Out of interest how are you planning to block the use of LDAP and what changes are you planning to make so clients only connect on LDAPS/636?
Gary.
using LDAPS query in powershell
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 49%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESJ%3C/text%3E%3C/svg%3E)
shashidhar joliholi
291
Reputation points
Hi Team,
We are using following powershell cmdlets to get user info.
$AccountName = "Shashidhar.Joliholi"
$Query = "(&(objectClass=user)(objectCategory=person)(samAccountName=$AccountName))"
$UserInfo = Get-ADUser -LDAPFilter $Query
We are planning to block LDAP and go with LDAPS in DCs. does it impact above powershell script. if yes, what modification need to be done on the powershell cmdlets to use LDAPS to get $UserInfo.
can i use $UserInfo = Get-ADUser -LDAPFilter $Query -server dc.domain.com:636 ?
Need your help!
Thanks,
Shashidhar Joliholi
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | PowerShell
2 answers
Sort by: Most helpful
-
SChalakov 10,781 Reputation points MVP Volunteer Moderator2022-03-10T11:57:32.66+00:00 Hi @shashidhar joliholi ,
No matter if you are using LDAP or LDAPS the query will always remain the same. The only difference is that the LDAP communication gets encrypted when using LDAPS.
You don't need to change anything regarding the query.Hope I was able to answer your question.
----------
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Stoyan Chalakov-
shashidhar joliholi 291 Reputation points
2022-03-10T12:21:58.44+00:00 Hi Stoyan,
Thanks for the comments. we are using -LDAPfilter to use LDAP queries in the powershell Get-ADUser. if we block LDAP
does -LDAPfilter works with LDAPS. ? or i need to modify anything in the script to communicate through LDAPS.$UserInfo = Get-ADUser -LDAPFilter $Query -server dc.domain.com:636 ? do it works ?
Thanks,
Shashidhar Joliholi -
SChalakov 10,781 Reputation points MVP Volunteer Moderator
2022-03-10T12:35:14.543+00:00 Hi Shashidhar,
yes, as already mentioned the only thing that changes with using LDAPs are the encrypted connection and also the port (like seen in your command).
You can find another exmaple here:Powershell and LDAPS
https://social.technet.microsoft.com/Forums/scriptcenter/en-US/0d19f956-b8ce-4b3e-b987-cbba83fd89cc/powershell-and-ldaps?forum=ITCGWhat is important of course is that all your domain controllers are configured for ldaps, meaning tehy have the required certificate.
You can test the ldaps connectivity to your DCs, using the function here:
Testing LDAP and LDAPS connectivity with PowerShell
https://evotec.xyz/testing-ldap-and-ldaps-connectivity-with-powershell/Hope this clarifies it.
Regareds,
Stoyan
Sign in to comment -