Private/GetGroupObjectsInLDAP.ps1
|
function GetGroupObjectsInLDAP { [CmdletBinding()] Param( [Parameter(Mandatory=$False)] [int]$ObjectCount = 0, [Parameter(Mandatory=$False)] [string]$Domain, [Parameter(Mandatory=$False)] [pscredential]$LDAPCreds ) #region >> Prep if ($PSVersionTable.Platform -eq "Unix" -and !$LDAPCreds) { Write-Error "On this Platform (i.e. $($PSVersionTable.Platform)), you must provide credentials with access to LDAP/Active Directory using the -LDAPCreds parameter! Halting!" $global:FunctionResult = "1" return } if ($LDAPCreds) { # Make sure the $LDAPCreds.UserName is in the correct format if ($LDAPCreds.UserName -notmatch "\\") { Write-Error "The -LDAPCreds UserName is NOT in the correct format! The format must be: <Domain>\<User>" $global:FunctionResult = "1" return } } if ($PSVersionTable.Platform -eq "Unix") { # Determine if we have the required Linux commands [System.Collections.ArrayList]$LinuxCommands = @( "echo" "host" "hostname" "ldapsearch" #"expect" ) if (!$Domain) { $null = $LinuxCommands.Add("domainname") } [System.Collections.ArrayList]$CommandsNotPresent = @() foreach ($CommandName in $LinuxCommands) { $CommandCheckResult = command -v $CommandName if (!$CommandCheckResult) { $null = $CommandsNotPresent.Add($CommandName) } } if ($CommandsNotPresent.Count -gt 0) { [System.Collections.ArrayList]$FailedInstalls = @() if ($CommandsNotPresent -contains "echo" -or $CommandsNotPresent -contains "whoami") { try { $null = InstallLinuxPackage -PossiblePackageNames "coreutils" -CommandName "echo" } catch { $null = $FailedInstalls.Add("coreutils") } } if ($CommandsNotPresent -contains "host" -or $CommandsNotPresent -contains "hostname" -or $CommandsNotPresent -contains "domainname") { try { $null = InstallLinuxPackage -PossiblePackageNames @("dnsutils","bindutils","bind-utils","bind-tools") -CommandName "nslookup" } catch { $null = $FailedInstalls.Add("dnsutils_bindutils_bind-utils_bind-tools") } } if ($CommandsNotPresent -contains "ldapsearch") { try { $null = InstallLinuxPackage -PossiblePackageNames "openldap-clients" -CommandName "ldapsearch" } catch { $null = $FailedInstalls.Add("openldap-clients") } } <# if ($CommandsNotPresent -contains "expect") { try { $null = InstallLinuxPackage -PossiblePackageNames "expect" -CommandName "expect" } catch { $null = $FailedInstalls.Add("expect") } } #> if ($FailedInstalls.Count -gt 0) { Write-Error "The following Linux packages are required, but were not able to be installed:`n$($FailedInstalls -join "`n")`nHalting!" $global:FunctionResult = "1" return } } [System.Collections.ArrayList]$CommandsNotPresent = @() foreach ($CommandName in $LinuxCommands) { $CommandCheckResult = command -v $CommandName if (!