SOLVED

AD Attribute lookup using LDAP issue

%3CLINGO-SUB%20id%3D%22lingo-sub-359040%22%20slang%3D%22en-US%22%3EAD%20Attribute%20lookup%20using%20LDAP%20issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-359040%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20looking%20at%20querying%20two%20domain%20and%20identifying%20if%20the%20custom%20attributes%20exists%20from%20domain%201%20into%20domain%202.%20Using%20Get-ADUser%20is%20an%20option%20but%20I%20am%20working%20with%20over%20100k%20AD%20Objects%20and%20it%20takes%20days%20to%20complete%20the%20work%20and%20need%20to%20streamline%20it%20more.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EADSISearcher%20(LDAP%20Lookup)%20looks%20like%20the%20best%20option%20but%20having%20a%20couple%20of%20issues.%201.%20Is%20the%20code%20lined%20up%20correctly%20to%20achieve%20the%20required%20outcome%202.%26nbsp%3Berror%20Exception%20calling%20'FindAll'%20with%20%220%22%20argument(s)%3A%20Unknown%20Error%20(0x80005000)%26nbsp%3B%20against%20the%20following%20variable%20%24AllObjects1%20%3D%20%24sub2Searcher1.FindAll()%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%24sub1LDAPFilter%20%3D%20'(objectclass%3Duser)'%3CBR%20%2F%3E%24PageSize%20%3D%201000%3CBR%20%2F%3E%24sub1DN%20%3D%20'DC%3Dsub1%2CDC%3Ddomain%2CDC%3Dcom'%3CBR%20%2F%3E%24sub1SB%20%3D%20'DC%3Dsub1%2CDC%3Ddomain%2CDC%3Dcom'%3CBR%20%2F%3E%24sub1Searcher%20%3D%20%5BADSISearcher%5D('%7B0%7D'%20-f%20%24LDAPFilter)%3CBR%20%2F%3E%24sub1Searcher.SearchRoot%20%3D%20%5BADSI%5D('GC%3A%2F%2F%7B0%7D'%20-f%20%24ClientSB)%3CBR%20%2F%3E%24sub1Searcher.SearchRoot%20%3D%20%5BADSI%5D('GC%3A%2F%2F%7B0%7D'%20-f%20%24clientDN)%3CBR%20%2F%3E%24sub1Objects%20%3D%20%24ClientSearcher.FindAll()%3C%2FP%3E%3CP%3E%24sub2SB%20%3D%20'DC%3Dsub2%2CDC%3Ddomain%2CDC%3Dcom'%3CBR%20%2F%3E%24sub2DN%20%3D%20'DC%3Dsub2%2CDC%3Ddomain%2CDC%3Dcom'%3C%2FP%3E%3CP%3EForeach(%24Object%20in%20%24AllObjects)%7B%3C%2FP%3E%3CP%3E%24sub2ca105%20%3D%20%24Object.Properties.'customattribute10'%3CBR%20%2F%3E%24sub2LDAPFilter%20%3D%20%22(objectclass%3Duser%2Ccustomattribute%3D%24sub1ca10)%22%3CBR%20%2F%3E%24sub2Searcher1%20%3D%20%5BADSISearcher%5D(%22%7B0%7D%22%20-f%20%24sub2LDAPFilter)%3CBR%20%2F%3E%24sub2Searcher1.SearchRoot%20%3D%20%5BADSI%5D(%22GC%3A%2F%2F%7B0%7D%22%20-f%20%24SearchBase1)%3CBR%20%2F%3E%24sub2Searcher1.SearchRoot%20%3D%20%5BADSI%5D(%22GC%3A%2F%2F%7B0%7D%22%20-f%20%24collabDomainName1)%3CBR%20%2F%3E%24AllObjects1%20%3D%20%24sub2Searcher1.FindAll()%3C%2FP%3E%3CP%3Eif%20(%24Object.Properties.'customattribute10'%20-eq%20%24allobjects1.Properties.'customattribute10')%3CBR%20%2F%3E%7B%3CBR%20%2F%3EWrite-Host%20'Match%20in%20Sub1%20vs%20Sub2'%20%24Object.Properties.samaccountname%20-ForegroundColor%20Green%3CBR%20%2F%3E%7D%3CBR%20%2F%3Eelse%3CBR%20%2F%3E%7B%3CBR%20%2F%3EWrite-Host%20'No%20Match%20in%20Sub1%20vs%20Sub2'%20%24Object.Properties.samaccountname%20-BackgroundColor%20Red%3CBR%20%2F%3E%7D%3CBR%20%2F%3E%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-359040%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EWindows%20PowerShell%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-389473%22%20slang%3D%22en-US%22%3ERe%3A%20AD%20Attribute%20lookup%20using%20LDAP%20issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-389473%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F256377%22%20target%3D%22_blank%22%3E%40Darrick%3C%2FA%3Ethank%20you%20for%20your%20reply%2C%20managed%20to%20work%20out%20my%20issue%20and%20created%20a%20script%20located%20on%20my%20blog%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22http%3A%2F%2Fwww.blogabout.cloud%2F2019%2F03%2F553%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fwww.blogabout.cloud%2F2019%2F03%2F553%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-389465%22%20slang%3D%22en-US%22%3ERe%3A%20AD%20Attribute%20lookup%20using%20LDAP%20issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-389465%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F145215%22%20target%3D%22_blank%22%3E%40Andrew%20Price%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETry%20changing%20the%20following%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFrom%3A%3C%2FP%3E%3CP%3E%24sub1Searcher.SearchRoot%20%3D%20%5BADSI%5D('GC%3A%2F%2F%7B0%7D'%20-f%20%24ClientSB)%3CBR%20%2F%3E%24sub1Searcher.SearchRoot%20%3D%20%5BADSI%5D('GC%3A%2F%2F%7B0%7D'%20-f%20%24clientDN)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%3A%3C%2FP%3E%3CP%3E%24sub1Searcher.SearchRoot%20%3D%20%5BADSI%5D('GC%3A%2F%2F%7B0%7D'%20-f%20%24sub1SB)%3CBR%20%2F%3E%24sub1Searcher.SearchRoot%20%3D%20%5BADSI%5D('GC%3A%2F%2F%7B0%7D'%20-f%20%24sub1DN)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-389464%22%20slang%3D%22en-US%22%3ERe%3A%20AD%20Attribute%20lookup%20using%20LDAP%20issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-389464%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F145215%22%20target%3D%22_blank%22%3E%40Andrew%20Price%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20Don't%20know%3C%2FP%3E%3CP%3E2.%20Change%20%24sub2ca105%20to%20%24sub2ca10%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi All

