Discover how a bimodal integration strategy can address the major data management challenges facing your organization today.
Get the Report →Automate LDAP Integration Tasks from PowerShell
Are you in search of a quick and easy way to access LDAP objects from PowerShell? This article demonstrates how to utilize the LDAP Cmdlets for tasks like connecting to LDAP objects, automating operations, downloading data, and more.
The CData Cmdlets for LDAP are standard PowerShell cmdlets that make it easy to accomplish data cleansing, normalization, backup, and other integration tasks by enabling real-time and bidirectional access to LDAP.
PowerShell Cmdlets or ADO.NET Provider?
The Cmdlets are not only a PowerShell interface to LDAP, but also an SQL interface; this tutorial shows how to use both to create, retrieve, update, and delete LDAP objects. We also show examples of the ADO.NET equivalent, which is possible with the CData ADO.NET Provider for LDAP. To access LDAP objects from other .NET applications, like LINQPad, use the CData ADO.NET Provider for LDAP.
Once you have acquired the necessary connection properties, accessing LDAP objects in PowerShell can be enabled in three steps.
To establish a connection, the following properties under the Authentication section must be provided:
- Valid User and Password credentials (e.g., Domain\BobF or cn=Bob F,ou=Employees,dc=Domain).
- Server information, including the IP or host name of the Server, as well as the Port.
BaseDN: This will limit the scope of LDAP searches to the height of the distinguished name provided.
Note: Specifying a narrow BaseDN may greatly increase performance; for example, cn=users,dc=domain will only return results contained within cn=users and its children.
PowerShell
-
Install the module:
Install-Module LDAPCmdlets
-
Connect:
$ldap = Connect-LDAP -User "$User" -Password "$Password" -Server "$Server" -Port "$Port"
-
Search for and retrieve data:
$cn = "Administrator" $user = Select-LDAP -Connection $ldap -Table "User" -Where "CN = `'$CN`'" $user
You can also use the Invoke-LDAP cmdlet to execute SQL commands:
$user = Invoke-LDAP -Connection $ldap -Query 'SELECT * FROM User WHERE CN = @CN' -Params @{'@CN'='Administrator'}
ADO.NET
-
Load the provider's assembly:
[Reflection.Assembly]::LoadFile("C:\Program Files\CData\CData ADO.NET Provider for LDAP\lib\System.Data.CData.LDAP.dll")
-
Connect to LDAP:
$conn= New-Object System.Data.CData.LDAP.LDAPConnection("User=Domain\BobF;Password=bob123456;Server=10.0.1.1;Port=389;") $conn.Open()
-
Instantiate the LDAPDataAdapter, execute an SQL query, and output the results:
$sql="SELECT Id, LogonCount from User" $da= New-Object System.Data.CData.LDAP.LDAPDataAdapter($sql, $conn) $dt= New-Object System.Data.DataTable $da.Fill($dt) $dt.Rows | foreach { Write-Host $_.id $_.logoncount }
Update LDAP Objects
PowerShell
Update-LDAP -Connection $LDAP -Columns @('Id','LogonCount') -Values @('MyId', 'MyLogonCount') -Table User -Id "MyId"
ADO.NET
$cmd = New-Object System.Data.CData.LDAP.LDAPCommand("UPDATE User SET CN='Administrator' WHERE Id = @myId", $conn)
$cmd.Parameters.Add((New-Object System.Data.CData.LDAP.LDAPParameter("@myId","10456255-0015501366")))
$cmd.ExecuteNonQuery()
Insert LDAP Objects
PowerShell
Add-LDAP -Connection $LDAP -Table User -Columns @("Id", "LogonCount") -Values @("MyId", "MyLogonCount")
ADO.NET
$cmd = New-Object System.Data.CData.LDAP.LDAPCommand("INSERT INTO User (CN) VALUES (@myCN)", $conn)
$cmd.Parameters.Add((New-Object System.Data.CData.LDAP.LDAPParameter("@myCN","Administrator")))
$cmd.ExecuteNonQuery()
Delete LDAP Objects
PowerShell
Remove-LDAP -Connection $LDAP -Table "User" -Id "MyId"
ADO.NET
$cmd = New-Object System.Data.CData.LDAP.LDAPCommand("DELETE FROM User WHERE Id=@myId", $conn)
$cmd.Parameters.Add((New-Object System.Data.CData.LDAP.LDAPParameter("@myId","001d000000YBRseAAH")))
$cmd.ExecuteNonQuery()
CodeProject