LDAP query in PowerShell to check all Windows clients that are authenticate against LDAP in Active Directory

Ric L 6 Reputation points
2023-03-08T05:52:04.4466667+00:00

We are planning to migrate our current domain (LDAP) to a new domain (LDAPS) in our company.

All of the clients in our site authenticated against LDAP AD. Now we want to block LDAP auth, and migrate all clients to a new domain using LDAPS.

Is there a LDAP query in PowerShell to check all Windows/Linux clients authenticate against LDAP within AD? 

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,084 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,355 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,037 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Fabricio Godoy 2,601 Reputation points
    2023-03-08T18:42:57.96+00:00

    Hello

    If a understand correct, you are looking for this.

    $ldapFilter = "(&(objectClass=computer)(lastLogonTimestamp>=1))"
    $computers = Get-ADComputer -LDAPFilter $ldapFilter
    

    If not, please, explain what u expect from a result.

    Regards

    0 comments No comments

  2. Ric L 6 Reputation points
    2023-03-08T19:01:13.6733333+00:00

    I want to check or list the users (and their PC name) that are authenticated right now for my Windows domain using ldap query in PowerShell.

    Below query did not return a response.

    $ldapFilter = "(&(objectClass=computer)(lastLogonTimestamp>=1))"

    $computers = Get-ADComputer -LDAPFilter $ldapFilter

    0 comments No comments

  3. Rich Matheisen 44,696 Reputation points
    2023-03-08T19:43:38.9933333+00:00

    The AD won't have the information you're looking for.

    This is old and the EventIDs have probably changed: https://serverfault.com/questions/193100/log-ldap-access-of-the-active-directory

    Here's another way (more recent): https://www.manageengine.com/products/active-directory-audit/how-to/how-to-monitor-active-directory-ldap-logs.html#:~:text=With%20ADAudit%20Plus%201%20Enable%20LDAP%20auditing%20Open,2012%29%20Number%20of%20daily%20unsecure%20LDAP%20bind%20

    I'm sure you'll find other information on this subject. But know that the security log can fill rapidly. Keep any eye on it!

    0 comments No comments