I know that the LDAP string needed is of the form
"LDAP://<WKGUID=18e2ea80684f11d2b9aa00c04f79f805,dc=domain,dc=com>" but I
keep getting a "No such object on server" . I know the WKGUI is correct from
several sources but suspect that PowerShell just doesn't like doing this.
Has anyone got working code for connecting to the Deleted Objects container
please?
--
Richard Siddaway
Please note that all scripts are supplied "as is" and with no warranty
Blog: http://richardsiddaway.spaces.live.com/
PowerShell User Group: http://www.get-psuguk.org.uk
$adspath = "LDAP://DC=starking,DC=org"
$root = [System.DirectoryServices.DirectoryEntry]$adsPath
$root.psbase.AuthenticationType =
[System.DirectoryServices.AuthenticationTypes]::FastBind
#$root.psbase.path = "LDAP://cn=Deleted Objects,dc=starking,dc=org"
$root.psbase.path =
"LDAP://<WKGUID=18e2ea80684f11d2b9aa00c04f79f805,dc=starking,dc=org>"
$search = [System.DirectoryServices.DirectorySearcher]$root
$search.Filter = "(&(isDeleted=TRUE)(objectclass=user))"
#$search.Filter = "(isDeleted=TRUE)"
$search.tombstone = $true
$search.SearchScope = [System.DirectoryServices.SearchScope]::OneLevel
$result = $search.Findall()
$result
This will display all of the deleted user objects in the domain. The path
can be set either using the WKGUID or the cn=Deleted Objects,....
syntax.
The one thing to note that is that if you set the properties this way that
if you type $root to display its properties you may well get an error even
though it works in the search. The whole system seems quite picky as to what
you can and can't do when accessing the deleted objects.
A useful reference for this is Kaplan and Dunn's book on Directory Services
Programming and the following MSDN article
http://msdn.microsoft.com/msdnmag/issues/05/12/DirectoryServices/
if anyone knows of an easier way I would be grateful
--
Richard Siddaway
Please note that all scripts are supplied "as is" and with no warranty
Blog: http://richardsiddaway.spaces.live.com/
PowerShell User Group: http://www.get-psuguk.org.uk