Forum Discussion

Andrew Price's avatar
Andrew Price
Copper Contributor
Mar 01, 2019

AD Attribute lookup using LDAP issue

Hi All

 

I am looking at querying two domain and identifying if the custom attributes exists from domain 1 into domain 2. Using Get-ADUser is an option but I am working with over 100k AD Objects and it takes days to complete the work and need to streamline it more.

 

ADSISearcher (LDAP Lookup) looks like the best option but having a couple of issues. 1. Is the code lined up correctly to achieve the required outcome 2. error Exception calling 'FindAll' with "0" argument(s): Unknown Error (0x80005000)  against the following variable $AllObjects1 = $sub2Searcher1.FindAll()

 

$sub1LDAPFilter = '(objectclass=user)'
$PageSize = 1000
$sub1DN = 'DC=sub1,DC=domain,DC=com'
$sub1SB = 'DC=sub1,DC=domain,DC=com'
$sub1Searcher = [ADSISearcher]('{0}' -f $LDAPFilter)
$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $ClientSB)
$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $clientDN)
$sub1Objects = $ClientSearcher.FindAll()

$sub2SB = 'DC=sub2,DC=domain,DC=com'
$sub2DN = 'DC=sub2,DC=domain,DC=com'

Foreach($Object in $AllObjects){

$sub2ca105 = $Object.Properties.'customattribute10'
$sub2LDAPFilter = "(objectclass=user,customattribute=$sub1ca10)"
$sub2Searcher1 = [ADSISearcher]("{0}" -f $sub2LDAPFilter)
$sub2Searcher1.SearchRoot = [ADSI]("GC://{0}" -f $SearchBase1)
$sub2Searcher1.SearchRoot = [ADSI]("GC://{0}" -f $collabDomainName1)
$AllObjects1 = $sub2Searcher1.FindAll()

if ($Object.Properties.'customattribute10' -eq $allobjects1.Properties.'customattribute10')
{
Write-Host 'Match in Sub1 vs Sub2' $Object.Properties.samaccountname -ForegroundColor Green
}
else
{
Write-Host 'No Match in Sub1 vs Sub2' $Object.Properties.samaccountname -BackgroundColor Red
}
}

 

 

 

  • Darrick's avatar
    Darrick
    Brass Contributor

    Andrew Price 

     

    Try changing the following:

     

    From:

    $sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $ClientSB)
    $sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $clientDN)

     

    To:

    $sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $sub1SB)
    $sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $sub1DN)

Resources