Query AD LDS with Powershell and Credentials

Question

I can connect to my AD LDS instance using LDP from a Windows server, but I am struggling to connect/bind and query my AD LDS instance with PowerShell from the same server. I can't figure out the correct PowerShell syntax.

Here are the connection parameters/steps that work for LDP:

Server = idm.mydomain.com

Port = 636

Check the SSL checkbox

Once connected to idm.mydomain.com, go to Bind

User = CN=canvas_service,OU=Users,OU=Infrastructure Support,DC=idm,DC=mydomain,DC=com

Password = MyPassWord

Bind type = Simple bind

Here is what I've tried in PowerSHell

Import-Module ActiveDirectory

 
##############################################################################################
# Username, Password of an admin account for the AD LDS and the location of the AD LDS
$credUsername = 'CN=canvas_service,OU=Users,OU=Infrastructure Support,DC=idm,DC=mydomain,DC=com'
$credPassword = 'MyPassWord'
$server = 'idm.mydomain.com:636'
$userName = '*'
##############################################################################################
 
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList `
        @($credUsername,(ConvertTo-SecureString -String $credPassword -AsPlainText -Force))

$user = Get-ADUser -Filter {cn -eq $userName} -SearchBase "OU=Users,OU=Infrastructure Support,DC=idm,DC=mydomain,DC=com" -server $server -Credential $cred

Result Get-ADUser : Unable to contact the server.

I can't find any PowerShell examples on the web that include credentials and SSL that can point me in the corect direction. Any help greatly appreciated.

The AD Module uses ADWS as far as I know, if you want to use LDAPS you likely need to use `adsi` — Santiago Squarzon, Apr 04 '22 at 22:15

Santiago Squarzon · Answer 1 · 2022-04-05T03:53:00.673

As in my comments, the Active Directory Module uses Active Directory Web Services as protocol, it's not possible to use LDAP over SSL (LDAPS for short) with this Module. You would need to resort to adsi for binding and adsisearcher for querying.

Haven't done this in a while so it's likely that the code below won't work but hopefully can help you get on track.

$server = "idm.mydomain.com"
$port = 636
$ou = "OU=Users,OU=Infrastructure Support,DC=idm,DC=mydomain,DC=com"
$toSearch = "canvas_service"

# Below might require you to add `None` or `0` to the constructor for SimpleBind
# Beginning with .NET Framework 2.0, the default value is `Secure` or `1`.
$adsi = [adsi]::new("LDAP://${server}:${port}", "myUser", "myPasswordAsPlainText!!")
$searcher = [adsisearcher]::new($adsi)
$searcher.PropertiesToLoad.AddRange(@("samAccountName", "cn", "distinguishedName"))
$searcher.SearchRoot = $ou
$searcher.SearchScope = "SubTree"
$searcher.Filter = "(&(cn=$toSearch)(objectClass=user))"
$searcher.FindOne()

Query AD LDS with Powershell and Credentials

1 Answers1