
close
close
Last time, we started looking at the Active Directory Searcher object and how to find a single user object. If you missed it, take a moment to get caught up.
If you recall, I created a simple searcher.
$searcher = New-Object system.DirectoryServices.DirectorySearcher $searcher.filter = "samaccountname=jeff"
My Active Directory (AD) domain is not especially large, so the query does not take long to run. However, you will want to fine tune your search to be as specific and limited as possible. We will look at some filtering techniques later. Right now, I want to focus on search scope by discussing how much AD you will need to search.
When you create a search object, it defaults to the domain root for the current logged on user.
advertisment
$searcher.SearchRoot = "LDAP://ou=employees,dc=globomantics,dc=local"
Now the search runs very quickly.
$props = "distinguishedname","name","samaccountname","title","department","directreports" foreach ($item in $props) { $searcher.PropertiesToLoad.Add($item) | out-null }
$entry | Select @{Name="DN";Expression={$_.DistinguishedName.value}}, @{Name="SAM";Expression={$_.samAccountname.value}}, @{Name="Name";Expression={$_.name.value}}, @{Name="Title";Expression={$_.title.value}}, @{Name="Dept";Expression={$_.department.value}}, @{Name="DirectReports";Expression = {$_.directreports.value}}
$entry.Properties.GetEnumerator()| Foreach -begin { $h = @{} } -process { $h.add($_.PropertyName,$_.value) } -end { new-object psobject -Property $h }
advertisment
Function Get-MyADUserObject { [cmdletbinding()] Param( [Parameter(Position = 0, Mandatory)] [string]$SamAccountname, [ValidatePattern("^LDAP://")] [string]$SearchRoot ) $searcher = New-Object system.DirectoryServices.DirectorySearcher $searcher.filter = "samaccountname=$SamAccountName" #limit search properties since we're going to get the complete user object $searcher.PropertiesToLoad.Add("distinguishedname") | out-null if ($SearchRoot) { $searcher.SearchRoot = $SearchRoot } $user = $searcher.FindOne() if ($user.Path) { $entry = $user.GetDirectoryEntry() $entry.Properties.GetEnumerator()| Foreach -begin { $h = @{} } -process { $h.add($_.propertyName,$_.value) } -end { new-object psobject -Property $h } } else { Write-Warning "Could not find user $samaccountname under $($searcher.SearchRoot.Path)" } } #end function
Feel free to expand upon this. Now, I have a tool to get a user from AD that writes an object to the pipeline. I can work with this.
More from Jeff Hicks
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in PowerShell
Microsoft’s New PowerShell Crescendo Tool Facilitates Native Command-Line Wraps
Mar 21, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group