Share via

Test LDAPS Connection using Powershell [ADSI] and alternate credentials

Rob D 0 Reputation points
2023-01-24T18:55:19.3066667+00:00

Hello,

I have a web server in a DMZ, and want to test a secure LDAP connection to the non-DMZ domain using alternate credentials. Is there a way to get Powershell to prompt for credentials with the [adsi] command?

I would like to be able to run [adsi]"LDAP://myadserver.mydomain.local:636" and have it prompt for user credentials. So far I am not having any luck.

Thanks for any help

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | PowerShell
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 45,226 Reputation points
    2023-01-25T16:26:59.9133333+00:00 
    Hello there,

You can use Test-LDAP to verify whether LDAP and LDAPS are available on one or more Domain Controllers.

Function Test-LDAPConnection {
    [CmdletBinding()]
               
    # Parameters used in this function
    Param
    (
        [Parameter(Position=0, Mandatory = $True, HelpMessage="Provide domain controllers names, example DC01", ValueFromPipeline = $true)] 
        $DCs,
  
        [Parameter(Position=1, Mandatory = $False, HelpMessage="Provide port number for LDAP", ValueFromPipeline = $true)] 
        $Port = "636"
    ) 
  
    $ErrorActionPreference = "Stop"
    $Results = @()
    Try{ 
        Import-Module ActiveDirectory -ErrorAction Stop
    }
    Catch{
        $_.Exception.Message
        Break
    } 
         
    ForEach($DC in $DCs){
        $DC =$DC.trim()
        Write-Verbose "Processing $DC"
        Try{
            $DCName = (Get-ADDomainController -Identity $DC).hostname
        }
        Catch{
            $_.Exception.Message
            Continue
        }
  
        If($DCName -ne $Null){  
            Try{
                $Connection = [adsi]"LDAP://$($DCName):$Port"
            }
            Catch{
                $ExcMessage = $_.Exception.Message
                throw "Error: Failed to make LDAP connection. Exception: $ExcMessage"
            }
  
            If ($Connection.Path) {
                $Object = New-Object PSObject -Property ([ordered]@{ 
                       
                    DC                = $DC
                    Port              = $Port
                    Path              = $Connection.Path
                })
  
                $Results += $Object
            }         
        }
    }
  
    If($Results){
        Return $Results
    }


Hope this resolves your Query !!

--If the reply is helpful, please Upvote and Accept it as an answer--

    1 person found this answer helpful.
    0 comments
  2. Rich Matheisen 48,116 Reputation points
    2023-01-24T20:22:34.59+00:00

    Try either of these:

    $user = Read-Host "User: "
$password = Read-Host "Password: "
$ADSI = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$OUPath", $username, $password)


    $cred     = Get-Credential

$ADSI = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$OUPath", $cred.UserName, $cred.GetNetworkCredential().Password
            )

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.