Remotely Test Ldap and LDAPs on Server

function Test-LDAPPorts {
[CmdletBinding()]
param(
[string] $ServerName,
[int] $Port
)
if ($ServerName -and $Port -ne 0) {
try {
$LDAP = “LDAP://” + $ServerName + ‘:’ + $Port
$Connection = [ADSI]($LDAP)
$Connection.Close()
return $true
} catch {
if ($_.Exception.ToString() -match “The server is not operational”) {
Write-Warning “Can’t open $ServerName`:$Port.”
} elseif ($_.Exception.ToString() -match “The user name or password is incorrect”) {
Write-Warning “Current user ($Env:USERNAME) doesn’t seem to have access to to LDAP on port $Server`:$Port”
} else {
Write-Warning -Message $_
}
}
return $False
}
}
Function Test-LDAP {
[CmdletBinding()]
param (
[alias(‘Server’, ‘IpAddress’)][Parameter(Mandatory = $True)][string[]]$ComputerName,
[int] $GCPortLDAP = 3268,
[int] $GCPortLDAPSSL = 3269,
[int] $PortLDAP = 389,
[int] $PortLDAPS = 636
)
# Checks for ServerName – Makes sure to convert IPAddress to DNS
foreach ($Computer in $ComputerName) {
[Array] $ADServerFQDN = (Resolve-DnsName -Name $Computer -ErrorAction SilentlyContinue)
if ($ADServerFQDN) {
if ($ADServerFQDN.NameHost) {
$ServerName = $ADServerFQDN[0].NameHost
} else {
[Array] $ADServerFQDN = (Resolve-DnsName -Name $Computer -ErrorAction SilentlyContinue)
$FilterName = $ADServerFQDN | Where-Object { $_.QueryType -eq ‘A’ }
$ServerName = $FilterName[0].Name
}
} else {
$ServerName = ”
}
$GlobalCatalogSSL = Test-LDAPPorts -ServerName $ServerName -Port $GCPortLDAPSSL
$GlobalCatalogNonSSL = Test-LDAPPorts -ServerName $ServerName -Port $GCPortLDAP
$ConnectionLDAPS = Test-LDAPPorts -ServerName $ServerName -Port $PortLDAPS
$ConnectionLDAP = Test-LDAPPorts -ServerName $ServerName -Port $PortLDAP
$PortsThatWork = @(
if ($GlobalCatalogNonSSL) { $GCPortLDAP }
if ($GlobalCatalogSSL) { $GCPortLDAPSSL }
if ($ConnectionLDAP) { $PortLDAP }
if ($ConnectionLDAPS) { $PortLDAPS }
) | Sort-Object
[pscustomobject]@{
Computer           = $Computer
ComputerFQDN       = $ServerName
GlobalCatalogLDAP  = $GlobalCatalogNonSSL
GlobalCatalogLDAPS = $GlobalCatalogSSL
LDAP               = $ConnectionLDAP
LDAPS              = $ConnectionLDAPS
AvailablePorts     = $PortsThatWork -join ‘,’
}
}
}
# checks the LDAP / LDAPS on all our Servers
$servernames = Get-ADComputer -SearchBase “ou=domain controllers,dc=test,dc=com” -filter * | ForEach-Object { Get-ADDomainController -Identity $_.DNSHostname}
foreach ($servername in $servernames){
$ip=[System.Net.Dns]::GetHostAddresses($servername) | ForEach-Object {Write-Output $_.IPAddressToString }
$servername.HostName
Test-LDAP -ComputerName $ip

#You can check a specific server by uncommenting the follow
#Test-LDAP -ComputerName <Ip Address You Want to Check>
}

Leave a Reply

Your email address will not be published. Required fields are marked *