ADSI, connect to – see also instances, list for what you need to put into the connection string
$ldapPath
=
"LDAP://123.45.67.89:12389/CN=test1,DC=test,DC=local"
$adsi
=
[ADSI]$ldapPath
$adsi.psbase.Children
|
%
{$_.distinguishedName}
# List objects in the Configuration partition
certificate-related connection problems
When trying to connect to an LDS instance using ADSI edit with all the same connection settings fields as when attempting to connect to port 389 except this time use port 686 and check the "Use SSL-based Encryption", "Operation failed. Error code: 0x8007203a The server is not operational." error. Same error without the "Use SSL-based Encryption". It worked fine when using the regular LDAP port.
Test-NetConnection -ComputerName 123.45.67.89 -Port 636
works
also tried ldp.exe. If don't check the "Use SSL-based Encryption" box, get:
ld = ldap_open("localhost", 636);
Established connection to localhost.
Retrieving base DSA information...
Server error: <empty>
Error<94>: ldap_parse_result failed: No result present in message
Server error: <empty>
Getting 0 entries:
-----------
Server error: <empty>
If check that "Use SSL-based Encryption" box:
Server error: <empty>
0x51 = ldap_unbind(ld);
ld = ldap_sslinit("localhost", 636, 1);
Error 81 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to localhost.
Verify SSL Certificate: Ensure that the SSL certificate is correctly installed on the server. The certificate must be trusted by the client machine. Check the certificate using the certutil command:
certutil -viewstore "My"
will pop up a screen showing local cert, check certificate path tab
Get-WmiObject -Class Win32_Service | ? {$_.Name -like "*ADAM*"}
or if Class Win32_Service does not work
Get-CimInstance -Class Win32_Service | ? {$_.Name -like "*ADAM*"}
instances, list with key properties
lists important stuff like
- LDAP port
- SSL port
- value for "Select or type a Distinguished Name or Naming Contect" field which you need to connect to using ADSI edit
- IP address with port for "Computer" field which you need to connect to using ADSI edit
$ldsServices
=
Get-CimInstance
-Class Win32_Service
|
?
{$_.Name
-like
"*ADAM*"}
$server
=
"123.45.67.89"
# Query the registry for port numbers and distinguished names
foreach
($service
in
$ldsServices) {
$serviceName
=
$service.Name
$registryPath
=
"HKLM:\SYSTEM\CurrentControlSet\Services\$serviceName\Parameters"
$serviceDetails
=
Get-ItemProperty
-Path $registryPath
$ldapPort
=
$serviceDetails."Port LDAP"
$sslPort
=
$serviceDetails."Port SSL"
Write-Output
"Service Name:
$serviceName"
Write-Output
" LDAP Port: $ldapPort"
Write-Output
" SSL Port: $sslPort"
# Connect to the LDAP server and retrieve naming contexts
$ldapPath
=
"LDAP://$($server):$ldapPort/RootDSE"
$directoryEntry
=
$null;
$namingContexts
=
$null
$directoryEntry
=
New-Object
DirectoryServices.DirectoryEntry($ldapPath)
Write-Output
" Path: $($server):$ldapPort"
try
{
$directoryEntry.RefreshCache()
$namingContexts
=
$directoryEntry.Properties["namingContexts"]
Write-Output
" Naming Contexts:"
foreach
($context
in
$namingContexts) {
Write-Output
" $context"
}
}
catch
{write-host
"server is not operational"
-ForegroundColor Red}
Write-Host
"----------------------------------------"
-ForegroundColor Blue
}
- Ldap Module: This module is designed for working with non-AD LDAP environments. You can install it using the following command:
- LDAPCmdlets Module: Another option is the LDAPCmdlets module, which provides a set of cmdlets for working with LDAP directories. You can install it using the following command:
Install-Module -Name Ldap -RequiredVersion 0.1.2
Install-Module -Name LDAPCmdlets -RequiredVersion 20.0.7587.0
"Select or type a Distinguished Name or Naming Contect" – required to connect to directory with ADSI Edit – see also instances, list with key properties
This assumes you know the IP address and port
The Root DSE (Root Directory Service Entry) is a special entry in an LDAP directory that provides information about the directory server itself, such as the naming contexts, supported LDAP versions, and other capabilities.
# Define the LDAP path for the root DSE - Directory Service Entry
$ldapPath
=
"LDAP://123.45.67.89:12389/RootDSE"
# Create a DirectoryEntry object for the root DSE
$rootDSE
=
New-ObjectDirectoryServices.DirectoryEntry($ldapPath)
# Retrieve the naming contexts
$namingContexts
=
$rootDSE.Properties["namingContexts"]
# Display the naming contexts
foreach
($context
in
$namingContexts) {
Write-Output
"Naming
Context: $context"
}
It returned 3 values. I think the last one is what I want