$CommandCheckResult) { $null = $CommandsNotPresent.Add($CommandName) } } if ($CommandsNotPresent.Count -gt 0) { Write-Error "The following Linux commands are required, but not present on $env:ComputerName:`n$($CommandsNotPresent -join "`n")`nHalting!" $global:FunctionResult = "1" return } } # Below $LDAPInfo Output is PSCustomObject with properties: DirectoryEntryInfo, LDAPBaseUri, # GlobalCatalogConfigured3268, GlobalCatalogConfiguredForSSL3269, Configured389, ConfiguredForSSL636, # PortsThatWork try { if ($Domain) { $DomainControllerInfo = GetDomainController -Domain $Domain -ErrorAction Stop } else { $DomainControllerInfo = GetDomainController -ErrorAction Stop } if ($DomainControllerInfo.PrimaryDomainController -eq "unknown") { $PDC = $DomainControllerInfo.FoundDomainControllers[0] } else { $PDC = $DomainControllerInfo.PrimaryDomainController } $LDAPInfo = TestLDAP -ADServerHostNameOrIP $PDC -ErrorAction Stop if (!$DomainControllerInfo) {throw "Problem with GetDomainController function! Halting!"} if (!$LDAPInfo) {throw "Problem with TestLDAP function! Halting!"} } catch { Write-Error $_ $global:FunctionResult = "1" return } if (!$LDAPInfo.PortsThatWork) { Write-Error "Unable to access LDAP on $PDC! Halting!" $global:FunctionResult = "1" return } if ($LDAPInfo.PortsThatWork -contains "389") { $Port = "389" $LDAPUri = $LDAPInfo.LDAPBaseUri + ":$Port" } elseif ($LDAPInfo.PortsThatWork -contains "3268") { $Port = "3268" $LDAPUri = $LDAPInfo.LDAPBaseUri + ":$Port" } elseif ($LDAPInfo.PortsThatWork -contains "636") { $Port = "636" $LDAPUri = $LDAPInfo.LDAPBaseUri + ":$Port" } elseif ($LDAPInfo.PortsThatWork -contains "3269") { $Port = "3269" $LDAPUri = $LDAPInfo.LDAPBaseUri + ":$Port" } #endregion >> Prep #region >> Main if ($PSVersionTable.Platform -eq "Unix") { $SimpleDomainPrep = $PDC -split "\." $SimpleDomain = $SimpleDomainPrep[1..$($SimpleDomainPrep.Count-1)] -join "." [System.Collections.ArrayList]$DomainLDAPContainersPrep = @() foreach ($Section in $($SimpleDomain -split "\.")) { $null = $DomainLDAPContainersPrep.Add($Section) } $DomainLDAPContainers = $($DomainLDAPContainersPrep | foreach {"DC=$_"}) -join "," $BindUserName = $LDAPCreds.UserName $BindUserNameForExpect = $BindUserName -replace [regex]::Escape('\'),'\\\' $BindPassword = $LDAPCreds.GetNetworkCredential().Password $ldapSearchOutput = ldapsearch -x -h $PDC -D $BindUserName -w $BindPassword -b $DomainLDAPContainers -s sub "(objectClass=group)" cn <# $ldapSearchCmdForExpect = "ldapsearch -x -h $PDC -D $BindUserNameForExpect -W -b `"$DomainLDAPContainers`" -s sub `"(objectClass=group)`" cn" [System.Collections.ArrayList]$ExpectScriptPrep = @( 'expect - << EOF' 'set timeout 120' "set password $BindPassword" 'set prompt \"(>|:|#|\\\\\\$)\\\\s+\\$\"' "spawn $ldapSearchCmdForExpect" 'match_max 100000' 'expect \"Enter LDAP Password:\"' 'send -- \"\$password\r\"' 'expect -re \"\$prompt\"' 'send -- \"exit\r\"' 'expect eof' 'EOF' ) $ExpectScript = $ExpectScriptPrep -join "`n" #Write-Host "`$ExpectScript is:`n$ExpectScript" #$ExpectScript | Export-CliXml "$HOME/ExpectScript2.xml" # The below $ExpectOutput is an array of strings $ExpectOutput = $ldapSearchOutput = bash -c "$ExpectScript" #> $Groups = $ldapSearchOutput -match "cn:" | foreach {$_ -replace 'cn:[\s]+'} if ($ObjectCount -gt 0) { $Groups = $Groups[0..