使用PowerShell查询eDirectory

时间:2015-12-25 15:05:15

标签: powershell ldap identity-management edirectory netiq

我正在使用VBScript来搜索eDirectory 

Set dso = GetObject("LDAP:")
Dim pwd
pwd = "NotTellingU!"

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider", "cn=x12345,ou=IDM,ou=System,o=XYZ" , pwd

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = "<LDAP://myservq01.myplace.corp/o=XYZ>;" & _
    "(ou=*)" & ";" & "ou;onelevel"

Set objRecordSet = objCommand.Execute
WScript.Echo objRecordSet.RecordCount

尝试在PowerShell中使用它(v2):

[System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices.Protocols") | Out-Null
[System.Reflection.Assembly]::LoadWithPartialName("System.Net") | Out-Null

$BaseDN = "o=XYZ"
$attrlist = "ou"
$scope = [System.DirectoryServices.Protocols.SearchScope]::OneLevel
$Filter = "(ou=*)"

$c = New-Object System.DirectoryServices.Protocols.LdapConnection "myservq01.myplace.corp:389"
$c.SessionOptions.SecureSocketLayer = $FALSE;
$c.AuthType = [System.DirectoryServices.Protocols.AuthType]::Basic

$user = "cn=x12345,ou=IDM,ou=System,o=XYZ"
$pwd = "NotTellingU!"
$NovellCredentials = New-Object "System.Net.NetworkCredential" -ArgumentList $user,$pwd
$c.Credential = $NovellCredentials
$c.Bind()
$r = New-Object System.DirectoryServices.Protocols.SearchRequest -ArgumentList  $baseDN,$Filter,$scope,$attrlist
$re = $c.SendRequest($r);
"A Total of $($re.Entries.Count) Entry(s) found in LDAP Search"

在执行Bind和SendRequest的行上,我正在

  

使用“0”参数调用“绑定”的异常:“提供的凭据无效。”

我已经采取了两种NDS痕迹。从VBScript开始:

LDAP: New cleartext connection 0x2006dc70 from 123.45.211.222:58720, monitor = 0x85f45700, index = 17
LDAP: (123.45.211.222:58720)(0x0001:0x60) DoBind on connection 0x2006dc70
LDAP: (123.45.211.222:58720)(0x0001:0x60) Bind name:cn=x12345,ou=IDM,ou=System,o=XYZ, version:3, authentication:simple

LDAP: (123.45.211.222:58477)(0x0005:0x63) DoSearch on connection 0x2006dc70
LDAP: (123.45.211.222:58477)(0x0005:0x63) Search request:
   base: "o=XYZ"
   scope:1 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
   filter: "(ou=*)"
   attribute: "ou"
LDAP: (123.45.211.222:58477)(0x0005:0x63) Sending search result entry "ou=services,o=XYZ" to connection 0x2006dc70

来自PS:

LDAP: New cleartext connection 0x2006dc70 from 123.45.211.222:59552, monitor = 0x85f45700, index = 17
LDAP: (123.45.211.222:59552)(0x0007:0x60) DoBind on connection 0x2006dc70
LDAP: (123.45.211.222:59552)(0x0007:0x60) Bind name:cn=x12345,ou=IDM,ou=System,o=XYZ, version:2, authentication:simple
LDAP: (123.45.211.222:59552)(0x0007:0x60) Failed to authenticate local on connection 0x2006dc70, err = failed authentication (-669)
LDAP: (123.45.211.222:59552)(0x0007:0x60) Sending operation result 49:"":"NDS error: failed authentication (-669)" to connection 0x2006dc70

我能看到的唯一区别是Bind name行。当它工作时,我看到“版本:3”,当它失败“版本:2”,但我没有找到任何我可以用代码来控制它。

1 个答案:

答案 0 :(得分:0)

我不明白为什么这会产生影响,但在$ user和$ pwd变量周围使用单引号似乎可以使它工作:

$ user ='cn = x12345,ou = IDM,ou = System,o = XYZ' $ pwd ='NotTellingU!'

此网址有帮助 https://social.technet.microsoft.com/Forums/scriptcenter/en-US/d1c4fc40-b921-4840-9d98-d95d565672d1/queryenumerate-edirectory-in-powershell-via-systemdirectoryservices?forum=ITCG

相关问题
最新问题