locked
version of LDAP in AD DS? RRS feed

  • Question

  • How can I find out what version of LDAP is incorporated into my active directory domain server?   I'm running C&A tests and I think it finding port 389/LDAP is a false positive but I need to know the version of LDAP to satisfy the test.

    Thanks!
    Thursday, January 14, 2010 2:27 PM

Answers

  • To make sure I didn't have a typo, I just copied and pasted the code I posted from this thread into a file (with *.vbs extension) and ran it on a computer joined to my test domain. It worked and reported Versions 2 and 3. My domain is Active Directory, but the RootDSE object should be supported on any LDAP server. I would think the SupportedLDAPVersion property would be supported on any LDAP server, but especially Active Directory.

    The only other thing I can think of to try is to use the GetEx method instead of the Get method. This worked for me, because the property is actually multi-valued. For example:

    For Each strVersion In objRootDSE.GetEx("SupportedLDAPVersion")


    And, I guess make sure you spelled the property name correctly in your version of the program, since the error message means the property was not found. Maybe one last thing to try is to specify a Domain Controller when you bind to the RootDSE object. For example:

    Set objRootDSE = GetObject("LDAP://MyServer/RootDSE")
    

    Richard Mueller


    MVP ADSI
    Thursday, January 14, 2010 6:37 PM

All replies

  • I've use the VBScript program below:

    Set objRootDSE = GetObject("LDAP://RootDSE")
    
    For Each strVersion In objRootDSE.Get("SupportedLDAPVersion")
        Wscript.Echo "LDAP Version: " & strVersion
    Next

    Run at a command prompt using cscript.

    Richard Mueller
    MVP ADSI
    Thursday, January 14, 2010 5:24 PM
  • I get an error that says Line:3 Char:1  The directory property cannot be found in the cache   Code: 8000500D  Source: Actived Director


    Any ideas???  I'm not very familiar with scsript so i could have done something wrong i guess.

    Thanks!
    Thursday, January 14, 2010 6:04 PM
  • To make sure I didn't have a typo, I just copied and pasted the code I posted from this thread into a file (with *.vbs extension) and ran it on a computer joined to my test domain. It worked and reported Versions 2 and 3. My domain is Active Directory, but the RootDSE object should be supported on any LDAP server. I would think the SupportedLDAPVersion property would be supported on any LDAP server, but especially Active Directory.

    The only other thing I can think of to try is to use the GetEx method instead of the Get method. This worked for me, because the property is actually multi-valued. For example:

    For Each strVersion In objRootDSE.GetEx("SupportedLDAPVersion")


    And, I guess make sure you spelled the property name correctly in your version of the program, since the error message means the property was not found. Maybe one last thing to try is to specify a Domain Controller when you bind to the RootDSE object. For example:

    Set objRootDSE = GetObject("LDAP://MyServer/RootDSE")
    

    Richard Mueller


    MVP ADSI
    Thursday, January 14, 2010 6:37 PM
  • It worked with your original post. I did have a typo, Had Support instead of Supported. It did return Version 3. Thanks for your help!!  I greatly appreciate it!
    Thursday, January 14, 2010 7:07 PM