required to connect to directory with ADSI Edit – see also instances, list with key properties

This assumes you know the IP address and port

The Root DSE (Root Directory Service Entry) is a special entry in an LDAP directory that provides information about the directory server itself, such as the naming contexts, supported LDAP versions, and other capabilities.

# Define the LDAP path for the root DSE - Directory Service Entry
$ldapPath = "LDAP://123.45.67.89:12389/RootDSE"

# Create a DirectoryEntry object for the root DSE
$rootDSE = New-ObjectDirectoryServices.DirectoryEntry($ldapPath)

# Retrieve the naming contexts
$namingContexts = $rootDSE.Properties["namingContexts"]

# Display the naming contexts
foreach ($context in $namingContexts) {
    Write-Output "Naming Context: $context"
}

It returned 3 values. I think the last one is what I want

–T–

–U–

user, get

local, port 389

$path = "CN=emeraldCity,DC=oz,DC=local"
$server = "localhost:389"

all users

Get-ADUser -Filter * -Server $server -SearchBase $path -Properties *

one user

Get-ADUser -Identity "CN=wizard,CN=emeraldCity,DC=oz,DC=local" -Server $server -Properties *

user, modify

local, port 389

Set-ADUser -Identity "CN=wizard,CN=emeraldCity,DC=oz,DC=local" -Server $server -Surname "green"

–V–

–W–

–X–

–Y–

–Z–