SOLVED

AD Attribute lookup using LDAP issue

Occasional Contributor

Hi All

 

I am looking at querying two domain and identifying if the custom attributes exists from domain 1 into domain 2. Using Get-ADUser is an option but I am working with over 100k AD Objects and it takes days to complete the work and need to streamline it more.

 

ADSISearcher (LDAP Lookup) looks like the best option but having a couple of issues. 1. Is the code lined up correctly to achieve the required outcome 2. error Exception calling 'FindAll' with "0" argument(s): Unknown Error (0x80005000)  against the following variable $AllObjects1 = $sub2Searcher1.FindAll()

 

$sub1LDAPFilter = '(objectclass=user)'
$PageSize = 1000
$sub1DN = 'DC=sub1,DC=domain,DC=com'
$sub1SB = 'DC=sub1,DC=domain,DC=com'
$sub1Searcher = [ADSISearcher]('{0}' -f $LDAPFilter)
$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $ClientSB)
$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $clientDN)
$sub1Objects = $ClientSearcher.FindAll()

$sub2SB = 'DC=sub2,DC=domain,DC=com'
$sub2DN = 'DC=sub2,DC=domain,DC=com'

Foreach($Object in $AllObjects){

$sub2ca105 = $Object.Properties.'customattribute10'
$sub2LDAPFilter = "(objectclass=user,customattribute=$sub1ca10)"
$sub2Searcher1 = [ADSISearcher]("{0}" -f $sub2LDAPFilter)
$sub2Searcher1.SearchRoot = [ADSI]("GC://{0}" -f $SearchBase1)
$sub2Searcher1.SearchRoot = [ADSI]("GC://{0}" -f $collabDomainName1)
$AllObjects1 = $sub2Searcher1.FindAll()

if ($Object.Properties.'customattribute10' -eq $allobjects1.Properties.'customattribute10')
{
Write-Host 'Match in Sub1 vs Sub2' $Object.Properties.samaccountname -ForegroundColor Green
}
else
{
Write-Host 'No Match in Sub1 vs Sub2' $Object.Properties.samaccountname -BackgroundColor Red
}
}

 

 

 

3 Replies

@Andrew Price 

 

1. Don't know

2. Change $sub2ca105 to $sub2ca10

@Andrew Price 

 

Try changing the following:

 

From:

$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $ClientSB)
$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $clientDN)

 

To:

$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $sub1SB)
$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $sub1DN)

best response confirmed by Andrew Price (Occasional Contributor)
Solution

@Darrickthank you for your reply, managed to work out my issue and created a script located on my blog

 

http://www.blogabout.cloud/2019/03/553/