Cmdlets for Microsoft Active Directory

Build 23.0.8839

Establishing a Connection

With the CData Cmdlets users can install a data module, set the connection properties, and start scripting. This section provides examples of using our ActiveDirectory Cmdlets with native PowerShell cmdlets, like the CSV import and export cmdlets.

Installing and Connecting

If you have PSGet, installing the cmdlets can be accomplished from the PowerShell Gallery with the following command. You can also obtain a setup from the CData site.

Install-Module ActiveDirectoryCmdlets

The following line is then added to your profile, loading the cmdlets on the next session:

Import-Module ActiveDirectoryCmdlets;

You can then use the Connect-AD cmdlet to create a connection object that can be passed to other cmdlets:

$conn = Connect-AD -User 'MyUserName' -Password 'MyPassword' -Server 'MyServer' -Port 'MyPort'

Connecting to Microsoft Active Directory

Set Server and Port for basic connectivity. Additionally, you can fine-tune the connection with the following:

  • FollowReferrals: When set, the cmdlet surfaces data as views from only referral servers. To modify data on a referral server, you must specify this server with Server and Port.
  • LDAPVersion: Set this to the version of the protocol your server implements; by default, the cmdlet uses version 2.
  • UseDefaultDC: Set this to connect to the default Domain Controller and authenticate using the current user credentials.

Authenticating to Microsoft Active Directory

To authenticate requests, set the User and Password properties to valid Microsoft Active Directory credentials (e.g., set User to Domain\\BobF or cn=Bob F,ou=Employees,dc=Domain).

The cmdlet uses plaintext authentication by default, since the cmdlet attempts to negotiate TLS/SSL with the server. You can specify another authentication method with AuthMechanism.

See SSL Configuration for more information on TLS/SSL configuration.

Fine Tuning Data Access

The following properties control the scope of data returned:

  • BaseDN will limit the scope of LDAP searches to the height of the distinguished name provided. Note: Specifying a narrow BaseDN may greatly increase performance; for example, a value of cn=users,dc=domain will only return results contained within cn=users and its children.
  • Scope: This property enables more granular control over the data to return from a subtree.

Customizing Tables

The cmdlet surfaces the columns most often needed from Microsoft Active Directory entities. However, if you need to work with other data, the tables are easy to modify. Tables are defined in schema files, which have a simple format.

See Working with Active Directory Tables for a guide to extending the default schemas or writing your own. To use custom schemas, set the Location property to the folder containing the schema files.

Retrieving Data

The Select-AD cmdlet provides a native PowerShell interface for retrieving data:

$results = Select-AD -Connection $conn -Table "User" -Columns @("Id, CN") -Where "CN='Administrator'"
The Invoke-AD cmdlet provides an SQL interface. This cmdlet can be used to execute an SQL query via the Query parameter.

Piping Cmdlet Output

The cmdlets return row objects to the pipeline one row at a time. The following line exports results to a CSV file:

Select-AD -Connection $conn -Table User -Where "CN = 'Administrator'" | Select -Property * -ExcludeProperty Connection,Table,Columns | Export-Csv -Path c:\myUserData.csv -NoTypeInformation

You will notice that we piped the results from Select-AD into a Select-Object cmdlet and excluded some properties before piping them into an Export-CSV cmdlet. We do this because the CData Cmdlets append Connection, Table, and Columns information onto each row object in the result set, and we do not necessarily want that information in our CSV file.

However, this makes it easy to pipe the output of one cmdlet to another. The following is an example of converting a result set to JSON:

 
PS C:\> $conn  = Connect-AD -User 'MyUserName' -Password 'MyPassword' -Server 'MyServer' -Port 'MyPort'
PS C:\> $row = Select-AD -Connection $conn -Table "User" -Columns (Id, CN) -Where "CN = 'Administrator'" | select -first 1
PS C:\> $row | ConvertTo-Json
{
  "Connection":  {

  },
  "Table":  "User",
  "Columns":  [

  ],
  "Id":  "MyId",
  "CN":  "MyCN"
} 

Deleting Data

The following line deletes any records that match the criteria:

Select-AD -Connection $conn -Table User -Where "CN = 'Administrator'" | Remove-AD

Modifying Data

The cmdlets make data transformation easy as well as data cleansing. The following example loads data from a CSV file into Microsoft Active Directory, checking first whether a record already exists and needs to be updated instead of inserted.

Import-Csv -Path C:\MyUserUpdates.csv | %{
  $record = Select-AD -Connection $conn -Table User -Where ("Id = `'"+$_.Id+"`'")
  if($record){
    Update-AD -Connection $conn -Table User -Columns @("Id","CN") -Values @($_.Id, $_.CN) -Where "Id  = `'$_.Id`'"
  }else{
    Add-AD -Connection $conn -Table User -Columns @("Id","CN") -Values @($_.Id, $_.CN)
  }
}

Copyright (c) 2024 CData Software, Inc. - All rights reserved.
Build 23.0.8839