Use Powershell to read data from LDAP and create a modify-LDIF

I just stumbled about a problem to get a list of all users with a telephonenumber from LDAP to create an LDIF for those users. So I decided to use Powershell because it gave me an easy way to create this LDIF file to add an value to every user.

The first script just dumps the DN and the phone number of all objects

$Server= "LDAP://ldpahost.domain.local:389/DC=domain,DC=local"
#BindDN
$DN="CN=LDAPuser,DC=domain,DC=local"
$Filter="(telephoneNumber)"
$Pw="secretLDAPUserPassword"
$DirEntry =New-Object -TypeName System.DirectoryServices.DirectoryEntry -ArgumentList $Server, $DN, $Pw, "FastBind"
$DirSearcher =New-Object -TypeName System.DirectoryServices.DirectorySearcher -ArgumentList $DirEntry, $Filter
$DirSearcher.FindAll() | Select -ExpandProperty Properties | ForEach {
    $ldapDN=$_["distinguishedName"]
    $ldapPhone=$_["telephoneNumber"]
    Write-Output $ldapDN
    }
$DirSearcher.Dispose()

The second script writes an ldif file to modify a a field on every user:

$Server= "LDAP://ldpahost.domain.local:389/DC=domain,DC=local"
$BindDN
$DN="CN=LDAPuser,DC=domain,DC=local"
$Filter="(telephoneNumber)"
$Pw="secretLDAPUserPassword"
$destfile="test.ldif"
Remove-Item -Path $destfile
$DirEntry =New-Object -TypeName System.DirectoryServices.DirectoryEntry -ArgumentList $Server, $DN, $Pw, "FastBind"
$DirSearcher =New-Object -TypeName System.DirectoryServices.DirectorySearcher -ArgumentList $DirEntry, $Filter
$DirSearcher.FindAll() | Select -ExpandProperty Properties | ForEach {
    $ldapDN=$_["distinguishedName"] 
    Out-File -FilePath $destfile -InputObject "dn: $ldapDN" -Append
    Out-File -FilePath $destfile -InputObject "changetype: modify" -Append
    Out-File -FilePath $destfile -InputObject "add: ldapfield" -Append
    Out-File -FilePath $destfile -InputObject "ldapfield: newContent" -Append
    Out-File -FilePath $destfile -InputObject "" -Append
    }
$DirSearcher.Dispose()

The resulting file can be used to import it to the directory using LDAPAdmin. But be aware that Powershell generates utf8-files and LDAPAdmin needs ASCII to import. The encoding-Option of OutFile didn’t work out because it killed german umlauts. So I converted it afterwards with notepad.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.