Hello
If a understand correct, you are looking for this.
$ldapFilter = "(&(objectClass=computer)(lastLogonTimestamp>=1))"
$computers = Get-ADComputer -LDAPFilter $ldapFilter
If not, please, explain what u expect from a result.
Regards
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We are planning to migrate our current domain (LDAP) to a new domain (LDAPS) in our company.
All of the clients in our site authenticated against LDAP AD. Now we want to block LDAP auth, and migrate all clients to a new domain using LDAPS.
Is there a LDAP query in PowerShell to check all Windows/Linux clients authenticate against LDAP within AD?
Hello
If a understand correct, you are looking for this.
$ldapFilter = "(&(objectClass=computer)(lastLogonTimestamp>=1))"
$computers = Get-ADComputer -LDAPFilter $ldapFilter
If not, please, explain what u expect from a result.
Regards
I want to check or list the users (and their PC name) that are authenticated right now for my Windows domain using ldap query in PowerShell.
Below query did not return a response.
$ldapFilter = "(&(objectClass=computer)(lastLogonTimestamp>=1))"
$computers = Get-ADComputer -LDAPFilter $ldapFilter
The AD won't have the information you're looking for.
This is old and the EventIDs have probably changed: https://serverfault.com/questions/193100/log-ldap-access-of-the-active-directory
Here's another way (more recent): https://www.manageengine.com/products/active-directory-audit/how-to/how-to-monitor-active-directory-ldap-logs.html#:~:text=With%20ADAudit%20Plus%201%20Enable%20LDAP%20auditing%20Open,2012%29%20Number%20of%20daily%20unsecure%20LDAP%20bind%20
I'm sure you'll find other information on this subject. But know that the security log can fill rapidly. Keep any eye on it!