Comments on: Managing Active Directory with Windows PowerShell

By: christopher

christopher — Fri, 04 Jun 2010 22:13:44 +0000

how would you change password expired to 180 days???

$objUser = [ADSI]“LDAP://CN=$,OU=$,OU=Users,DC=$,DC=$”
$objUser.put(”userAccountControl”, 8388608)
$objUser.SetInfo(180 days)

would this change all AD users to 180days for expired???

By: Hinek

Hinek — Wed, 24 Feb 2010 13:45:55 +0000

@Anthony: Just pipe your results to the Export-CSV CmdLet, like this:

$results | Export-CSV myexportfile.csv

By: Anthony

Anthony — Fri, 05 Feb 2010 01:26:51 +0000

This is a great series but I am stuck on detail that is killing me.

I want to create a CSV file from output of my search. If I use your search as an example, I feel like I should be able pipe $results into a series of commandlets and get a nice csv but I cannot get it to work. Any pointers?

By: Quentin

Quentin — Thu, 16 Jul 2009 00:29:25 +0000

Thanks for the great series.

Did the promised Advanced Tutorials ever eventuate?

By: Joe Pool

Joe Pool — Mon, 18 May 2009 22:05:28 +0000

I can currently authenticate a person using their user ID and password, but I only know the person’s Full Name.

Can I authenticate using their Full Name and password?

Or, how can I query for their user ID?

By: Ryan T. Hilton

Ryan T. Hilton — Mon, 27 Oct 2008 22:51:25 +0000

This would work for GaryM’s question:

$Search = New-Object DirectoryServices.DirectorySearcher([ADSI]“”)
$Search.filter = “(&(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))”
$Search.PageSize = 1000
[void]$Search.PropertiesToLoad.Add(“cn”);
[void]$Search.PropertiesToLoad.Add(“distinguishedname”);

$results = $Search.Findall()
$results | select @{e={$_.properties.cn};n=’name’},@{e={$_.properties.distinguishedname};n=’distinguishedname’}

By: Ryan T. Hilton

Ryan T. Hilton — Mon, 27 Oct 2008 22:13:48 +0000

GaryM,
I know that this does not answer your question, but from my experience your query would require 1001 connections to the DC to perform the lookups. Once to perform the search and 1000 times to retrieve the DirectoryEntry of each user. You would be better off using the $Search.PropertiesToLoad.Add method to specify ‘cn’ and ‘distinguishedname’.

You could then use $User = $result.Properties followed by $User.cn, $User.distinguishedname

As your PageSize grows this can cause some huge overhead.

By: Norman

Norman — Thu, 17 Jul 2008 15:14:19 +0000

Jesse-
I’m confused. In a reply above, you say “By using [ADSI] you are telling PowerShell to use the ADSI provider, which is required…” but at the top of this tutorial, “LDAP” is described as “an ADSI provider.” So is ADSI a provider, or LDAP, or is it both in a two-level arrangement?

By: GaryM

GaryM — Thu, 03 Jul 2008 08:11:04 +0000

Jesse,

I have got the script below which outputs the two values to the screen, how can I get this to output in columns? I have tried numerous attempts with format-table without success.

Foreach($result in $results){
$User = $result.GetDirectoryEntry()
$user.cn,$user.distinguishedname
}

By: Jesse Hamrick

Jesse Hamrick — Tue, 01 Jul 2008 15:51:58 +0000

Also, Computer and Users are not OUs but Containers (That didn’t hit me at the time of my reply…). Use the following when binding:
CN=Users,DC=uug,DC=vmc,DC=cc
-and-
CN=Computers…

You should be able to enumerate these containers.