Powershell and Active Directory Part 2/4 Search

64px-Windows_PowerShell_iconAfter part 1 of the Powershell and Active Directory postings we are now finally ready for working with Powershell and Active Directory! In this post I will show you how to do a basic Active Directory search. I know this has been explained over and over again on different blogs but I will go the extra mile which we need for part 3 which will be released later this week.

Now that we start with creating a Active Directory searcher I will start with short script blocks and explain what exactly we are doing. In the end I will show you how it all ends up when combined to the final script.

 

Variables

$TARGETOU = “OU=Users,dc=Bladiebla,dc=COM”
$ADSCOPE = “SUBTREE”
$strFilter = “(&(objectCategory=User))”
$ADSIZE = “1000”

In the Variable block we define “obviously” the variables which we are going to use in the script.

  • TargetOU: Defines the base OU for the AD Search script
  • ADSCOPE: Defines search in the Base OU, Subdirs or Base and Sub OU
  • STRFILTER: Defines the actual search filter based on AD object Attributes
  • ADSIZE: Defines the search limit for the amount of objects returned by the script

AD Searcher

$objOU = New-Object System.DirectoryServices.DirectoryEntry(“LDAP://$TARGETOU“)
$ADSearcher = New-Object System.DirectoryServices.DirectorySearcher
$ADSearcher.SearchRoot = $objOU
$ADSearcher.PageSize = $ADSIZE
$ADSearcher.Filter = $strFilter
$ADSearcher.SearchScope = $ADSCOPE

This is where we create the AD Searcher. For easy reading the variables as defined are blue so you can see how the variables are used in the AD Searcher.

 

AD Search results

$ADResults = $ADSearcher.FindAll()

foreach ($ADResult in $ADResults)
{
$u = $ADResult.Properties
$u

Now that we created the AD Searcher we can perform a search. The variable $ADResults will perform the actual search.

As we should get multiple objects returned we need a foreach loop to do a specific action on that object.

Make sure you notice that we did not close the loop with the }.

 

AD User Object

$user = [ADSI]”LDAP://$($u.distinguishedname)”
$user.name
}

Remember that we are still working inside the foreach loop we started in the previous block.

The AD search result $ADRESULT is nothing more than a search result object. You can get some basic information of this object however you really want to connect to the object by ADSI to have full freedom to do whatever is possible. This is what we have done here.

 

Wrapping it up

##==========================================================
#    Script By:    Barry Schiffer
#    Created on:    24-03-2009
#    USE:        AD SEARCH TOOL – Search AD Users and connect $user to ADSI object
##==========================================================

##==========================================================
$TARGETOU = “OU=Users,dc=Bladiebla,dc=COM”
$ADSCOPE = “SUBTREE”
$strFilter = “(&(objectCategory=User))”
$ADSize = “1000”
##==========================================================

$objOU = New-Object System.DirectoryServices.DirectoryEntry(“LDAP://$TARGETOU”)
$ADSearcher = New-Object System.DirectoryServices.DirectorySearcher
$ADSearcher.SearchRoot = $objOU
$ADSearcher.PageSize = $ADSize
$ADSearcher.Filter = $strFilter
$ADSearcher.SearchScope = $ADSCOPE

$ADResults = $ADSearcher.FindAll()

foreach ($ADResult in $ADResults)
{
$u = $ADResult.Properties
$user = [ADSI]”LDAP://$($u.distinguishedname)”
$user.name
}

So this is what the final script should look like. Now that you have created the basic script you should really play around a bit with the different possibilities. Try to have a look at why we connected to the actual ADSI object. This will help you in the next part of the post.

For more information about creating the AD Searcher Filter have a look at the Microsoft technet website.

If you have any questions don’t hesitate to contact me by e-mail or comments.

For now greetings and please come back later for the next part.

Tagged , , . Bookmark the permalink.

About Barry Schiffer

Barry is an IT Architect with 15 years of IT experience. He has gained both a broad and deep knowledge in the sphere of IT. Throughout the years, Barry has developed into a specialist in the field of Microsoft Windows, Server Based Computing, desktop and server virtualisation.Barry is co-founder and member of the Board of the Dutch Citrix User Group.Barry is awarded with the Citrix Technology Professional award in 2015 and received the RES Software Valued Professional award in 2012.

3 Responses to Powershell and Active Directory Part 2/4 Search

  1. I really like your post. Does it copyright protected?

  2. The article is ver good. Write please more

Leave a Reply