$($ObjectCount-1)] } } else { try { if ($LDAPCreds) { $LDAPUserName = $LDAPCreds.UserName $LDAPPassword = $LDAPCreds.GetNetworkCredential().Password $LDAPSearchRoot = [System.DirectoryServices.DirectoryEntry]::new($LDAPUri,$LDAPUserName,$LDAPPassword) } else { $LDAPSearchRoot = [System.DirectoryServices.DirectoryEntry]::new($LDAPUri) } $LDAPSearcher = [System.DirectoryServices.DirectorySearcher]::new($LDAPSearchRoot) $LDAPSearcher.Filter = "(&(objectCategory=Group))" $LDAPSearcher.SizeLimit = 0 $LDAPSearcher.PageSize = 250 $Groups = $LDAPSearcher.FindAll() | foreach {$_.GetDirectoryEntry()} if ($ObjectCount -gt 0) { $Groups = $Groups[0..$($ObjectCount-1)] } } catch { Write-Error $_ $global:FunctionResult = "1" return } } $Groups #endregion >> Main } # SIG # Begin signature block # MIIM3gYJKoZIhvcNAQcCoIIMzzCCDMsCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUHv8BwFS7OUMiNkUeyPl2XMfp # JO6gggpPMIIEKTCCAxGgAwIBAgITRAAAAALGGh0rrvpIiwAAAAAAAjANBgkqhkiG # 9w0BAQsFADBAMRMwEQYKCZImiZPyLGQBGRYDbGFiMRUwEwYKCZImiZPyLGQBGRYF # YWxwaGExEjAQBgNVBAMTCUFscGhhREMwMTAeFw0xODExMDYxNTQ2MjhaFw0yMDEx # MDYxNTU2MjhaMEExEzARBgoJkiaJk/IsZAEZFgNsYWIxFTATBgoJkiaJk/IsZAEZ # FgVhbHBoYTETMBEGA1UEAxMKQWxwaGFTdWJDQTCCASIwDQYJKoZIhvcNAQEBBQAD # ggEPADCCAQoCggEBAJ0yJxQZZ7jXPnBuOefihL0ehpBF1zoZpcM30pWneQA/kk9w # ByX9ISyKWTABstiIu8b2g6lKUjZBM8AOcLPSjl1ZMQkh+qaSQbJFVNeNYllGpjd1 # oOYvSPtr9iPpghVkAFWw9IdOgnd/4XDd4NqlddyR4Qb0g7v3+AMYrqhQCk2VzELp # 215LEO9sy1EMy7+B29B6P43Rp7ljA9Wc4Hnl+onviFWcIxmIhd0yGdobSxOSDgv5 # SUBfwk+DW03Y9pmJJHCU9hXFFVsPnrfBEvicGrkYx0vA+/O+jh5otex4eR+Tt7eB # 5VhrfdHKbEkZnBwrJOVz3rURZIu3BsDFSfwNd70CAwEAAaOCARkwggEVMBAGCSsG # AQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRWBfwwFO+72Ebloy7rHmHnxX3k5DAZBgkr # BgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/ # BAUwAwEB/zAfBgNVHSMEGDAWgBTq79v4G/Vf91c0y+vSJBWEI/vmDTA8BgNVHR8E # NTAzMDGgL6AthitodHRwOi8vcGtpLmFscGhhLmxhYi9jZXJ0ZGF0YS9BbHBoYURD # MDEuY3JsMEcGCCsGAQUFBwEBBDswOTA3BggrBgEFBQcwAoYraHR0cDovL3BraS5h # bHBoYS5sYWIvY2VydGRhdGEvQWxwaGFEQzAxLmNydDANBgkqhkiG9w0BAQsFAAOC # AQEAoE9hHZ0Y5M5tC15cnxVNJa/ILfwRmwCxzPyOAUrdBu4jbSHF2vRsKIJAXFs4 # +mwXqXpLYSUbXF5tfB86OKs2f9L7soln3BXJHj3eEs27htf7RJK1JjPtO8rs3pdn # h7TbDO3nyjkTcywJioScFZUTdIsQj7TBm3HIQ+/ZSdIWMHlQnYV2kW13XqUZnLhv # PRjy1NMBG1BAxUrc4bMi1X+mVxoYb/tiB59jakd95wi7ICi2H/07dXoDpi+kAQA1 # ki1/U+cuDhuH7Q8hegt64MlmKD01rO5HODVujuIG1+M5ZkGDeLNKksPHcSJ/DBSn # KjZca16Sn9No2kLq1q9gD8X/wzCCBh4wggUGoAMCAQICE3AAAAAHhXSIXehTWisA # AAAAAAcwDQYJKoZIhvcNAQELBQAwQTETMBEGCgmSJomT8ixkARkWA2xhYjEVMBMG # CgmSJomT8ixkARkWBWFscGhhMRMwEQYDVQQDEwpBbHBoYVN1YkNBMB4XDTE4MTEw # NzAzMTQyMFoXDTE5MTEwNzAzMTQyMFowTzETMBEGCgmSJomT8ixkARkWA2xhYjEV # MBMGCgmSJomT8ixkARkWBWFscGhhMQ4wDAYDVQQDEwVVc2VyczERMA8GA1UEAxMI # YWxwaGFkZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCMUGwGv3p0 # prkDmSUQphU6UvIFQ57NxJFUOSmMZ7SY/nYNDy0iTN26eD0S5J8AQE8B/IGLHUno # tKFl2AUcQ31hpaSLE1YkThR3WZ4SFUaBMUgKKLc/RQKqE0iNbAfh53N/nnGs6jyu # 47kyuFRwWE2tZee6b5hh0dbT7YZnahLO7cLWErU4ikWWjEA98TcMK1gaNa5ThBn1 # +4bo9wuxjRKIGpkUJBP/1gq8qeSJnfNelZ34lD0EEirj7/YTzL5YkHMSXTuFMozw # Av4lXUW/qZ1pAT9rKBalQETxBv9SuC31hU/2EiB4EYYqVFLHglFRogLd7nFZhqa/ # 2O+WdW2LsW9lAgMBAAGjggL/MIIC+zAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYE # FMy71rz8tJOXdsGvBt6SIVSKUlrkMB8GA1UdIwQYMBaAFFYF/DAU77vYRuWjLuse # YefFfeTkMIH3BgNVHR8Ege8wgewwgemggeaggeOGgbJsZGFwOi8vL0NOPUFscGhh # U3ViQ0EsQ049QWxwaGFTdWJDQSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2Vy # dmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1hbHBoYSxEQz1s # YWI/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNS # TERpc3RyaWJ1dGlvblBvaW50hixodHRwOi8vcGtpLmFscGhhLmxhYi9jZXJ0ZGF0 # YS9BbHBoYVN1YkNBLmNybDCB9AYIKwYBBQUHAQEEgecwgeQwgacGCCsGAQUFBzAC # hoGabGRhcDovLy9DTj1BbHBoYVN1YkNBLENOPUFJQSxDTj1QdWJsaWMlMjBLZXkl # MjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPWFscGhh # LERDPWxhYj9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNh # dGlvbkF1dGhvcml0eTA4BggrBgEFBQcwAoYsaHR0cDovL3BraS5hbHBoYS5sYWIv # Y2VydGRhdGEvQWxwaGFTdWJDQS5jcnQwPQYJKwYBBAGCNxUHBDAwLgYmKwYBBAGC # NxUIhLycPIHG3hyBiYk0hLvpfobokGRgg9+kPoHDslgCAWQCAQIwHwYDVR0lBBgw # FgYKKwYBBAGCNwoDDAYIKwYBBQUHAwMwKQYJKwYBBAGCNxUKBBwwGjAMBgorBgEE # AYI3CgMMMAoGCCsGAQUFBwMDMC0GA1UdEQQmMCSgIgYKKwYBBAGCNxQCA6AUDBJh # bHBoYWRldkBhbHBoYS5sYWIwDQYJKoZIhvcNAQELBQADggEBAIhV0GPEvq5KwIs+ # DTqLsqHcojMyJhJwrZkEim2XAJfNQFkiDrZzism7lOyXYJol6Bjz1txhos7P194+ # VyBdEZ/Q+r94hrq6SFgC2gCAReDZiy50Au/hTv958QNX/O0OFdIGBxavLqBrWbwu # yH+RtE9E4LICSPPd0dM/5XE0xtqDMjZcl3pVkqgHpv3O3zgtsTW+FWr4b9lq3rCO # HxsBGU1w7Eh0LLK8MLqioecr/4B1rPTJkcASXWMU5bllQgQvUmlKW0GIfhC9aM4J # 04MeJOU1mHLjDcxwWpDD670AFmGRg/mMPxMywvY0HLUszWikcXNYxF1ph+LhlLI9 # f9R1qqkxggH5MIIB9QIBATBYMEExEzARBgoJkiaJk/IsZAEZFgNsYWIxFTATBgoJ # kiaJk/IsZAEZFgVhbHBoYTETMBEGA1UEAxMKQWxwaGFTdWJDQQITcAAAAAeFdIhd # 6FNaKwAAAAAABzAJBgUrDgMCGgUAoHgwGAYKKwYBBAGCNwIBDDEKMAigAoAAoQKA # ADAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYK # KwYBBAGCNwIBFTAjBgkqhkiG9w0BCQQxFgQU51eceTtkV/TVEQyWQcLstBWr5OQw # DQYJKoZIhvcNAQEBBQAEggEAgxxzRrwOP7P9+0FOrQ7dirc5VH7KJgxdzbu9OhoB # l3OpJfZVWofIFutEWkmQ/JJEgQk1BNN0t0klHJH9p9SkhR2lNbb7Pd6BAaPnrKnP # jt1y9oHggI64/bNf+Lidf3Zn5QcXWjQoDr2X+WDgGKEieK55kZ3hIToaqP7PPVBE # 4bIF9LjX6Z6D02vkcmgckk8AHJNptmoWumKsfrKZPePl2NRCRuTs0RtFdhXK+8EC # FIn9W6s4BJ02FKMNwLedNHSWpU2M52XTDGFVhWfVziC5DVMmAkapfeWKL2bMO0/L # KhG1i5mKhykrLlOP4PLt2L2FBax+vBJs9RtLBreYg+1QPA== # SIG # End signature block |