I’ve decided to start an Active Directory series. I have discovered that when you search online for any AD related code everything points back to the Quest tools. I prefer to do everything natively and not rely on a third party tool kits that have to be installed. As an admin, I understand that we do rely on our workstations, but when you start needing to install third party tools on server you are entering dangerous ground. I wouldn’t want to explain that Exchange went down because I installed some tool that locked the server.
I have been using PowerShell since its inception and I still haven’t found an instance where I need to use the Quest tools. Sometimes it might be easier, but once you’ve created a well written function, it’s easy to copy and paste it into your next script. So I am going to base this series off of individual functions that can be added to scripts to work with AD.
We’ll start with the basic ones. The following functions can be used to pull all the server names and user name out of Active Directory. This can be modified to pull whatever property you’d like, but I find that either account name or ADSPath (the LDAP string) are the most useful. I use some variation of these in almost every script I make.
First, let’s look at pulling all AD servers. Now these are only for the domain that you are running it from. There is some extra work to do to change domains, but I’ll cover that in a later blog post. The basic idea is to create a directory searcher, then set a filter (or you will return every object in AD). Then you need to set the page size. That, basically, tells the searcher how many objects it can return in a single search, so if you set it to 1000 and you have 8000 total objects, it will run a total of 8 searches. This step can be skipped if you have a very small domain, but AD has a built in limit to how many objects can be returned in a single search. This value can be set by the admin, but 1000 works with default domains. Finally, you run the search and then return the property you want from the function.
$Searcher=New-Object System.DirectoryServices.DirectorySearcher
$Searcher.Filter="(&(objectcategory=computer)(operatingSystem=*Server*))"
$Searcher.PageSize = 1000
$Results=$Searcher.FindAll()
$Results | % {$_.Properties.name}
}
So, that’s it. You can drop this into your script and then run it with $servers = Get-ServerList
to get a list of all your server names. This function runs very quickly and can be put into any script to make things really easily.
However, part of what I am trying to get across is that these functions can be quickly changed to suite your needs. So this is the function very slightly changed to pull all the users instead. In this case the PageSize parameter really comes into use.
$Searcher=New-Object System.DirectoryServices.DirectorySearcher
$Searcher.Filter="(objectcategory=user)"
$Searcher.PageSize = 1000
$Results=$Searcher.FindAll()
$Results | % {$_.Properties.samaccountname}
}
More AD entries to come! You can find them via my blogs tags to the right.