Using PowerShell and the DirectorySearcher class

jvallery — Thu, 08 Apr 2010 22:34:41 +0000

I needed to locate the LDAP distinguished name of an individual user account in a remote domain via PowerShell. Assuming your script is running on a box that is part of a domain that has a trust to the remote domain we can do this by running a query against Active Directory with LDAP.

By using the DirectorySearcher class we can build complex LDAP queries to find objects in Active Directory. With this information you can do all kinds of fun scripting things.

Here is a sample script:



#Specify the search criteria
$samname = "jasonv"
$domain = "dev.lcl"

#Get a list of domains in the forest and grab the DN of the one matching the above parameter.
$forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$domain = $forest.Domains | ? {$_.Name -eq $domain}
$domainDN = $domain.GetDirectoryEntry().distinguishedName
Write-Output  "Found the remote domain, the full LDAP distinguished name is $DomainDN"

#Create an LDAP searcher object and pass in the DN of the domain we wish to query
$Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]"LDAP://$domainDN")

#Pass in the ceriteria we are searching for.
#In this case we're looking for users with a particular SAM name.
$Searcher.filter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName= $samname))"
$results = $Searcher.Findall()

#Loop through the results
Foreach($result in $results){
    $User = $result.GetDirectoryEntry()
    $userDN =  $user.DistinguishedName
    Write-Output "Found a user matching with the distingused name of $userDN"
}

Vallery.net » active directory

Using PowerShell and the DirectorySearcher class