Powershell Function to set account enabled for non-AD LDAP (novell in my case)

Function SetEnableLDAPUserAccount {

<#

.DESCRIPTION

Sets an LDAP User object enabled or disabled

.EXAMPLES

SetLDAPUserPassword -LDAPServer "LDAPSERVER" -LDAPPort 636 -SSL $true -targetUserDN "cn=SMITHJO1.ou=test,o=TESTTREE" -AccountDisabled $False -AuthUserName "cn=admin,o=TESTTREE" -SecPassWord $NovellCred.Password


#>

param([string]$LDAPServer,[int]$LDAPPort,[boolean]$SSL,[string]$targetUserDN,[boolean]$AccountDisabled,[string]$AuthUserName,[securestring]$SecPassWord )

#Load the assemblies

[System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices.Protocols") | Out-Null

[System.Reflection.Assembly]::LoadWithPartialName("System.Net") | Out-Null

$Error.Clear()

Try {

#Connects to LDAP Server using specified port

$c = New-Object System.DirectoryServices.Protocols.LdapConnection "$($LDAPServer):$($LDAPPort)" -ea Stop

#Set session options

$c.SessionOptions.SecureSocketLayer = $SSL;

$c.SessionOptions.VerifyServerCertificate = { return $true;} #needed for self-signed certificates

# Pick Authentication type:

# Anonymous, Basic, Digest, DPA (Distributed Password Authentication),

# External, Kerberos, Msn, Negotiate, Ntlm, Sicily

$c.AuthType = [System.DirectoryServices.Protocols.AuthType]::Basic



#Creates a credential object to pass to bind to LDAP Connection Object

$NovellCredentials = new-object "System.Net.NetworkCredential" -ArgumentList $AuthUserName,$SecPassWord

# Bind with the network credentials. Depending on the type of server,

# the username will take different forms. Authentication type is controlled

# above with the AuthType

$c.Bind($NovellCredentials);

}

Catch

{

switch -Wildcard ($Error)

{

"*The supplied credential is invalid*" { "The Supplied LDAP Authentication Credentials for User: $($AuthUserName) were invalid." }

"*The LDAP server is unavailable*" {"Error Connecting to LDAP Server! Check that LDAP Server value of: $($LDAPServer) is correct, and available and responding on port: $($LDAPPort)"}

default {"An Unknown Error occured attempting to connect to LDAP Server $($LDAPServer) to $(if ($AccountDisabled -eq $True){"Disable"} Else {"Enable"}) User: $($targetUserDN)'s eDirectory account."}

}

Exit 1

}



#Creating an LDAP request Object

$r = (new-object "System.DirectoryServices.Protocols.ModifyRequest")

$r.DistinguishedName = $targetUserDN;

$m = New-Object "System.DirectoryServices.Protocols.DirectoryAttributeModification"

$m.Name = "loginDisabled"; #Attribute where the User's Password is stored, is a Write only attribute

$m.Operation = [System.DirectoryServices.Protocols.DirectoryAttributeOperation]::Replace

#add value(s) of the attribute

$m.Add($AccountDisabled.ToString().toUpper()) | Out-Null

$r.Modifications.Add($m) | Out-Null

$Error.Clear()

Try

{ #Actually Try to process the request through the server

$re = $c.SendRequest($r);

}

Catch

{

switch -Wildcard ($Error)

{

"*The user has insufficient access rights*" {"The LDAP User $($AuthUserName) doesn't appear to have rights to $(if ($AccountDisabled -eq $True){"Disable"} Else {"Enable"}) the user account: $($targetUserDN)."}

default {"An Unknown Error occured while attempting to $(if ($AccountDisabled -eq $True){"Disable"} Else {"Enable"}) the eDirectory LDAP User: $($targetUserDN)'s account."}

}

Exit 1

}

if ($re.ResultCode -ne [System.directoryServices.Protocols.ResultCode]::Success) {

$LDAPErr = "$(if ($AccountDisabled -eq $True){"Disabling"} Else {"Enabling"}) LDAP User: $($targetUserDN) account failed!

ResultCode: $($re.ResultCode)

Message: $($re.ErrorMessage)"

Return $LDAPErr

}

Else {

Return "$($re.ResultCode)! LDAP User: $($targetUserDN)'s account was $(if ($AccountDisabled -eq $True){"Disabled"} Else {"Enabled"})."

}

　

} #End Function
#----------------------------------------------------------------------------------

$NovellCred = Get-Credential -Message "Enter your Novell Username and Password. Example username: smithj" # Getting the Novell Credential Information

$EDIRLDAPServer = "LDAPSERVER"
$EDIRBaseDN = "O=TEST"
$userID = $NovellCred.UserName.ToUpper()
$TrgtUserID = "smitha"
$TrgtUserPass = P@ssw0rd

$PRODLDAPObj = GetLDAPObject -LDAPServer $EDIRLDAPServer -LDAPPort 389 -SSL $false -baseDN $EDIRBaseDN -Filter "(uid=$($userID))"

$userDN = ""
$userDN = (($PRODLDAPObj | select "DistinguishedName" | Out-String).Split() | Select-String -Pattern '^(\w+[=]{1}\w+)([,{1}]\w+[=]{1}\w+)*$').ToString().ToUpper()

SetEnableLDAPUserAccount -LDAPServer $EDIRLDAPServer -LDAPPort 389 -SSL $false -targetUserDN $trgtUserDN -AccountDisabled $False -AuthUserName $userDN -SecPassWord $NovellCred.Password