In the context Active Directory an LDAP ping is specially crafted LDAP search performed against a Domain Controller to determine the computer site and logon information.

From MSDN:

…the usage of LDAP to verify the aliveness of the domain controller and also check whether the domain controller matches a specific set of requirements. This operation is commonly referred to as LDAP ping.

Discovery Process

This page describes how the DC-Locator works, but does not lay out the specifics.

Here are the steps the DC-Locator performs…

  1. Determine the DNS domain name of the domain
  2. Lookup a list of Domain Controllers for the domain using DNS
  3. Perform an LDAP ping against each Domain Controller until one responds
  4. Use the site information from the response to lookup Domain Controllers in the same site using DNS
  5. Perform an LDAP ping against each Domain Controller until one responds
  6. Cache the Domain Controller information for the session

LDAP Ping from PowerShell

So, lets say for some reason you want to do an LDAP ping from PowerShell… here are how you perform the steps above.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

# I won't cover discovery of your DNS domain, that's up to you.
$DnsDomain = 'contoso.com'

# on Windows PowerShell you will need to load the System.DirectoryServices.Protocols assembly
Add-Type -AssemblyName System.DirectoryServices.Protocols

# find all domain controllers in the domain, as well as the LDAP port
$DomainDCs = Resolve-DnsName -Name "_ldap._tcp.$DnsDomain" -Type SRV |
    Where-Object { $_.Type -eq 'SRV' } |
    Select-Object @{N='ComputerName';E='NameTarget'}, Port

# loop through the domain controllers, stopping on the first success
foreach ( $DomainController in $DomainDCs ) {
    
    $CanConnect = Test-NetConnection -ComputerName $DomainController.ComputerName -Port $DomainController.Port -InformationLevel Quiet
    if ( -not $CanConnect ) {
        # unable to connect to port, skip...
        continue
    }

    # create an LDAP connection
    $LdapServer = $DomainController.ComputerName, $DomainController.Port -join ':'
    $LdapConnection = [System.DirectoryServices.Protocols.LdapConnection]::new($LdapServer)
    $LdapConnection.AuthType = [System.DirectoryServices.Protocols.AuthType]::Anonymous

    # NT Version - this is actually a collection of options, not the version of
    # the operating system as the name would imply
    # See: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/8e6a9efa-6312-44e2-af12-06ad73afbfa5
    $NTVersionOptions = '\1e\00\00\00' # V5 (0x2) | V5EX (0x4) | V5EP (0x8) | VCS (0x10) = 0x1e

}