Test-ADXLdap

Namespace ADPlayground.PowerShell

Inputs

System.String[]

Outputs

ADPlayground.Ldap.LdapServerReadable ADPlayground.Ldap.LdapServerResult

Tests LDAP connectivity on domain controllers.

Examples

Authored help example

Example 1: Test LDAP and LDAPS on all domain controllers in the current forest


Test-ADXLdap -Forest 'contoso.com' -Identity 'krbtgt'

Example 2: Validate LDAP, LDAPS, and GC ports on selected controllers with a probe credential


$credential = Get-Credential 'CONTOSO\svc_ldap_probe'
            Test-ADXLdap -ComputerName 'dc-01.contoso.com','dc-02.contoso.com' -Credential $credential -RetryCount 2 -ProbeLegacyTls

Common Parameters

This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.

For more information, see about_CommonParameters.

Syntax

Test-ADXLdap [-ComputerName <string[]>] [-CertificateIncludeDomainName <string[]>] [-Credential <PSCredential>] [-Domain <string[]>] [-Forest <string>] [-GCPortLDAP <int>] [-GCPortLDAPS <int>] [-Identity <string>] [-IncludeTrusts] [-MaxConcurrency <int>] [-NoCertificateValidation] [-PerPortTimeoutMs <int>] [-PortLDAP <int>] [-PortLDAPS <int>] [-ProbeLegacyTls] [-RetryCount <int>] [-RetryDelayMs <int>] [-ServerBudgetMs <int>] [-SkipCheckGC] [-SkipRODC] [<CommonParameters>]

Parameters

ComputerName string[] optionalposition: 0pipeline: true (ByValue, ByPropertyName): Server names to test. When omitted all DCs are tested.
CertificateIncludeDomainName string[] optionalposition: namedpipeline: false: When verifying certificate, validates that certificate DNS names include all specified values.
Credential PSCredential optionalposition: namedpipeline: false: Credential for binding.
Domain string[] optionalposition: namedpipeline: false: Domains to test.
Forest string optionalposition: namedpipeline: false: Forest name when enumerating domains.
GCPortLDAP int optionalposition: namedpipeline: false: GC LDAP port.
GCPortLDAPS int optionalposition: namedpipeline: false: GC LDAPS port.
Identity string optionalposition: namedpipeline: false: User identity to verify.
IncludeTrusts SwitchParameter optionalposition: namedpipeline: false: Include trusted forests when querying domains.
MaxConcurrency int optionalposition: namedpipeline: false: Maximum concurrent server tests.
NoCertificateValidation SwitchParameter optionalposition: namedpipeline: false: Opt out of certificate verification. By default, certificate verification is performed.
PerPortTimeoutMs int optionalposition: namedpipeline: false: Timeout per port operation (ms). Default 3000.
PortLDAP int optionalposition: namedpipeline: false: LDAP port.
PortLDAPS int optionalposition: namedpipeline: false: LDAPS port.
ProbeLegacyTls SwitchParameter optionalposition: namedpipeline: false: Probe accepted TLS versions on LDAPS (adds extra handshakes).
RetryCount int optionalposition: namedpipeline: false: Number of retries per port.
RetryDelayMs int optionalposition: namedpipeline: false: Milliseconds to wait between retries.
ServerBudgetMs int optionalposition: namedpipeline: false: Total budget per server (ms). Default 30000.
SkipCheckGC SwitchParameter optionalposition: namedpipeline: false: Skip Global Catalog ports.
SkipRODC SwitchParameter optionalposition: namedpipeline: false: Skip read-only domain controllers.

Outputs

ADPlayground.Ldap.LdapServerReadable, ADPlayground.Ldap.LdapServerResult