locked
Using ADSISearcher Accelerator across domains RRS feed

  • Question

  • I'm trying to improve this tool here by adding cross-domain functionality and a few more functions. I was able to add the functions I wanted but I'm getting stuck on making this work across different domains (child domain to be precise).

    1) There is a root domain "test.com" and a child domain called "sub.test.com"

    2) The user that is running this code is a domain admin on the root domain.

    3) The code will run on a server in the child domain ie. "server1.sub.test.com"

    Here's the code(it works just fine without LDAP filter):

        $name = "test"
        $Searcher = [ADSISearcher]"((LDAP://DC=sub,DC=test,DC=com)(sAMAccountName=$Name))"
        $Results = $Searcher.FindOne()
        if ($Results -ne $null){
            if($Results.properties.lockouttime -gt 0){
                Write-Host "locked"
            $name
            }else{
                Write-Host "not locked"
            }
        }else{
                Write-Host "not found"
              }

    And this is what I'm getting:

    Exception calling "FindOne" with "0" argument(s): "The directory service is unavailable.
    "
    At line:3 char:9
    +         $Results = $Searcher.FindOne()
    +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : COMException 

    What am I missing here? Is the syntax wrong for the search root filter?

    Wednesday, April 8, 2015 3:00 PM

Answers

  • You need to set the SearchRoot the Filter properties separately.


    $Searcher = [ADSISearcher] "(sAMAccountName=$Name)"
    $Searcher.SearchRoot = [ADSI] "LDAP://DC=sub,DC=test,DC=com"
    

    When you create the DirectorySearcher object using the [ADSISearcher] type accelerator, a string parameter after it sets the Filter property. Alternatively if you specify a DirectoryEntry object as its parameter, its sets the SearchRoot property; e.g.:


    $Searcher = [ADSISearcher] ([ADSI] "LDAP://dc=dub,DC=test,DC=com")
    $Searcher.Filter = "(sAMAccountName=$Name)"


    -- Bill Stewart [Bill_Stewart]

    • Marked as answer by mbaybarsk Wednesday, April 8, 2015 3:21 PM
    Wednesday, April 8, 2015 3:14 PM

All replies

  • You need to set the SearchRoot the Filter properties separately.


    $Searcher = [ADSISearcher] "(sAMAccountName=$Name)"
    $Searcher.SearchRoot = [ADSI] "LDAP://DC=sub,DC=test,DC=com"
    

    When you create the DirectorySearcher object using the [ADSISearcher] type accelerator, a string parameter after it sets the Filter property. Alternatively if you specify a DirectoryEntry object as its parameter, its sets the SearchRoot property; e.g.:


    $Searcher = [ADSISearcher] ([ADSI] "LDAP://dc=dub,DC=test,DC=com")
    $Searcher.Filter = "(sAMAccountName=$Name)"


    -- Bill Stewart [Bill_Stewart]

    • Marked as answer by mbaybarsk Wednesday, April 8, 2015 3:21 PM
    Wednesday, April 8, 2015 3:14 PM
  • Thanks a lot! That was really it! 
    Wednesday, April 8, 2015 3:29 PM