How to Specify the Target of your Search when using Active Directory PowerShell

The Active Directory PowerShell cmdlets can be used to specify either a single Active Directory object or multiple Active Directory objects whenever a cmdlet is used.

You can specify an object when using a Power Shell cmdlet in various ways. For example, you could specify the DN of an object, or its GUID, or its SamAccountName, or for that matter its SID. These cmdlets cn automatically identify a target object based on what you specify a long as you have specified one of the common attributes used to identify an object, such as its DN, GUID, SID, sAMAccountName or Name automatically.

(Its no rocket science actually. Its simply that under the hood the cmdlet will try to search for objects using a combination of attribute names along with the value specified, incorporating some basic intelligence ofcourse in that it has the ability to distinguish a GUID from a SID etc., and it uses the results of such searches to identify the object.)

In addition to being able to specify the value of a common attribute, it also lets you specify an LDAP filter, which it then dynamically calculates to determine the target. For example you could use the cmdlet Get-ADUser -LDAPFilter “(name=Scotty*) and in this case it would return a list of all domain user accounts whose name starts with Scotty.

No comments:

Post a Comment