Get-LDAP Cmdlet
Parameters Output Objects Configuration Settings
The Get-LDAP cmdlet is used to search LDAP Directory Servers using the LDAP (Lightweight Directory Access) Protocol.
Syntax
Get-LDAP [parameters]
Remarks
This cmdlet implements a standard LDAP client as specified in RFC 1777, 2251, and other LDAP RFCs. Support for both LDAP v2 and v3 is provided, and SSL support is optional.
To search a Directory Server, set the server in the Server parameter. If authentication is required, set either the Credential parameter or the BindDN and Password parameters (this is necessary when authenticating with a Distinguished Name). Set DN to the DN where the search operation will be done and Search to the search filter.
The results of a search are returned in one or more LDAPSearchResult objects.
This cmdlet handles searching the Directory Server. To manage DNs and attributes, please see the SET-LDAP cmdlet.
The cmdlets support pipeline input for some of their parameters. Prebuilding an object and piping it to the cmdlet is very useful, but should be used with caution to prevent security conflicts. Steps have been taken to decrease the risk of a possibly accidental pipe to the cmdlet, for instance, the Credential parameter cannot be piped to the cmdlet and must be specified manually.
# search without authenticatingget-ldap -server LDAPServer -dn "ou=Employees,dc=LDAPServer" -search "cn=JohnDoe"# search with authenticationget-ldap -server LDAPServer -credential $cred -dn "ou=Employees,dc=LDAPServer" -search "cn=JaneDoe"# authenticate with a DN get-ldap -server LDAPServer -binddn "cn=psuser,ou=Employees,dc=LDAPServer" -password "password" -dn "ou=Employees,dc=LDAPServer" -search "cn=JackDoe"Connection Handling
This cmdlet supports persistent connections through the Connection parameter. To establish a new LDAP connection, use the Connect-LDAP cmdlet. To close the connection, use the Disconnect-LDAP cmdlet.
Parameter List
The following is the full list of the parameters of the cmdlet with short descriptions. Click on the links for further details.
| Connection | An already established connection. |
| LogFile | The location of a file to which debug information is written. |
| Attribute | Indicates whether a search operation will return the attribute types and values for the attributes specified for the DN. |
| BindDN | The Distinguished Name used as the base for the LDAP bind. |
| CertPassword | The password to the certificate store. |
| CertStore | The name of the certificate store for the client certificate. |
| CertStoreType | The type of certificate store for the client certificate. |
| CertSubject | The subject of the certificate used for client authentication. |
| Config | Specifies one or more configuration settings. |
| Credential | The PSCredential object to use for user/password authentication. |
| DN | The DN on which to operate. |
| FirewallHost | Name or IP address of firewall. |
| FirewallPassword | A password if authentication is to be used when connecting through the firewall. |
| FirewallPort | The port of the firewall to which to connect. |
| FirewallType | Determines the type of firewall to connect through. |
| FirewallUser | A user name if authentication is to be used connecting through a firewall. |
| Force | Forces the cmdlet to accept the default behavior instead of querying the user. |
| LocalIP | The IP address of the local interface to use. |
| LogFile | The location of a file to which debug information is written. |
| Page | The page from the LDAP Search to take the results from. |
| PageSize | The maximum number of results per page for the Search . |
| Password | The password to use for authentication. |
| Port | The TCP port in the remote host to which to connect. |
| Search | Search the directory server. |
| SearchScope | Controls the scope of LDAP search operations. |
| Server | The address of the Server. |
| SSL | Determines how the cmdlet starts SSL negotiation. |
| SSLAccept | The encoded public key of the certificate which is to be trusted explicitly. |
| Timeout | The maximum time allowed for the operation. |
| Version | The version of LDAP used. |
Output Objects
The following is the full list of the output objects returned by the cmdlet with short descriptions. Click on the links for further details.
| LDAPSearchResult | Object returned in response to the LDAP search operation. Fields are also added with the names and values of attributes being searched. |
Configuration Settings
The following is a list of configuration settings for the cmdlet with short descriptions. Click on the links for further details.
| OutputBinary | Controls whether the cmdlet returns raw binary data as a byte array or not. |
| FriendlyGUID | Whether to return GUID attribute values in a human readable format. |
| FriendlySID | Whether to return SID attribute values in a human readable format. |
| RequestControls | Controls to include in the request. |
| ResponseControls | Controls present in the response. |
| UseDefaultDC | Whether to connect to the default Domain Controller when calling Bind. |
| DomainController | Returns the name of the domain controller. |
| ConnectionTimeout | Sets a separate timeout value for establishing a connection. |
| FirewallAutoDetect | Tells the cmdlet whether or not to automatically detect and use firewall system settings, if available. |
| FirewallHost | Name or IP address of firewall (optional). |
| FirewallPassword | Password to be used if authentication is to be used when connecting through the firewall. |
| FirewallPort | The TCP port for the FirewallHost;. |
| FirewallType | Determines the type of firewall to connect through. |
| FirewallUser | A user name if authentication is to be used connecting through a firewall. |
| KeepAliveTime | The inactivity time in milliseconds before a TCP keep-alive packet is sent. |
| KeepAliveInterval | The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received. |
| Linger | When set to True, connections are terminated gracefully. |
| LingerTime | Time in seconds to have the connection linger. |
| LocalHost | The name of the local host through which connections are initiated or accepted. |
| LocalPort | The port in the local host where the cmdlet binds. |
| MaxLineLength | The maximum amount of data to accumulate when no EOL is found. |
| MaxTransferRate | The transfer rate limit in bytes per second. |
| ProxyExceptionsList | A semicolon separated list of hosts and IPs to bypass when using a proxy. |
| TCPKeepAlive | Determines whether or not the keep alive socket option is enabled. |
| UseIPv6 | Whether to use IPv6. |
| TcpNoDelay | Whether or not to delay when sending packets. |
| AbsoluteTimeout | Determines whether timeouts are inactivity timeouts or absolute timeouts. |
| FirewallData | Used to send extra data to the firewall. |
| InBufferSize | The size in bytes of the incoming queue of the socket. |
| OutBufferSize | The size in bytes of the outgoing queue of the socket. |
| UseBackgroundThread | Whether threads created by the cmdlet are background threads. |
| UseInternalSecurityAPI | Tells the cmdlet whether or not to use the system security libraries or an internal implementation. |