Quering Active Directory using PowerShell

Active Directory query. Every Windows administrator has had the need to get a list of objects using some kind of criteria to create a report or update them in one batch.

Fortunatelly, Microsoft provides a PowerShell module to interact with Active Directory as part of the RSAT tools and this module is installed by default on the Domain Controllers. The commands in this module interact with the Domain Controller using the Active Directory Web Services.

But what if you are not logged on to a Domain Controller or you don't have RSAT installed? There is a way to query the Domain Controller and get the information you want, without the limitations of the Web Services and in a much faster way using .NET.

First, we have to create a DirectorySearcher object and configure it's LDAP filter. Calling any of the find methods will return the results for the specified filter. On the following example, I'm using FindOne() to get my account.


Keep in mind that you can configure the DirectorySearcher to use a specific Domain Controller and even use credentials other that the logged on user to access it. This is especially useful when querying remote domains and forests.

In order to increase the performance of the query and lower the load on the Domain Controller, you can specify the properties of the object to be returned by the query using the PropertiesToLoad property.


We know that the UserPrincipalName attribute is unique across a domain and the result will contain no more than one objects, but what happens when there might be multiple objects that match the LDAP query? In such cases, we have to use FindAll() instead of FindOne().

If for example we wanted to get a list of the mailboxes that contain the word "test" in their name we would use the following:


Here, we are getting an array of objects, with the properties we've specified. Note that apart from the change in the search function, I've also configured the PageSize property of the DirectorySearcher object with a value greater that zero in order not to page the results.

That's nice but how can we make it a little easier to work with in terms of the object and it's properties? With a few lines of code we can create a custom PowerShell object that will be much easier to work with.

First, I'm going to update the command that get the object by saving the names of the properties to get from Active Directory to a variable in order to have them available later on.


To create the custom object, we'll first create a hash table to hold the properties and their values. Then for each property we want in the end result - this this why we created the array in the previous step - we check the number of items in the respective property of the object returned by the search and add a new pair to the hash table. Finally, we create a custom object:


As you can see, the proxyAddresses attribute which is multi-valued is an array and the msExchExtensionCustomAttribute1 that is clear in Active Directory has a null value on the object.

Now what about updating an object? You can set the value for an object's attribute using the object returned by the DirectorySearcher and then update the object using the CommitChanges method.


I hope you'll find the above methods useful!

Popular posts from this blog

Domain Controller Machine Password Reset

Configuring a Certificate on Exchange Receive Connector

Running Multiple NGINX Ingress Controllers in AKS