There are times where I need to compare Domino Address Books (NAB) to Active Directory. Using PowerShell to connect to Domino NAB solves this with ease, although we have to use logon details with no authentication method. A little strange but Domino accepts the ‘[System.DirectoryServices.AuthenticationTypes]::None’ fromPowerShell.
1 |
$root = New-Object -TypeName System.DirectoryServices.DirectoryEntry("LDAP://DominoSrv01/o=OrgName", "admin/notesdomain", "Password", [System.DirectoryServices.AuthenticationTypes]::None) |
Changing DominoSrv01, Organisation Name, Username and Password for the environment.
1 |
$query = New-Object System.DirectoryServices.DirectorySearcher($root) |
Make a connection to the DirectoryServices Object
1 |
$query.Filter = "(objectClass=dominoperson)" |
Using LDAP filter, select which objects to be returned. This example selects all Domino Users.
1 |
$query.SearchScope.all |
Defines the normal PowerShell search scope of all objects in subtree.
1 |
$col = $query.findall() |
Perform the action to find all objects matching the $query.Filter
1 |
$col.count |
Will show the count of the objects as an example.
Once connected $Col can be used in all manner of analysis. Need to change example items to match LAB/Production environments.
This supports write access if the LDAP Server Document allows it and also Directory Assistance is fully supported.
Using ‘SET CONFIG LDAPDEBUG=1’ on the Domino Server running the LDAP also shows which address book views are being searched, and how, which can be helpful in understanding performance and configuration problems.
LDAP> Type of search: View Search
LDAP> … Searching entries for a filter ‘sn = Davis’ in ($LDAPS)
LDAP> GetSearchEntry State
Make sure the NAB is fully indexed!!! Without this you not see any results.