Vista - How to bind to AD without displaying the Distinguished Name

Requirement:
Bind to Active Directory domain and if successful continue otherwise output
error.

Problem:
The problem here is when I bind to the domain the Distinguished Name is
displayed on the screen. In the script that I am working on I don't want the
DN to be displayed. I have tried the commands "$LDAPDN | out-null" and
"[void]$LDAPDN" but they do not actually make the bind to the domain. Any
help on binding to a domain without having it display the DN would be
appreciated.

Thanks,

Sample Code:
trap
{
Write-Host "Unable to bind to the domain."
Write-Debug "$_.exception.message"
Exit
}
$LDAPDN = [ADSI]("LDAP://$FQDN")
$LDAPDN
Write-Host "Bind to domain $FQDN was successful."

Hi John ,

I'm confused I think . What if you just left the $LDAPDN out . Then you
would not get any output like you want . Right ?

Thanks
Chris


"John" wrote:

Chris wrote:I'm with you there...

Is it you just want particular properties to show when you want to look
at the object?

Marco

The line $LDAPDN = [ADSI]("LDAP://$FQDN")" does not do the actual bind. You
would either have to call the variable $LDAPDN or simply run
[ADSI]("LDAP://$FQDN")". Either way, if it successfully binds to the domain
it displays the distinguished name, but I don't want that information
displayed. I am wondering if there is a way to bind to the domain without
having the distinguished name displayed.

"Chris" wrote:

I need to determine whether or not I can bind to a domain. The only way I
know how to do this is to actually try to bind to the domain and if it fails
an errorcode will be trapped. When the code below is successfully binds to
the domain, the distinguished name is output to the screen. Unfortunately do
not want the distinguished name output to the screen.

Look at the code below to see if this makes any more sense.

trap
{
Write-Host "Unable to bind to the domain."
Write-Debug "$_.exception.message"
Exit
}
[ADSI]("LDAP://$FQDN")
Write-Host "Bind to domain $FQDN was successful."

Thanks.


"Marco Shaw [MVP]" wrote:

Hello John,
John;

I'm confused too - you say "Requirement: Bind to Active Directory domain
and if successful continue otherwise output error.

You have that - your "Write-Host "Bind to domain $FQDN was successful." can
be looked upon as redundant - you won't see the DN if it doesn't bind, so
you KNOW it binds, when it does, no need to bind and then add an additional
message - look at it like ADSI is doing the work for you, and if you don't
like the output, change it like this:

$LDAPDN |fl @{ expression={$_.distinguishedName } ;label="Bind to domain
was successful" }

What I usually do is this :

$domain = "LDAP://dc=foo,dc=com"
$root = new-object System.directoryservices.DirectoryEntry($domain)

At that point if I'm successful I'm bound to the domain .There will be no
output if I'm successful and If I'm not I will get an error .


From there you can run create a searcher object to do whatever .

Does that do anything for ya ?

Chris


"John" wrote:

John wrote:OK, didn't know there was a difference. How can one tell?

How about if you do a redirect of std out "> out.tmp"?

Chris,

That doesn't actually make a bind to the domain. You would have to have a
"$root" on the next line, where it would actually make the bind. You can
validate this by putting an invalid domain in variable $domain. If it
actually made the bind in the line "$root = new-object
System.directoryservices.DirectoryEntry($domain)" it would take longer and
eventually error out.


"Chris" wrote:

Here we go this should help :

$domain = "LDAP://dc=foo,dc=com"
$root = new-object System.directoryservices.DirectoryEntry($domain)

if ($root.Name)

{
"Great!"
}
else
{
"Not So Great!"
}


You can substitue this with something else or if its "true" then just go on
from there .

How about that ?

Thanks
Chris



"John" wrote: