I wanted to blog this quick bit of PowerShell as I could not find it anywhere else on the web whilst searching.
I needed to check the connected domain on a machine to see if SSL was configured and enabled for LDAP, the following script checks to see if SSL is enabled on one of the domain controllers in the current domain and then tries to make a connection to see if it works.
This can of course be altered to list and check all domain controllers easy enough:
$dc = [System.DirectoryServices.ActiveDirectory.Domain]::getCurrentDomain().DomainControllers | Select -First 1 $LDAPS = [ADSI]"LDAP://$($dc.name):636" try { $Connection = [adsi]($LDAPS) } Catch { } If ($Connection.Path) { Write-Host "Active Directory server correctly configured for SSL, test connection to $($LDAPS.Path) completed." } Else { Write-Host "Active Directory server not configured for SSL, test connection to LDAP://$($dc.name):636 did not work." }
Awesome! I re-wrote this to loop through all DC’s and I kept the status output to a single line. Thanks!!!!
Awesome! Thanks! I re-wrote this to loop through all DC’s and I kept the status output to a single line.
Thanks! Works great!
Thanks a heap for posting this, nice quick & easy script. I also made a very slight modification to test all the DCs in the domain, helped a lot for telling the Linux guys that LDAPS works fine!
Ha ha, busted!
And it was with a very good reason indeed:
http://labs.vmware.com/flings/vcenter-5-1-pre-install-check-script
Almost as if I was writing it for a reason 😉
This is a very useful task to perform before installing VMware’s SSO, as we recently had a problem in “locating” Identity Sources. This started a case with VMware, however, we identified an LDAPS problem due to Certificate expiration on a DC which had problems communicating with the PKI. So this test would have saved us a lot of time.
Thanks Alan. Certainly a quick check of this in all environments is a great idea.
Pingback: Обзор блогов от 21/01/13 | vMind.ru