Comments on: Managing Active Directory with Windows PowerShell http://www.powershellpro.com Sharing the Experience Wed, 07 Jan 2009 01:04:46 +0000 http://wordpress.org/?v=2.6.5 By: Ryan T. Hilton http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-240 Ryan T. Hilton Mon, 27 Oct 2008 22:51:25 +0000 http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-240 This would work for GaryM's question: $Search = New-Object DirectoryServices.DirectorySearcher([ADSI]“”) $Search.filter = “(&(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))” $Search.PageSize = 1000 [void]$Search.PropertiesToLoad.Add("cn"); [void]$Search.PropertiesToLoad.Add("distinguishedname"); $results = $Search.Findall() $results | select @{e={$_.properties.cn};n='name'},@{e={$_.properties.distinguishedname};n='distinguishedname'} This would work for GaryM’s question:

$Search = New-Object DirectoryServices.DirectorySearcher([ADSI]“”)
$Search.filter = “(&(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))”
$Search.PageSize = 1000
[void]$Search.PropertiesToLoad.Add(”cn”);
[void]$Search.PropertiesToLoad.Add(”distinguishedname”);

$results = $Search.Findall()
$results | select @{e={$_.properties.cn};n=’name’},@{e={$_.properties.distinguishedname};n=’distinguishedname’}

]]> By: Ryan T. Hilton http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-239 Ryan T. Hilton Mon, 27 Oct 2008 22:13:48 +0000 http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-239 GaryM, I know that this does not answer your question, but from my experience your query would require 1001 connections to the DC to perform the lookups. Once to perform the search and 1000 times to retrieve the DirectoryEntry of each user. You would be better off using the $Search.PropertiesToLoad.Add method to specify 'cn' and 'distinguishedname'. You could then use $User = $result.Properties followed by $User.cn, $User.distinguishedname As your PageSize grows this can cause some huge overhead. GaryM,
I know that this does not answer your question, but from my experience your query would require 1001 connections to the DC to perform the lookups. Once to perform the search and 1000 times to retrieve the DirectoryEntry of each user. You would be better off using the $Search.PropertiesToLoad.Add method to specify ‘cn’ and ‘distinguishedname’.

You could then use $User = $result.Properties followed by $User.cn, $User.distinguishedname

As your PageSize grows this can cause some huge overhead.

]]> By: Norman http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-157 Norman Thu, 17 Jul 2008 15:14:19 +0000 http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-157 Jesse- I'm confused. In a reply above, you say "By using [ADSI] you are telling PowerShell to use the ADSI provider, which is required…" but at the top of this tutorial, "LDAP" is described as "an ADSI provider." So is ADSI a provider, or LDAP, or is it both in a two-level arrangement? Jesse-
I’m confused. In a reply above, you say “By using [ADSI] you are telling PowerShell to use the ADSI provider, which is required…” but at the top of this tutorial, “LDAP” is described as “an ADSI provider.” So is ADSI a provider, or LDAP, or is it both in a two-level arrangement?

]]> By: GaryM http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-148 GaryM Thu, 03 Jul 2008 08:11:04 +0000 http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-148 Jesse, I have got the script below which outputs the two values to the screen, how can I get this to output in columns? I have tried numerous attempts with format-table without success. $Search = New-Object DirectoryServices.DirectorySearcher([ADSI]"") $Search.filter = "(&(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))" $Search.PageSize = 1000 $results = $Search.Findall() Foreach($result in $results){ $User = $result.GetDirectoryEntry() $user.cn,$user.distinguishedname } Jesse,

I have got the script below which outputs the two values to the screen, how can I get this to output in columns? I have tried numerous attempts with format-table without success.

$Search = New-Object DirectoryServices.DirectorySearcher([ADSI]“”)
$Search.filter = “(&(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))”
$Search.PageSize = 1000
$results = $Search.Findall()

Foreach($result in $results){
$User = $result.GetDirectoryEntry()
$user.cn,$user.distinguishedname
}

]]> By: Jesse Hamrick http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-146 Jesse Hamrick Tue, 01 Jul 2008 15:51:58 +0000 http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-146 Also, Computer and Users are not OUs but Containers (That didn't hit me at the time of my reply...). Use the following when binding: CN=Users,DC=uug,DC=vmc,DC=cc -and- CN=Computers... You should be able to enumerate these containers. Also, Computer and Users are not OUs but Containers (That didn’t hit me at the time of my reply…). Use the following when binding:
CN=Users,DC=uug,DC=vmc,DC=cc
-and-
CN=Computers…

You should be able to enumerate these containers.