 

I am looking at querying two domain and identifying if the custom attributes exists from domain 1 into domain 2. Using Get-ADUser is an option but I am working with over 100k AD Objects and it takes days to complete the work and need to streamline it more.

 

ADSISearcher (LDAP Lookup) looks like the best option but having a couple of issues. 1. Is the code lined up correctly to achieve the required outcome 2. error Exception calling 'FindAll' with "0" argument(s): Unknown Error (0x80005000)  against the following variable $AllObjects1 = $sub2Searcher1.FindAll()

 

$sub1LDAPFilter = '(objectclass=user)'
$PageSize = 1000
$sub1DN = 'DC=sub1,DC=domain,DC=com'
$sub1SB = 'DC=sub1,DC=domain,DC=com'
$sub1Searcher = [ADSISearcher]('{0}' -f $LDAPFilter)
$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $ClientSB)
$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $clientDN)
$sub1Objects = $ClientSearcher.FindAll()

$sub2SB = 'DC=sub2,DC=domain,DC=com'
$sub2DN = 'DC=sub2,DC=domain,DC=com'

Foreach($Object in $AllObjects){

$sub2ca105 = $Object.Properties.'customattribute10'
$sub2LDAPFilter = "(objectclass=user,customattribute=$sub1ca10)"
$sub2Searcher1 = [ADSISearcher]("{0}" -f $sub2LDAPFilter)
$sub2Searcher1.SearchRoot = [ADSI]("GC://{0}" -f $SearchBase1)
$sub2Searcher1.SearchRoot = [ADSI]("GC://{0}" -f $collabDomainName1)
$AllObjects1 = $sub2Searcher1.FindAll()

if ($Object.Properties.'customattribute10' -eq $allobjects1.Properties.'customattribute10')
{
Write-Host 'Match in Sub1 vs Sub2' $Object.Properties.samaccountname -ForegroundColor Green
}
else
{
Write-Host 'No Match in Sub1 vs Sub2' $Object.Properties.samaccountname -BackgroundColor Red
}
}

 

 

 

3 Replies

@Andrew Price 

 

1. Don't know

2. Change $sub2ca105 to $sub2ca10

@Andrew Price 

 

Try changing the following:

 

From:

$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $ClientSB)
$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $clientDN)

 

To:

$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $sub1SB)
$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $sub1DN)

best response confirmed by Andrew Price (Occasional Contributor)
Solution

@Darrickthank you for your reply, managed to work out my issue and created a script located on my blog

 

http://www.blogabout.cloud/2019/03/553/