none
Powershell with Remote AD

    Question

  • Hello,

    I new to powershell and I have created a few scripts to manage users in AD 2003. Currently these scripts are running on the AD server. However, I need to modify these scripts so that the script and AD are on separate server. How can update these scripts to indicate the AD host and an Admin login to create/modify a users.

    This is what I have right now:

    Create User:

    $user = $container.Create("User", "cn="+ $cn  )
    $user.put("userPrincipalName",$samAccountName)
    $user.put("sAMAccountName",$samAccountName)
    $user.put("userPassword",$pswd)

    Update User:

     $oUser = [adsi]"LDAP://$user"
     if ($firstName) {
      $oUser.put("givenName", $firstName)
     }

    Thank you for your help

     

     

    Friday, February 04, 2011 9:00 PM

Answers

  • you can connect to an AD-Controller with this command.

    $domain = New-Object DirectoryServices.DirectoryEntry ("LDAP://10.10.10.1" ,"domain\user" , "secret" )
    $domain  

    more infocan be found here:

    http://powershell.com/cs/blogs/ebook/archive/2009/04/10/chapter-19-user-management.aspx

    or just ask ;-)

     

    Accessing a Container
    
    Domains have a hierarchical structure like the file system directory structure. Containers inside the domain are either predefined directories or subsequently created organizational units. If you want to access a container, specify the LDAP path to the container. For example, if you want to access the predefined directory Users, you could access like this:
    $ldap = "/CN=Users,DC=scriptinternals,DC=technet"
    $cred = Get-Credential
    $pwd = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
    [Runtime.InteropServices.Marshal]::SecureStringToBSTR($cred.Password))
    $users = New-Object DirectoryServices.DirectoryEntry(
    "LDAP://10.10.10.1$ldap",$cred.UserName, $pwd)
    $users
    distinguishedName
    -----------------
    {CN=Users,DC=scriptinternals,DC=technet}

    Friday, February 04, 2011 9:47 PM

All replies

  • you can connect to an AD-Controller with this command.

    $domain = New-Object DirectoryServices.DirectoryEntry ("LDAP://10.10.10.1" ,"domain\user" , "secret" )
    $domain  

    more infocan be found here:

    http://powershell.com/cs/blogs/ebook/archive/2009/04/10/chapter-19-user-management.aspx

    or just ask ;-)

     

    Accessing a Container
    
    Domains have a hierarchical structure like the file system directory structure. Containers inside the domain are either predefined directories or subsequently created organizational units. If you want to access a container, specify the LDAP path to the container. For example, if you want to access the predefined directory Users, you could access like this:
    $ldap = "/CN=Users,DC=scriptinternals,DC=technet"
    $cred = Get-Credential
    $pwd = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
    [Runtime.InteropServices.Marshal]::SecureStringToBSTR($cred.Password))
    $users = New-Object DirectoryServices.DirectoryEntry(
    "LDAP://10.10.10.1$ldap",$cred.UserName, $pwd)
    $users
    distinguishedName
    -----------------
    {CN=Users,DC=scriptinternals,DC=technet}

    Friday, February 04, 2011 9:47 PM
  • create user:

    $container = "LDAP://<Path to organisaational unit> 

    $surname = read-host "User's last name (surname) " 
    $regex = "^([a-zA-Z'-]+)$" ## allows characters and dashes only 
    If ($surname -notmatch $regex) { 
          Write-Host "Invalid surname specified. $surname" -foregroundcolor Cyan 
          break 

      
    $name = Read-Host "User's first name " 
    $passwd = Read-Host "Specify user's password " 
    ## Password must be at least 6 characters,  
    ## no more than 15 characters,  
    ## and must include at least one upper case letter,  
    ## one lower case letter, and one numeric digit. 
    $regex = "^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{6,15}$" 
    If ($password -notmatch $regex) { 
          Write-Host "Invalid password specified. $password" -foregroundcolor Cyan 
          break 

      
    $DisplayName = "$surname, $name $tussenvoegsel" 
    Write-Host "Creating user $DisplayName using New-Mailbox cmdlet.." -foregroundcolor Cyan 
      
    New-ADUser -SamAccountName $surname -Name $displayname -AccountPassword $passwd -Enabled $true -Path $container

     

     


    regards Thomas Paetzold visit my blog on: http://sus42.wordpress.com
    Friday, February 04, 2011 9:48 PM
  • Thanks for the link

    So to create a user can do something like:

    $domain = New-Object DirectoryServices.DirectoryEntry ("LDAP://10.10.10.1" ,"domain\user" , "secret" )
    $user = $domain.Create("User", "cn="+ $cn  )

    or is there another step that I need to go through?

    Thanks for your help

     

    Friday, February 04, 2011 9:58 PM
  • Thanks for the link

    So to create a user can do something like:

    $domain = New-Object DirectoryServices.DirectoryEntry ("LDAP://10.10.10.1" ,"domain\user" , "secret" )
    $user = $domain.Create("User", "cn="+ $cn  )

    or is there another step that I need to go through?

    Thanks for your help

     

    do it like that:

    $container = New-Object DirectoryServices.DirectoryEntry("LDAP://10.10.10.1/CN=Users,DC=scriptinternals,DC=technet","domain\user", "secret")

    Friday, February 04, 2011 10:04 PM