Searching Active Directory with PowerShell

For many Microsoft IT professionals, one of the first things they do with PowerShell is using it to perform tasks in Active Directory.

PowerShell, for instance, can join computers to Active Directory, remove computers, and reset passwords among many other tasks. One task in particular I perform a lot is searching Active Directory for user and computer information. Part of what makes PowerShell such as great tool for this is the job it does filtering information out, such as only searching for users in a specific department. In this article, I will go over some common things PowerShell can search for in Active Directory.

Searching User Information

Searching user information in AD can be done with the Get-ADUser cmdlet. Personally, I use the -Identity parameter the most with this cmdlet, which allows you to pass these types of values:

• A distinguished name
• A GUID (objectGUID)
• A security identifier (objectSid)
• A SAM account name (sAMAccountName)

So for instance to get information by a samaccountname I could do this:

C:\> Get-ADUser -Identity dfrancis




DistinguishedName : CN=Daniel Franciscus,OU=Test,DC=domain,DC=com

Enabled           : True

GivenName         : Dan

Name              : Daniel Franciscus

ObjectClass       : user

ObjectGUID        : 68fbb9c6-bc5a-4892-8f93-5ba8ec523365

SamAccountName    : dfrancis

SID               : S-1-5-21-2099712884-232525161-946742744-8334

Surname           : Franciscus

UserPrincipalName : dfrancis@domain.com

Easy enough, right? Now, let us try something a little more interesting. With the -Filter parameter, we can specify how we want out output filtered. Here, I want to show any user who as a count of bad password greater than 7:

C:\>  Get-ADUser -Filter 'badpwdcount -ge 7' | Select-Object samaccountname




samaccountname

--------------

Guest

Test-1

TestUser2

TestUser3

TestUser4

Another task I do frequently is look at a specific organizational unit in Active Directory for certain information. In this scenario, I want to query a specific OU but only for users with the last name “Davis”:

C:\> Get-ADUser -Filter 'Surname -eq "Davis"' -SearchBase 'OU=Desktop,DC=domain,DC=com' -Properties *  | Select Displayname,Surname




Displayname    Surname

-----------    -------

Dan Davis      Davis

Brad Davis     Davis

Note that the attribute in Active Directory for last name is surname, so we use the –eq operator to find exactly the surname of “Davis.”

Searching Computer Information

Searching for computer information in AD is performed with the Get-ADComputer cmdlet. The parameters are very similar to Get-ADUser and work the same way. Here, I want to find the computer record associated with a specific IPv4 address:

C:\> Get-ADComputer -Filter 'IPv4Address -eq "172.16.67.155"'




DistinguishedName : CN=Test-1,OU=Staff,OU=Test,DC=domain,DC=com

DNSHostName       : Test-1.domain.com

Enabled           : True

Name              : Test-1

ObjectClass       : computer

ObjectGUID        : 68e597fe-631d-413d-9087-2cc806709c82

SamAccountName    : Test-1$

SID               : S-1-5-21-2099712884-232525161-946742744-11288

UserPrincipalName :

Here, I do the same command, but I want to find the SID for this particular machine as well. One of the great features of Get-ADComputer is that you can quickly find attributes in Active Directory, quite handy for things like finding an SID.

C:\> Get-ADComputer -Filter 'IPv4Address -eq "172.16.48.155"' | Select-Object SID




SID

---

S-1-5-21-2099712884-232525161-946742744-11243

Summary

If you work with Active Director often, the ActiveDirectory PowerShell module is something you need to be using. It will make you much more efficient at viewing and making changes in AD. PowerShell enables easy filtering of AD information and can give fascinating information.