]]> By: GaryM http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-145 GaryM Mon, 30 Jun 2008 18:57:12 +0000 http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-145 I think I worked it out, you cannot use this to enumerate against the default OU's Users and Computers; other OU's that have been created work fine. I think I worked it out, you cannot use this to enumerate against the default OU’s Users and Computers; other OU’s that have been created work fine.

]]> By: Jesse Hamrick http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-144 Jesse Hamrick Mon, 30 Jun 2008 15:45:18 +0000 http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-144 You are missing [ADSI] in your binding. Change your line of code to this and try again: $Searcher.SearchRoot = [ADSI]"LDAP://OU=Users,DC=uug,DC=vmc,DC=cc" By using [ADSI] you are telling PowerShell to use the ADSI provider, which is required... You are missing [ADSI] in your binding. Change your line of code to this and try again:
$Searcher.SearchRoot = [ADSI]“LDAP://OU=Users,DC=uug,DC=vmc,DC=cc”

By using [ADSI] you are telling PowerShell to use the ADSI provider, which is required…

]]> By: GaryM http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-143 GaryM Mon, 30 Jun 2008 11:42:49 +0000 http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-143 Jesse, Thanks for the reply, this is beginning to make more sense. One more question, I am able to search AD when binding to the root domain, however when trying any searches directed at specific OU's I am getting an error, even with your example scripts above. The code I am running is: $searcher = new-object DirectoryServices.DirectorySearcher $searcher.SearchRoot = "LDAP://OU=Users,DC=uug,DC=vcm,DC=cc" $searcher.filter = "(objectClass=user)" $Searcher.SearchScope = "OneLevel" $searcher.findall() and this outputs: Exception calling "Findall" with "0" argument(s) @There is no such object on the server." At c:\MyScripts\test.ps1:13 char:18 + $searcher.findall <<<< () Can you tell me where I am going wrong. I have tried numerous variations using different scripts from different sites without success and used different domains. Jesse,

Thanks for the reply, this is beginning to make more sense. One more question, I am able to search AD when binding to the root domain, however when trying any searches directed at specific OU’s I am getting an error, even with your example scripts above. The code I am running is:

$searcher = new-object DirectoryServices.DirectorySearcher
$searcher.SearchRoot = “LDAP://OU=Users,DC=uug,DC=vcm,DC=cc”
$searcher.filter = “(objectClass=user)”
$Searcher.SearchScope = “OneLevel”
$searcher.findall()

and this outputs:

Exception calling “Findall” with “0″ argument(s) @There is no such
object on the server.”
At c:\MyScripts\test.ps1:13 char:18 + $searcher.findall <<<< ()

Can you tell me where I am going wrong. I have tried numerous variations using different scripts from different sites without success and used different domains.

]]> By: Jesse Hamrick http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-138 Jesse Hamrick Thu, 26 Jun 2008 16:09:54 +0000 http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-138 Gary, Sure... The best way to explain it is to show you where the information lives on the MSDN. This link provides answers to what you wanted to know about using Active Directory Service Interface. http://msdn.microsoft.com/en-us/library/aa746512(VS.85).aspx Gary,
Sure… The best way to explain it is to show you where the information lives on the MSDN. This link provides answers to what you wanted to know about using Active Directory Service Interface.

http://msdn.microsoft.com/en-us/library/aa746512(VS.85).aspx

]]> By: GaryM http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-136 GaryM Thu, 26 Jun 2008 12:07:33 +0000 http://www.powershellpro.com/powershell-tutorial-introduction/powershell-tutorial-active-directory/#comment-136 Thank you for this set of tutorials, they have been very useful to someone who has done very little scripting. I'm beginning to make some progress, however I'm obviously missing something. I undertand the principal of methods however in you example script: $Class = "organizationalUnit" $OU = "OU=TestOU" $objADSI = [ADSI]"LDAP://DC=nwtraders,DC=msft" $objOU = $objADSI.create($Class, $OU) $objOU.setInfo() You use the .create and .setinfo methods. Can you explain where these come from in this example and what get-member command I would use to return this information. Many thanks in advance Thank you for this set of tutorials, they have been very useful to someone who has done very little scripting. I’m beginning to make some progress, however I’m obviously missing something. I undertand the principal of methods however in you example script:

$Class = “organizationalUnit”
$OU = “OU=TestOU”

$objADSI = [ADSI]“LDAP://DC=nwtraders,DC=msft”
$objOU = $objADSI.create($Class, $OU)
$objOU.setInfo()

You use the .create and .setinfo methods. Can you explain where these come from in this example and what get-member command I would use to return this information. Many thanks in advance

]]>