CreativeAcer · CreativeAcer · Jan 9, 2025 · Jan 9, 2025 · Jan 9, 2025
diff --git a/Functions/Data/LDAP/LDAPConnection.ps1 b/Functions/Data/LDAP/LDAPConnection.ps1
@@ -20,27 +20,52 @@
         Write-Host "Port $Port is open on $DomainController"
 
         # Test SSL certificate
-        $cert = $null
+        $tcpClient = $null
+        $sslStream = $null
         try {
             $tcpClient = New-Object System.Net.Sockets.TcpClient($DomainController, $Port)
-            $sslStream = New-Object System.Net.Security.SslStream($tcpClient.GetStream())
+            $sslStream = New-Object System.Net.Security.SslStream(
+                $tcpClient.GetStream(),
+                $false,
+                { param($sender, $certificate, $chain, $errors) return $true }
+            )
+
             $sslStream.AuthenticateAsClient($DomainController)
             $cert = $sslStream.RemoteCertificate
 
-            Write-Host "SSL Certificate Details:"
-            Write-Host "Subject: $($cert.Subject)"
-            Write-Host "Issuer: $($cert.Issuer)"
-            Write-Host "Valid From: $($cert.NotBefore)"
-            Write-Host "Valid To: $($cert.NotAfter)"
-            Write-Host "Thumbprint: $($cert.Thumbprint)"
+            if ($cert -ne $null) {
+                # Convert to X509Certificate2 for better property access
+                $cert2 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($cert)
+
+                Write-Host "SSL Certificate Details:"
+                Write-Host "Subject: $($cert2.Subject)"
+                Write-Host "Issuer: $($cert2.Issuer)"
+                Write-Host "Valid From: $($cert2.NotBefore.ToString('yyyy-MM-dd HH:mm:ss'))"
+                Write-Host "Valid To: $($cert2.NotAfter.ToString('yyyy-MM-dd HH:mm:ss'))"
+                Write-Host "Thumbprint: $($cert2.Thumbprint)"
+
+                if ($cert2.NotAfter -gt (Get-Date)) {
+                    Write-Host "Certificate is valid" -ForegroundColor Green
+                } else {
+                    Write-Host "Certificate has expired" -ForegroundColor Red
+                    return $false
+                }
+            } else {
+                Write-Host "SSL Certificate could not be retrieved"
+                return $false
+            }
         }
         catch {
             Write-Host "SSL Certificate error: $($_.Exception.Message)"
             return $false
         }
         finally {
-            if ($sslStream) { $sslStream.Dispose() }
-            if ($tcpClient) { $tcpClient.Dispose() }
+            if ($sslStream) { 
+                try { $sslStream.Dispose() } catch { }
+            }
+            if ($tcpClient) { 
+                try { $tcpClient.Dispose() } catch { }
+            }
         }
 
