Active Directory support in PowerShell

01-11-2007

I read that Powershell can access and navigate many different hierarchcial
data stores such as the Registry, environemnt variables, certificates. Does
PowerShell provide, "out of the box" support for accessing and navigating
Active Directory?

Thanks,

Bill

01-11-2007

AD support in Powershell is through the ADSI and .NET [system.directoryservices] class. Currently there is no psdrive provider for Active Directory support.

Examples to get you started:

$de = [adsi]"LDAP://CN=Someone,OU=SpecificOU,DC=domain,DC=com"

You can do a

$de | gm

to see the properties and methods available for the entry.

In addition, you can do 'searches' using directoryservices.directorysearcher like so:

$ldapQuery = "(&(objectCategory=person)(objectClass=user))"
$de = new-object system.directoryservices.directoryentry -argumentlist "LDAP://OU=SpecificOU,DC=domainDC=com"
$ads = new-object system.directoryservices.directorysearcher -argumentlist $de,$ldapQuery
$g = $ads.findall()

This will return only objects with ObjectCategory = person and ObjectClass = user under the SpecificOU. If you want to further filter that to exclude disabled users, change $ldapQuery to:

$ldapQuery = "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
$de = new-object system.directoryservices.directoryentry -argumentlist "LDAP://OU=SpecificOU,DC=domainDC=com"
$ads = new-object system.directoryservices.directorysearcher -argumentlist $de,$ldapQuery
$g = $ads.findall()

Now you have just a list of non-disabled users. The one thing to keep in mind is that this is simply a SearchResult. If you want access to the *actual* directory entry you can do the following:

$direntry = [adsi]$g[0].path

--

gaurhoth
http://gaurhothw.spaces.live.com/

"bill" <bill@discussions.microsoft.com> wrote in message news:5209055A-EDA4-4A20-BC89-44B58A165BCA@microsoft.com...
>I read that Powershell can access and navigate many different hierarchcial
> data stores such as the Registry, environemnt variables, certificates. Does
> PowerShell provide, "out of the box" support for accessing and navigating
> Active Directory?
>
> Thanks,
>
> Bill

01-11-2007	#1 (permalink)
bill Guest n/a posts	Active Directory support in PowerShell I read that Powershell can access and navigate many different hierarchcial data stores such as the Registry, environemnt variables, certificates. Does PowerShell provide, "out of the box" support for accessing and navigating Active Directory? Thanks, Bill
My System Specs

01-11-2007	#2 (permalink)
Gaurhoth Guest n/a posts	Re: Active Directory support in PowerShell AD support in Powershell is through the ADSI and .NET [system.directoryservices] class. Currently there is no psdrive provider for Active Directory support. Examples to get you started: $de = [adsi]"LDAP://CN=Someone,OU=SpecificOU,DC=domain,DC=com" You can do a $de \| gm to see the properties and methods available for the entry. In addition, you can do 'searches' using directoryservices.directorysearcher like so: $ldapQuery = "(&(objectCategory=person)(objectClass=user))" $de = new-object system.directoryservices.directoryentry -argumentlist "LDAP://OU=SpecificOU,DC=domainDC=com" $ads = new-object system.directoryservices.directorysearcher -argumentlist $de,$ldapQuery $g = $ads.findall() This will return only objects with ObjectCategory = person and ObjectClass = user under the SpecificOU. If you want to further filter that to exclude disabled users, change $ldapQuery to: $ldapQuery = "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))" $de = new-object system.directoryservices.directoryentry -argumentlist "LDAP://OU=SpecificOU,DC=domainDC=com" $ads = new-object system.directoryservices.directorysearcher -argumentlist $de,$ldapQuery $g = $ads.findall() Now you have just a list of non-disabled users. The one thing to keep in mind is that this is simply a SearchResult. If you want access to the actual directory entry you can do the following: $direntry = [adsi]$g[0].path -- gaurhoth http://gaurhothw.spaces.live.com/ "bill" <bill@discussions.microsoft.com> wrote in message news:5209055A-EDA4-4A20-BC89-44B58A165BCA@microsoft.com... >I read that Powershell can access and navigate many different hierarchcial > data stores such as the Registry, environemnt variables, certificates. Does > PowerShell provide, "out of the box" support for accessing and navigating > Active Directory? > > Thanks, > > Bill
My System Specs

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
How do I delete an OU in Active Directory from Powershell.	Johannes L	PowerShell	3	05-19-2008 10:02 PM
active directory	Walser Mark	PowerShell	4	04-22-2008 08:55 AM
MIIS provisioning Active Directory with powershell script MA	Alex	PowerShell	0	05-25-2007 07:16 PM
Powershell & Active Directory	orphan	PowerShell	3	05-03-2007 04:33 AM
Active Directory	Lothar	PowerShell	7	12-14-2006 09:29 AM