Search LDAP Entries using Powershell

 IT  Kommentare deaktiviert für Search LDAP Entries using Powershell
Dez 092016
 

Below little script shows how to connect to Active Directory / LDAP and search for entries.

Docs: https://technet.microsoft.com/en-us/library/ff730967.aspx

$mySearcher = New-Object System.DirectoryServices.DirectorySearcher

# it is possible to specify manually a ldap search Path:
#$mySearcher.SearchRoot = "LDAP://DC=de,DC=myComapny,DC=com"

# or to get current ldap path (for example: DC=de,DC=myComapny,DC=com)
$objDomain = New-Object System.DirectoryServices.DirectoryEntry

$mySearcher.SearchRoot = $objDomain

# search for object class "user" with attribte "name=TestUser1"
$mySearcher.Filter = "(& (objectClass=user) (name=TestUser1))"
$mySearcher.SearchScope = "sub"
$mySearcher.PageSize = 10

# specifiy the attributes you would like to retrieve
$myAttributes = ("telephonenumber", "mail", "department")
# comment below line to get all attributes
$mySearcher.PropertiesToLoad.AddRange($myAttributes)

$abc = $mySearcher.FindAll()

# show all attributes and values
foreach ($i in $abc.Properties.PropertyNames){
    Write-Host $i , "=" , $abc.Properties.$i
}

The Script will generate the following output:

mail = Testuser1@mycompany.com
telephonenumber = +49XXXXXXXX
department = MyDepartment
adspath = LDAP://<removed_by_author>

Check certificate validation date with powershell

 IT  Kommentare deaktiviert für Check certificate validation date with powershell
Jan 252016
 

Little powershell script that checks the expiration date of a ssl certficate that is not added in local certificate store. We are using this script in an scheduled task to get an Warning-mail 30 days before the certficate expires.

 

# Checks the validation of a certificate 
# if the certificate expires in the next *DaysToExpiration*, an email is sent 
# to System Operations Team to inform them that they should order a new Certificate
# author: philipp.boss
# Version: 0.1  (2016-01-25)

$DaysToExpiration = 30  #notify 30 days before certificate is expired
$certFile = "D:\SSL_certs_for_filezilla\server.crt" 
# Receivers of the information message (Operations Team)
$to = @("email1@mail.com",  "email2@mail.com")
$smtpHost = "my-smtp-host.com"
$from = "userX@mail.com"  # this is the senders email address 


# check if file exists, otherwise send an email to Operations team to inform them that
# the configuration is wrong
If (Test-Path $certFile){
    $expirationDate = (Get-Date).AddDays($DaysToExpiration)

    # The certutil tool displays all information of a certificate
    # with select-string we filter for the end date of validation
    $dumpOutput = certutil.exe -dump $certFile | Select-String -Pattern ("NotAfter")
    $certificateEndDate = [datetime]::Parse( $dumpOutput.toString().Substring(11) )
    "Certificate is valid to:" 
    $certificateEndDate.ToString("dd.MM.yyyy")
    $expiresIn = $certificateEndDate.Subtract((Get-Date)).Days
    $expiresIn


    # check if certificate will expire in the next days (see variable DaysToExpiration)
    if ($certificateEndDate  -lt $expirationDate) {
        $expiresIn = $expiresIn = $certificateEndDate.Subtract((Get-Date)).Days
        $subject = "SSL Certificate on CADWorker Server $env:computername expires in $expiresIn"
        $body = "The SSL Certificate for FileZilla Server on Instance $env:computername will be " +
                "<b> invalid in $expiresIn days. </b><br><br>Please order a new SSL Certificate for " + 
                "$env:computername . <br><br>This Message was sent by a Scheduled Task."
        Send-MailMessage -To $to -Subject $subject -Body $body -SmtpServer $smtpHost -From $from -BodyAsHtml
     } else {
        "Zertifikat ist noch $expiresIn Tage gültig"
     }

}else{  # Certificate file was not found, so I will send an Error-Mail to operations team 
    $subject = "SSL Certificate on CADWorker Server $env:computername was not found by scheduled task"
    $body = "The SSL Certificate for FileZilla Server on $env:computername that should be checked by " +
            "the checkCertificate Script (Scheduled Task) was not found.<br><br>Maybe the certFile " +
            "Parameter in the Script is not correct or the certificate was moved to another location." +
            "<br>The location where the scripts expects the certificate is: <br><b> $certFile </b>"
    Send-MailMessage -To $to -Subject $subject -Body $body -SmtpServer $smtpHost -From $from -BodyAsHtml
}