Automate LDAP Integration Tasks from PowerShell

Ready to get started?

Download for a free trial:

Download Now

Learn more:

LDAP ADO.NET Provider

Rapidly create and deploy powerful .NET applications that integrate with LDAP directory services!

In this article

Related articles


Are you looking for a quick and easy way to access LDAP objects from PowerShell? We show how to use the Cmdlets for LDAP and the CData ADO.NET Provider for LDAP to connect to LDAP objects and synchronize, automate, download, and more.

The CData Cmdlets for LDAP are standard PowerShell cmdlets that make it easy to accomplish data cleansing, normalization, backup, and other integration tasks by enabling real-time and bidirectional access to LDAP.

Cmdlets or ADO.NET?

The cmdlets are not only a PowerShell interface to the LDAP API, but also an SQL interface; this tutorial shows how to use both to create, retrieve, update, and delete LDAP objects. We also show examples of the ADO.NET equivalent, which is possible with the CData ADO.NET Provider for LDAP. To access LDAP objects from other .NET applications, like LINQPad, use the CData ADO.NET Provider for LDAP.

After obtaining the needed connection properties, accessing LDAP objects in PowerShell consists of three basic steps.

To establish a connection, the following properties under the Authentication section must be provided:

  • Valid User and Password credentials (e.g., Domain\BobF or cn=Bob F,ou=Employees,dc=Domain).
  • Server information, including the IP or host name of the Server, as well as the Port.

  • BaseDN: This will limit the scope of LDAP searches to the height of the distinguished name provided.

    Note: Specifying a narrow BaseDN may greatly increase performance; for example, cn=users,dc=domain will only return results contained within cn=users and its children.

PowerShell

  1. Install the module:

    Install-Module LDAPCmdlets

  2. Connect:

    $ldap = Connect-LDAP -User "$User" -Password "$Password" -Server "$Server" -Port "$Port"

  3. Search for and retrieve data:

    $cn = "Administrator" $user = Select-LDAP -Connection $ldap -Table "User" -Where "CN = `'$CN`'" $user

    You can also use the Invoke-LDAP cmdlet to execute SQL commands:

    $user = Invoke-LDAP -Connection $ldap -Query 'SELECT * FROM User WHERE CN = @CN' -Params @{'@CN'='Administrator'}

ADO.NET

  1. Load the provider's assembly:

    [Reflection.Assembly]::LoadFile("C:\Program Files\CData\CData ADO.NET Provider for LDAP\lib\System.Data.CData.LDAP.dll")

  2. Connect to LDAP:

    $conn= New-Object System.Data.CData.LDAP.LDAPConnection("User=Domain\BobF;Password=bob123456;Server=10.0.1.1;Port=389;") $conn.Open()

  3. Instantiate the LDAPDataAdapter, execute an SQL query, and output the results:

    $sql="SELECT Id, LogonCount from User" $da= New-Object System.Data.CData.LDAP.LDAPDataAdapter($sql, $conn) $dt= New-Object System.Data.DataTable $da.Fill($dt) $dt.Rows | foreach { Write-Host $_.id $_.logoncount }

Update LDAP Objects

PowerShell

Update-LDAP -Connection $LDAP -Columns @('Id','LogonCount') -Values @('MyId', 'MyLogonCount') -Table User -Id "MyId"

ADO.NET

$cmd = New-Object System.Data.CData.LDAP.LDAPCommand("UPDATE User SET CN='Administrator' WHERE Id = @myId", $conn) $cmd.Parameters.Add(new System.Data.CData.LDAP.LDAPParameter("@myId","10456255-0015501366")) $cmd.ExecuteNonQuery()

Insert LDAP Objects

PowerShell

Add-LDAP -Connection $LDAP -Table User -Columns @("Id", "LogonCount") -Values @("MyId", "MyLogonCount")

ADO.NET

$cmd = New-Object System.Data.CData.LDAP.LDAPCommand("INSERT INTO User (CN) VALUES (@myCN)", $conn) $cmd.Parameters.Add(new System.Data.CData.LDAP.LDAPParameter("@myCN","Administrator")) $cmd.ExecuteNonQuery()

Delete LDAP Objects

PowerShell

Remove-LDAP -Connection $LDAP -Table "User" -Id "MyId"

ADO.NET

$cmd = New-Object System.Data.CData.LDAP.LDAPCommand("DELETE FROM User WHERE Id=@myId", $conn) $cmd.Parameters.Add(new System.Data.CData.LDAP.LDAPParameter("@myId","001d000000YBRseAAH")) $cmd.ExecuteNonQuery()