         return $true

diff --git a/Test-LDAPSConnection.ps1 b/Test-LDAPSConnection.ps1
@@ -0,0 +1,176 @@
+function Get-DomainController-ForTest {
+    try {
+        # Try method 1: Environment variable
+        $dc = $env:LOGONSERVER -replace '\\',''
+        if (-not [string]::IsNullOrEmpty($dc)) {
+            Write-Host "Found DC from LOGONSERVER: $dc"
+            return $dc
+        }
+
+        # Try method 2: Current domain
+        $domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
+        $dc = $domain.DomainControllers[0].Name
+        if (-not [string]::IsNullOrEmpty($dc)) {
+            Write-Host "Found DC from current domain: $dc"
+            return $dc
+        }
+
+        # Try method 3: DNS query
+        $domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Name
+        $dc = (nslookup -type=srv _ldap._tcp.dc._msdcs.$domain 2>$null | 
+               Select-String -Pattern "svr hostname = (.+)$" | 
+               ForEach-Object { $_.Matches.Groups[1].Value }) | Select-Object -First 1
+
+        if (-not [string]::IsNullOrEmpty($dc)) {
+            Write-Host "Found DC from DNS query: $dc"
+            return $dc
+        }
+
+        throw "No Domain Controller found"
+    }
+    catch {
+        Write-Host "Error finding Domain Controller: $($_.Exception.Message)" -ForegroundColor Red
+        return $null
+    }
+}
+
+function Test-LDAPS {
+    param(
+        [Parameter(Mandatory=$false)]
+        [string]$DomainController = (Get-DomainController-ForTest)
+    )
+
+    try {
+        Write-Host "`n=== Testing LDAPS Configuration ==="
+
+        # Validate DC name
+        if ([string]::IsNullOrEmpty($DomainController)) {
+            throw "No Domain Controller specified"
+        }
+
+        Write-Host "Testing connection to Domain Controller: $DomainController"
+        $LDAPSPort = 636
+
+        # Test 1: Basic port connectivity
+        $tcpClient = $null
+        try {
+            Write-Host "`nTesting LDAPS port connectivity..."
+            $tcpClient = New-Object System.Net.Sockets.TcpClient
+            $result = $tcpClient.BeginConnect($DomainController, $LDAPSPort, $null, $null)
+            $waited = $result.AsyncWaitHandle.WaitOne(1000, $false)
+
+            if ($waited) {
+                Write-Host "✓ Port $LDAPSPort is open" -ForegroundColor Green
+            } else {
+                Write-Host "✗ Port $LDAPSPort is not accessible" -ForegroundColor Red
+                return
+            }
+        }
+        catch {
+            Write-Host "✗ Port connectivity test failed: $($_.Exception.Message)" -ForegroundColor Red
+        }
+        finally {
+            if ($tcpClient) {
+                $tcpClient.Close()
+            }
+        }
+
+        # Test 2: LDAPS Binding
+        $directoryEntry = $null
+        try {
+            Write-Host "`nTesting LDAPS binding..."
+            $ldapPath = "LDAPS://$DomainController"
+            $authType = [System.DirectoryServices.AuthenticationTypes]::Secure -bor 
+                       [System.DirectoryServices.AuthenticationTypes]::SecureSocketsLayer
+
+            $directoryEntry = New-Object System.DirectoryServices.DirectoryEntry($ldapPath, $null, $null, $authType)
+
+            # Try to access a property to verify connection
+            $name = $directoryEntry.Name
+
+            Write-Host "✓ LDAPS binding successful" -ForegroundColor Green
+            Write-Host "`nLDAPS connection details:"
+            Write-Host "  Server: $DomainController"
+            Write-Host "  Path: $($directoryEntry.Path)"
+            Write-Host "  Name: $name"
+
+            # Test 3: SSL Certificate
+            $tcpClient = $null
+            $sslStream = $null
+            try {
+                Write-Host "`nTesting SSL Certificate..."
+                $tcpClient = New-Object System.Net.Sockets.TcpClient($DomainController, $LDAPSPort)
+                $sslStream = New-Object System.Net.Security.SslStream(
+                    $tcpClient.GetStream(),
+                    $false,
+                    { param($sender, $certificate, $chain, $errors) return $true }
+                )
+
+                $sslStream.AuthenticateAsClient($DomainController)
+                $cert = $sslStream.RemoteCertificate
+
+                if ($cert -ne $null) {
+                    # Convert to X509Certificate2 for better property access
+                    $cert2 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($cert)
+
+                    Write-Host "Certificate details:" -ForegroundColor Cyan
+                    Write-Host "  Subject: $($cert2.Subject)"
+                    Write-Host "  Issuer: $($cert2.Issuer)"
+                    Write-Host "  Valid From: $($cert2.NotBefore.ToString('yyyy-MM-dd HH:mm:ss'))"
+                    Write-Host "  Valid To: $($cert2.NotAfter.ToString('yyyy-MM-dd HH:mm:ss'))"
+                    Write-Host "  Thumbprint: $($cert2.Thumbprint)"
+
+                    if ($cert2.NotAfter -gt (Get-Date)) {
+                        Write-Host "✓ Certificate is valid" -ForegroundColor Green
+                    } else {
+                        Write-Host "✗ Certificate has expired" -ForegroundColor Red
+                    }
+                } else {
+                    Write-Host "✗ SSL Certificate is null or could not be retrieved" -ForegroundColor Red
+                }
+            }
+            catch {
+                Write-Host "✗ SSL Certificate validation failed: $($_.Exception.Message)" -ForegroundColor Red
+            }
+            finally {
+                if ($sslStream) {
+                    try { $sslStream.Dispose() } catch { }
+                }
+                if ($tcpClient) {
+                    try { $tcpClient.Dispose() } catch { }
+                }
+            }
+        }
+        catch {
+            Write-Host "✗ LDAPS binding failed: $($_.Exception.Message)" -ForegroundColor Red
+        }
+        finally {
+            if ($directoryEntry) {
+                try {
+                    [System.Runtime.Interopservices.Marshal]::ReleaseComObject($directoryEntry) | Out-Null
+                    [System.GC]::Collect()
+                    [System.GC]::WaitForPendingFinalizers()
+                }
+                catch {
+                    Write-Host "Note: Clean-up of DirectoryEntry completed with non-critical warnings" -ForegroundColor Yellow
+                }
+            }
+        }
+    }
+    catch {
+        Write-Host "`n✗ Test failed: $($_.Exception.Message)" -ForegroundColor Red
+    }
+    finally {
+        Write-Host "`n=== Test Complete ===`n"
+    }
+}
+
+# Call the function with the automatically detected DC
+$dc = $env:LOGONSERVER -replace '\\',''
+if ([string]::IsNullOrEmpty($dc)) {
+    Write-Host "Could not detect Domain Controller from environment." -ForegroundColor Yellow
+    Write-Host "Please provide a Domain Controller name." -ForegroundColor Yellow
+} else {
+    Write-Host "Testing LDAPS for Domain Controller: $dc"
+    Test-LDAPS -DomainController $dc
+}