For many Microsoft IT professionals, one of the first things they do with PowerShell is using it to perform tasks in Active Directory.
PowerShell, for instance, can join computers to Active Directory, remove computers, and reset passwords among many other tasks. One task in particular I perform a lot is searching Active Directory for user and computer information. Part of what makes PowerShell such as great tool for this is the job it does filtering information out, such as only searching for users in a specific department. In this article, I will go over some common things PowerShell can search for in Active Directory.
Searching User Information
Searching user information in AD can be done with the Get-ADUser cmdlet. Personally, I use the -Identity parameter the most with this cmdlet, which allows you to pass these types of values:
- A distinguished name
- A GUID (objectGUID)
- A security identifier (objectSid)
- A SAM account name (sAMAccountName)
So for instance to get information by a samaccountname I could do this:
C:\> Get-ADUser -Identity dfrancis
DistinguishedName : CN=Daniel Franciscus,OU=Test,DC=domain,DC=com
Enabled : True
GivenName : Dan
Name : Daniel Franciscus
ObjectClass : user
ObjectGUID : 68fbb9c6-bc5a-4892-8f93-5ba8ec523365
SamAccountName : dfrancis
SID : S-1-5-21-2099712884-232525161-946742744-8334
Surname : Franciscus
UserPrincipalName : [email protected]
Easy enough, right? Now, let us try something a little more interesting. With the -Filter parameter, we can specify how we want out output filtered. Here, I want to show any user who as a count of bad password greater than 7:
C:\> Get-ADUser -Filter 'badpwdcount -ge 7' | Select-Object samaccountname
samaccountname
--------------
Guest
Test-1
TestUser2
TestUser3
TestUser4
Another task I do frequently is look at a specific organizational unit in Active Directory for certain information. In this scenario, I want to query a specific OU but only for users with the last name “Davis”:
C:\> Get-ADUser -Filter 'Surname -eq "Davis"' -SearchBase 'OU=Desktop,DC=domain,DC=com' -Properties * | Select Displayname,Surname
Displayname Surname
----------- -------
Dan Davis Davis
Brad Davis Davis
Note that the attribute in Active Directory for last name is surname, so we use the –eq operator to find exactly the surname of “Davis.”
Searching Computer Information
Searching for computer information in AD is performed with the Get-ADComputer cmdlet. The parameters are very similar to Get-ADUser and work the same way. Here, I want to find the computer record associated with a specific IPv4 address:
C:\> Get-ADComputer -Filter 'IPv4Address -eq "172.16.67.155"'
DistinguishedName : CN=Test-1,OU=Staff,OU=Test,DC=domain,DC=com
DNSHostName : Test-1.domain.com
Enabled : True
Name : Test-1
ObjectClass : computer
ObjectGUID : 68e597fe-631d-413d-9087-2cc806709c82
SamAccountName : Test-1$
SID : S-1-5-21-2099712884-232525161-946742744-11288
UserPrincipalName :
Here, I do the same command, but I want to find the SID for this particular machine as well. One of the great features of Get-ADComputer is that you can quickly find attributes in Active Directory, quite handy for things like finding an SID.
C:\> Get-ADComputer -Filter 'IPv4Address -eq "172.16.48.155"' | Select-Object SID
SID
---
S-1-5-21-2099712884-232525161-946742744-11243
Summary
If you work with Active Director often, the ActiveDirectory PowerShell module is something you need to be using. It will make you much more efficient at viewing and making changes in AD. PowerShell enables easy filtering of AD information and can give fascinating information.