Once upon a time in daily business there is only two things you have: A powershell and no internet / no media to install a appropriate module to query the Active Directory.
Thank you god it`s LDAP-time.
First we need to connect to the Active Directory. This is done via a DirectorySearcherObject (we want to search/query something).
# get the object $searchObject = New-Object System.DirectoryServices.DirectorySearcher; # where do we want to go today $LDAPSearchRoot="LDAP://MYDOMAIN.LOCAL:3268"; $searchObject.SearchRoot $LDAPSearchRoot; # search for a user object using a filter. In this case we`re using wildcards '*'. # The filter matches 'pete', 'peter', and so on. $mySearcher.Filter = "(& (objectClass=user) (samAccountName=*pete*))"; # search all the subtrees (deepsearch) $mySearcher.SearchScope = "sub"; $mySearcher.PageSize = 10; # these are the attributes where are looking for # for a more complete list look at http://www.selfadsi.de/user-attributes.htm $myAttributes = ("givenName", "sn", "displayName", "userPrincipalName", "samAccountName", "distinguishedname", "userAccountControl"); $mySearcher.PropertiesToLoad.AddRange($myAttributes); # get the results $mySearcher.FindAll();
A better solution is, of course, to put the code in a function so that it can be reused in a module or simply in other parts of the code.
I`ve done it this way:
function Get-AdUsers { [CmdletBinding()] param( [Parameter(Mandatory=$true)] [string] $Username, # LDAPSearchRoot can be set on top of your module or # it can be overridden by passing it to this function [Parameter(Mandatory=$false)] [string] $LDAPSearchRoot = $LDAPSearchRoot ) $users = @(); $mySearcher = New-Object System.DirectoryServices.DirectorySearcher $mySearcher.SearchRoot = $LDAPSearchRoot $mySearcher.Filter = "(& (objectClass=user) (samAccountName=*$Username*))" $mySearcher.SearchScope = "sub" $mySearcher.PageSize = 10 $myAttributes = ("givenName", "sn", "displayName", "userPrincipalName", "samAccountName", "distinguishedname", "userAccountControl") $mySearcher.PropertiesToLoad.AddRange($myAttributes) $finds = $mySearcher.FindAll() # for a complete documentation of possible flags see: # http://www.selfadsi.de/ads-attributes/user-userAccountControl.htm [Flags()] Enum uac { Active = 512 Deactivate = 514 PasswordNeverExpires = 65536 } foreach ($i in $finds) { $user = New-Object PsObject; $i.Properties | % { $user | Add-Member -MemberType NoteProperty -Name "DisplayName" -Value $_.displayname.Replace("{", "").Replace("}", ""); $user | Add-Member -MemberType NoteProperty -Name "SamAccountName" -Value $_.samaccountname.Replace("{", "").Replace("}", ""); $user | Add-Member -MemberType NoteProperty -Name "SurName" -Value $_.sn.Replace("{", "").Replace("}", ""); $user | Add-Member -MemberType NoteProperty -Name "GivenName" -Value $_.givenname.Replace("{", "").Replace("}", ""); $user | Add-Member -MemberType NoteProperty -Name "UserPrincipalName" -Value $_.userprincipalname.Replace("{", "").Replace("}", ""); $user | Add-Member -MemberType NoteProperty -Name "DistinguishedName" -Value $_.distinguishedname.Replace("{", "").Replace("}", ""); [uac]$accountControl = ($_.useraccountcontrol) # see enum values $user | Add-Member -MemberType NoteProperty -Name "UserAccountControl" -Value $accountControl; } $users += $user; } return $users; }
The function is then called up as follows:
Get-AdUsers -Username AnyUsername -LDAPSearchRoot "LDAP://MYDOMAIN.LOCAL:3268"