posts - 598 , comments - 849 , trackbacks - 247

My Links



Lance Robinson

Create Your Badge

Lance Robinson is a software engineer in Durham, Chapel Hill, Raleigh, and surrounding areas. More about Lance.


Tag Cloud


Post Categories

Image Galleries



Noteworthy Stuff

Popular Posts

NetCmdlets support PSCredentials

Previously with NetCmdlets, authentication details were only accepted using plain text parameters. This is still supported, but now these cmdlets support PSCredentials through a new -credentials parameter. This works for almost all of the cmdlets included in NetCmdlets, like FTP, LDAP, HTTP, SMTP, Rexec, RSS, IM, SMS, SSH, etc.

Here's an example with get-ldap. Before, you had to bind to the directory server using plain text parameters, like this:

PS C:\> get-ldap -server testboy -binddn mydomain\admin -pass admin

Now you can also bind like this:

PS C:\> get-ldap -server testboy -cred $mycreds

This does become problematic if you're trying to authenticate with a full DN to a server like Novell or OpenLDAP that may not support compact user DN aliases. There is a way around this; I just posted this in the PowerShell newsgroup:

Tom G. wrote:
> Lance,

> The NetCmdlets are pretty cool. However, I'm having some trouble
> authenticating. I need to pass in a username in the format of
> "cn=userid,o=orgname,c=US". The credential parameter in get-ldap doesn't
> seem to support this. Any suggestions?

Just for the benefit of anyone else who was trying this: Tom and I
have exchanged emails, but for the benefit of anyone else who was

get-ldap and set-ldap allow you to provide authentication info to the
cmdlet in two ways: 1: through dn and password parameters, or 2:
through a credential parameter that takes a standard PSCredential

The problem with using the credential method was that if you were a non
Active Directory user, and you didn't have an alias like MyDomain\Lance
to authenticate with, the get-credentials pop-up dialog wouldn't accept
your full DN (ie, cn=LRobinson,ou=Employees,dc=NS) as valid input.

Tom pointed out the "ConsolePrompting" registry string value ("True")
in HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\, which tells
get-credentials to take its input from the console instead of the
pop-up dialog. Doing it this way allows you to specify a full DN as
the username.

To bind to the directory server using a credential obtained in this way:

PS> $mycred = get-credential -credential "cn=Lance,ou=Employees,dc=NS"
PS> get-ldap -server testboy -cred $mycred

To bind and then search for a user (BillyBob) in the Employees
organizational unit:

PS> get-ldap -server testboy -cred $mycred -dn "ou=Employees,dc=NS"
-search "cn=BillyBob"

To bind, perform the same search, and return all attributes of the

PS> get-ldap -server testboy -cred $mycred -dn "ou=Employees,dc=NS"
-search "cn=BillyBob" -attr

Technorati : , , , , , ,

Print | posted on Wednesday, December 27, 2006 1:27 PM | Filed Under [ Programming Software PowerShell ]


No comments posted yet.
Post A Comment

Powered by: