search

EvotecIT / ADEssentials

PowerShell Active Directory helper functions to manage healthy Active Directory
442 stars 54 forks source link

Test-LDAP does return the FQDN or any ports. #12

Closed schubotr closed 3 years ago

schubotr commented 4 years ago

Test-LDAP can't find any ports or the FQDN. I tracked this down to these lines in function Test-LDAP in ADEssentials.psm1:line 5858

    foreach ($Computer in $ComputerName) {
        [Array] $ADServerFQDN = (Resolve-DnsName -Name $Computer -ErrorAction SilentlyContinue)
        if ($ADServerFQDN) {
            if ($ADServerFQDN.NameHost) { $ServerName = $ADServerFQDN[0].NameHost } else {
                [Array] $ADServerFQDN = (Resolve-DnsName -Name $Computer -ErrorAction SilentlyContinue)
                $FilterName = $ADServerFQDN | Where-Object { $_.QueryType -eq 'A' }
                $ServerName = $FilterName[0].Name
            }
        } else { $ServerName = '' }

In the line: if ($ADServerFQDN.NameHost) { $ServerName = $ADServerFQDN[0].NameHost } else {

When I tested I found:

$ADServerFQDN.NameHost is true but $ADServerFQDN[0].hostname is null and is the AAAA record $ADServerFQDN[1].hostname is null and the A record $ADServerFQDN[2].hostname is NOT null and is the first NS record and has a namehost value but not the FQDN of $computer, it is the FQDN of the first nameserver. namehost only exists in NS records, not A or AAAA records

For that statement to work, you need to reference $ADServerFQDN[0].Name not .namehost. if ($ADServerFQDN.NameHost) could probably reference .name or .namehost. I am not sure if it makes a difference. The change that worked for me is:

           if ($ADServerFQDN.Name) { $ServerName = $ADServerFQDN[0].Name } else {

However, I am not sure why that first check is there, the code after the else which finds the A record is probably the better way to find the FQDN of $computer but what you really need to look for are the answer records.

This might be a better way to find the FQDN of $computer, it will find the answer records to the DNS query and extract the FQDN from them.

foreach ($Computer in $ComputerName) {
        $ServerName = ""
        [Array] $ADServerFQDN = (Resolve-DnsName -Name $Computer -ErrorAction SilentlyContinue)
        $FilterName = $ADServerFQDN | Where-Object { $_.section -eq 'answer' }
        $ServerName = $FilterName[0].Name

Ronald Schubot Western Michigan University

PrzemyslawKlys commented 4 years ago

Thank you. I'll review and test it again. I also planned to check for certificate data so I may add some more features to this command.

PrzemyslawKlys commented 3 years ago

I've updated Test-LDAP to better test LDAP along with cert checks.