#---------------------------------------------------------------------------------------------
Function SetLDAPUserPassword {
<#
.DESCRIPTION
Sets an LDAP User object password to specified Value
.EXAMPLES
SetLDAPUserPassword -LDAPServer "LDAPSERVER" -LDAPPort 636 -SSL $true -targetUserDN "cn=SMITHJ01,ou=TEST,o=TESTTREE" -targetUserPassword "TempP
#>
param
([string]$LDAPServer,[int]$LDAPPort,[boolean]$SSL,[string]$targetUserDN,[string]$targetUserPassword,[string]$AuthUserName,[securestring]$SecPassWord )
#Load the assemblies
[
System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices.Protocols") | Out-Null
[
System.Reflection.Assembly]::LoadWithPartialName("System.Net") | Out-Null
$Error
.Clear()
Try
{
#Connects to LDAP Server using specified port
$c = New-Object System.DirectoryServices.Protocols.LdapConnection "$($LDAPServer):$($LDAPPort)" -ea Stop
#Set session options
$c.SessionOptions.SecureSocketLayer = $SSL;
$c.SessionOptions.VerifyServerCertificate = { return $true;} #needed for self-signed certificates
# Pick Authentication type:
# Anonymous, Basic, Digest, DPA (Distributed Password Authentication),
# External, Kerberos, Msn, Negotiate, Ntlm, Sicily
$c.AuthType = [System.DirectoryServices.Protocols.AuthType]::Basic
#Creates a credential object to pass to bind to LDAP Connection Object
$NovellCredentials = new-object "System.Net.NetworkCredential" -ArgumentList $AuthUserName,$SecPassWord
# Bind with the network credentials. Depending on the type of server,
# the username will take different forms. Authentication type is controlled
# above with the AuthType
$c.Bind($NovellCredentials);
}
Catch
{
switch -Wildcard ($Error)
{
"*The supplied credential is invalid*" { "The Supplied LDAP Authentication Credentials for User: $($AuthUserName) were invalid." }
"*The LDAP server is unavailable*" {"Error Connecting to LDAP Server! Check that LDAP Server value of: $($LDAPServer) is correct, and available and responding on port: $($LDAPPort)"}
default {"An Unknown Error occured attempting to connect to LDAP Server $($LDAPServer) to change User: $($targetUserDN)'s eDirectory Password."}
}
Exit 1
}
#Creating an LDAP request Object
$r
= (new-object "System.DirectoryServices.Protocols.ModifyRequest")
$r
.DistinguishedName = $targetUserDN;
$m
= New-Object "System.DirectoryServices.Protocols.DirectoryAttributeModification"
$m
.Name = "userPassword"; #Attribute where the User's Password is stored, is a Write only attribute
$m
.Operation = [System.DirectoryServices.Protocols.DirectoryAttributeOperation]::Replace
#add value(s) of the attribute
$m
.Add($targetUserPassword) | Out-Null
$r
.Modifications.Add($m) | Out-Null
$Error
.Clear()
Try
{
#Actually Try to process the request through the server
$re = $c.SendRequest($r);
}
Catch
{
switch -Wildcard ($Error)
{
"*The user has insufficient access rights*" {"The LDAP User $($AuthUserName) doesn't appear to have rights to Change user: $($targetUserDN) Password."}
default {"An Unknown Error occured while changing the eDirectory LDAP User: $($targetUserDN)'s Password."}
}
Exit 1
}
Try
{
}
Catch
{
}
if
($re.ResultCode -ne [System.directoryServices.Protocols.ResultCode]::Success) {
$LDAPErr = "Change LDAP User Password Failed!
ResultCode:
$($re.ResultCode)
Message:
$($re.ErrorMessage)"
Return $LDAPErr
}
Else
{
Return
"$($re.ResultCode)! LDAP User: $($targetUserDN)'s Password was changed."
}
}
#End Function
#---------------------------------------------------------------------------
$NovellCred = Get-Credential -Message "Enter your Novell Username and Password. Example username: smithj" # Getting the Novell Credential Information
$EDIRLDAPServer = "LDAPSERVER"
$EDIRBaseDN = "O=TEST"
$userID = $NovellCred.UserName.ToUpper()
$TrgtUserID = "smitha"
$TrgtUserPass = P@ssw0rd
$PRODLDAPObj = GetLDAPObject -LDAPServer $EDIRLDAPServer -LDAPPort 389 -SSL $false -baseDN $EDIRBaseDN -Filter "(uid=$($userID))"
$userDN = ""
$userDN = (($PRODLDAPObj | select "DistinguishedName" | Out-String).Split() | Select-String -Pattern '^(\w+[=]{1}\w+)([,{1}]\w+[=]{1}\w+)*$').ToString().ToUpper()
SetLDAPUserPassword -LDAPServer $EDIRLDAPServer -LDAPPort 389 -SSL $false -targetUserDN $trgtUserDN -targetUserPassword $trgtUserPass -AuthUserName $userDN -SecPassWord $NovellCred.Password
Cheers - this helped with my eDirectory scripts.
ReplyDelete