Skip to content

LDAP Object Creation

Jump to bottom
Jiri Formacek edited this page Dec 22, 2024 · 2 revisions

Creation of LDAP objects

Code samples below show how to create new objects in LDAP directory. It's actually pretty straghtforward:

  • Create PSCustom object that contains necessary properties:
    • distinguished name
    • object class
    • other mandatory properties required by object class (such as sAMAccountName and password when you create enabled user account in AD)
    • optional properties
  • Create LDAP connection if not already created
  • call Add-LdapObject, passing PSCustomObject created above as parameter

Create user account in AD

#password manipulation requires secure connection. 
#Use one of supported encryption types to protect transmission channel
Get-LdapConnection -LdapServer mydomain.com -EncryptionType Kerberos
#We use transforms to convert values to LDAP native format when saving object to LDAP store
Register-LdapAttributeTransform -Name UnicodePwd
Register-LdapAttributeTransform -Name UserAccountControl

#Design the object
$Props = @{
  distinguishedName='cn=user1,cn=users,dc=mydomain,dc=com'
  objectClass='user'
  sAMAccountName='User1'
  unicodePwd='S3cur3Pa$$word'
  userAccountControl='UF_NORMAL_ACCOUNT'
  }

#Create the object according to design
$obj = new-object PSObject -Property $Props

#When dealing with password, LDAP server is likely
#to require encrypted connection
$Ldap = Get-LdapConnection -EncryptionType Kerberos
#Create the object in directory
$obj | Add-LdapObject -LdapConnection $Ldap

Clone this wiki locally