Steve Borba

My notes, I hope they help you, feel free to comment/add to them

Active Directory Info

every once in a while I need to get information from active directory, here are some of them:

DN of a user in ad:

$user = 'stevenb'
$getad = (([adsisearcher]"(&(objectCategory=User)(samaccountname=$user))").findall()).properties
$getad.distinguishedname
$getad.memberof
$getad.badpwdcount
[DateTime]::FromFileTime($getad.LastLogon)
$getad | fl

DN of a group:

$group = 'network-users'
$getad = (([adsisearcher]"(&(objectCategory=Group)(samaccountname=$group))").findall()).properties
$getad.distinguishedname.ToLower()
$getad.member
$getad.whenchanged

The next one will do it for domain trusts

$domainName = 'contoso'
$domainContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext("Domain", $domainName)
$domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($domainContext)
$root = $domain.GetDirectoryEntry()
$ds = [adsisearcher]$root
$ds.Filter = "(&(objectCategory=User)(sAMAccountname=$user))"
$de = $ds.FindOne()
$de = $de.GetDirectoryEntry() 

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>