PowerShell and Novell Directory Services

This topic contains 2 replies, has 2 voices, and was last updated by  Eric 2 years, 1 month ago.

  • Author
    Posts
  • #28357

    Eric
    Participant

    Using this code I have found on the internet, I forget from where so I do not know whom to aknowledge for the source, I can connect to a Directory Server that is Novell e-Directory. Now I can initially pull some data but I seem to not have all of the understanding of the code.

    #Setup Modules
    Import-Module ActiveDirectory
    Add-Type -AssemblyName System.DirectoryServices

    #Setup eDirectory Connection Variables
    $eDirPath = 'LDAP://(IPADDRESS)/o=ROOT'
    $eDirUser = "
    $eDirPWD = "
    $eDirAuthType = 'None'

    #Establish eDirectory Connection and Enumerate
    $Root = New-Object System.DirectoryServices.DirectoryEntry -argumentlist $eDirPath,$eDirUser,$eDirPWD,$eDIrAuthType
    $Query = New-Object System.DirectoryServices.DirectorySearcher
    $Query.SearchRoot = $Root
    $Query.Filter = "(ObjectClass=Person)"
    $SearchResults = $Query.FindAll()

    $edirUserArray = @()

    foreach ($Result in $SearchResults){
    $eDirObject = [PSCustomObject]$Result.Properties
    $edirUserArray += $eDirObject
    }

    Now I can list contents of the array but cannot seem figure out how to filter the results or even get the values of the properties that I have collected.

    For example I want to find all accounts with an "employeeStatus" of a certain value.

    I have tried this code to list the employee status of all objects but only get a blank screen in return. I think this could be that not all items in the array will have an employee status.

    foreach ($i in $edirUserArray){
    if($i.employeestatus){
    write-host $i
    }

    The goal of my question here is I need to be able to query e-directory for items and eventually perform an action against those items utilizing PowerShell. Such as find user that has not logged on for 60 days and then compile a list for deletion. This list will be scrubbed manually first for known accounts and then another powershell command to go through scrubbed list to delete objects in e-directory.

    Any help would be appreciated.

    Thank you.
    }

  • #28369

    Rob Simmers
    Participant

    The code is doing an LDAP query, so you would only return users that meet the criteria from NDS. For instance, you could try this which is return only objects that are a person and employee status is not null:

    $Query.Filter = "(&(objectCategory=person)(employeestatus=*))"
    

    This is filtering BEFORE only getting what you need from NDS rather than returning everything from NDS and filtering. You can do and (&), or (|), not (!) as well as other query items as well, see: https://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx

    The code also appears to be generating a PSObject called $eDirObject . So, after the loop, you should be able to use standard Powershell queries:

    foreach ($Result in $SearchResults){
        $eDirObject = [PSCustomObject]$Result.Properties
         $edirUserArray += $Result
     }
    
    $eDirObject | Where{$_.EmployeeStatus -eq 'foo'}
    
  • #28373

    Eric
    Participant

    I want to thank you for the link. I have been away from command line for so long a lot of the commands have gotten away from me. I did notice an error in my original posting and have corrected it. I can now query all of the items in my array. Now I just need to work on the commands that go back out and delete the objects.

    Fixed code:

    foreach ($Result in $SearchResults){
    $eDirObject = [PSCustomObject]$Result.Properties
    $edirUserArray += $eDirObject
    }

You must be logged in to reply to this topic.