-
-
Notifications
You must be signed in to change notification settings - Fork 54
/
Test-LDAPPorts.ps1
121 lines (108 loc) · 4.88 KB
/
Test-LDAPPorts.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
function Test-LDAPPorts {
<#
.SYNOPSIS
Short description
.DESCRIPTION
Long description
.PARAMETER ServerName
Parameter description
.PARAMETER Port
Parameter description
.PARAMETER Credential
Parameter description
.PARAMETER Identity
User to search for using LDAP query by objectGUID, objectSID, SamAccountName, UserPrincipalName, Name or DistinguishedName
.EXAMPLE
Test-LDAPPorts -ServerName 'SomeServer' -port 3269 -Credential (Get-Credential)
.EXAMPLE
Test-LDAPPorts -ServerName 'SomeServer' -port 3269
.NOTES
General notes
#>
[CmdletBinding()]
param(
[string] $ServerName,
[int] $Port,
[pscredential] $Credential,
[string] $Identity
)
if ($ServerName -and $Port -ne 0) {
Write-Verbose "Test-LDAPPorts - Processing $ServerName / $Port"
try {
$LDAP = "LDAP://" + $ServerName + ':' + $Port
if ($Credential) {
$Connection = [ADSI]::new($LDAP, $Credential.UserName, $Credential.GetNetworkCredential().Password)
} else {
$Connection = [ADSI]($LDAP)
}
$Connection.Close()
$ReturnData = [ordered] @{
Computer = $ServerName
Port = $Port
Status = $true
ErrorMessage = ''
}
} catch {
$ErrorMessage = $($_.Exception.Message) -replace [System.Environment]::NewLine
if ($_.Exception.ToString() -match "The server is not operational") {
Write-Warning "Test-LDAPPorts - Can't open $ServerName`:$Port. Error: $ErrorMessage"
} elseif ($_.Exception.ToString() -match "The user name or password is incorrect") {
Write-Warning "Test-LDAPPorts - Current user ($Env:USERNAME) doesn't seem to have access to to LDAP on port $ServerName`:$Port. Error: $ErrorMessage"
} else {
Write-Warning -Message "Test-LDAPPorts - Error: $ErrorMessage"
}
$ReturnData = [ordered] @{
Computer = $ServerName
Port = $Port
Status = $false
ErrorMessage = $ErrorMessage
}
}
if ($Identity) {
if ($ReturnData.Status -eq $true) {
try {
Write-Verbose "Test-LDAPPorts - Processing $ServerName / $Port / $Identity"
$LDAP = "LDAP://" + $ServerName + ':' + $Port
if ($Credential) {
$Connection = [ADSI]::new($LDAP, $Credential.UserName, $Credential.GetNetworkCredential().Password)
} else {
$Connection = [ADSI]($LDAP)
}
$Searcher = [System.DirectoryServices.DirectorySearcher]$Connection
$Searcher.Filter = "(|(DistinguishedName=$Identity)(Name=$Identity)(SamAccountName=$Identity)(UserPrincipalName=$Identity)(objectGUID=$Identity)(objectSid=$Identity))"
$SearchResult = $Searcher.FindOne()
$SearchResult
if ($SearchResult) {
$UserFound = $true
} else {
$UserFound = $false
}
$ReturnData['Identity'] = $Identity
$ReturnData['IdentityStatus'] = $UserFound
$ReturnData['IdentityData'] = $SearchResult
$ReturnData['IdentityErrorMessage'] = ""
$Connection.Close()
} catch {
$ErrorMessage = $($_.Exception.Message) -replace [System.Environment]::NewLine
if ($_.Exception.ToString() -match "The server is not operational") {
Write-Warning "Test-LDAPPorts - Can't open $ServerName`:$Port. Error: $ErrorMessage"
} elseif ($_.Exception.ToString() -match "The user name or password is incorrect") {
Write-Warning "Test-LDAPPorts - Current user ($Env:USERNAME) doesn't seem to have access to to LDAP on port $ServerName`:$Port. Error: $ErrorMessage"
} else {
Write-Warning -Message "Test-LDAPPorts - Error: $ErrorMessage"
}
$ReturnData['Identity'] = $Identity
$ReturnData['IdentityStatus'] = $false
$ReturnData['IdentityData'] = $null
$ReturnData['IdentityErrorMessage'] = $ErrorMessage
}
} else {
$ReturnData['Identity'] = $Identity
$ReturnData['IdentityStatus'] = $false
$ReturnData['IdentityData'] = $null
$ReturnData['IdentityErrorMessage'] = $ReturnData.ErrorMessage
}
}
[PSCustomObject] $ReturnData
}
}