Filter When Searching For Certain Users In Active Directory?
For many Microsoft IT professionals, one of the first things they do with PowerShell is using it to perform tasks in Agile Directory.
PowerShell, for case, tin bring together computers to Active Directory, remove computers, and reset passwords amid many other tasks. One job in particular I perform a lot is searching Active Directory for user and computer data. Role of what makes PowerShell such equally great tool for this is the job it does filtering information out, such as simply searching for users in a specific department. In this article, I will go over some common things PowerShell can search for in Active Directory.
Searching User Information
Searching user information in AD can be done with the Get-ADUser cmdlet. Personally, I apply the -Identity parameter the most with this cmdlet, which allows you to pass these types of values:
- A distinguished name
- A GUID (objectGUID)
- A security identifier (objectSid)
- A SAM business relationship name (sAMAccountName)
So for instance to go data past a samaccountname I could do this:
C:\> Get-ADUser -Identity dfrancisDistinguishedName : CN=Daniel Franciscus,OU=Test,DC=domain,DC=com
Enabled : True
GivenName : Dan
Name : Daniel Franciscus
ObjectClass : user
ObjectGUID : 68fbb9c6-bc5a-4892-8f93-5ba8ec523365
SamAccountName : dfrancis
SID : S-1-5-21-2099712884-232525161-946742744-8334
Surname : Franciscus
UserPrincipalName : dfrancis@domain.com
Easy enough, right? Now, let usa endeavor something a little more interesting. With the -Filter parameter, we can specify how we want out output filtered. Here, I want to testify whatever user who as a count of bad password greater than seven:
C:\> Get-ADUser -Filter 'badpwdcount -ge 7' | Select-Object samaccountnamesamaccountname
--------------
Invitee
Test-one
TestUser2
TestUser3
TestUser4
Another task I do frequently is look at a specific organizational unit of measurement in Active Directory for sure information. In this scenario, I want to query a specific OU merely only for users with the concluding name "Davis":
C:\> Get-ADUser -Filter 'Surname -eq "Davis"' -SearchBase 'OU=Desktop,DC=domain,DC=com' -Properties * | Select Displayname,SurnameDisplayname Surname
----------- -------
Dan Davis Davis
Brad Davis Davis
Notation that the aspect in Agile Directory for last proper noun is surname, so we employ the –eq operator to detect exactly the surname of "Davis."
Searching Reckoner Information
Searching for computer information in AD is performed with the Get-ADComputer cmdlet. The parameters are very similar to Get-ADUser and work the same way. Here, I want to observe the reckoner record associated with a specific IPv4 address:
C:\> Get-ADComputer -Filter 'IPv4Address -eq "172.16.67.155"'DistinguishedName : CN=Test-1,OU=Staff,OU=Examination,DC=domain,DC=com
DNSHostName : Examination-1.domain.com
Enabled : True
Name : Exam-i
ObjectClass : figurer
ObjectGUID : 68e597fe-631d-413d-9087-2cc806709c82
SamAccountName : Exam-one$
SID : S-1-v-21-2099712884-232525161-946742744-11288
UserPrincipalName :
Hither, I do the same command, but I want to notice the SID for this item machine equally well. One of the cracking features of Get-ADComputer is that you can apace find attributes in Active Directory, quite handy for things like finding an SID.
C:\> Get-ADComputer -Filter 'IPv4Address -eq "172.sixteen.48.155"' | Select-Object SIDSID
---
S-1-v-21-2099712884-232525161-946742744-11243
Summary
If you work with Agile Manager ofttimes, the ActiveDirectory PowerShell module is something you need to be using. It will brand y'all much more efficient at viewing and making changes in AD. PowerShell enables easy filtering of AD data and tin give fascinating information.
Filter When Searching For Certain Users In Active Directory?,
Source: https://www.ipswitch.com/blog/searching-active-directory-with-powershell
Posted by: thorntonpeced2000.blogspot.com
0 Response to "Filter When Searching For Certain Users In Active Directory?"
Post a Comment