Get-ADObject
There are many reasons to have to quickly search Active Directory for something specific. There are also scripts, tools, examples, and guidance enough to choke on. It can get a bit overwhelming to wade through all of that stuff. One of the long time Active Directory MVPs created a tool called ADFind which is awesome! You can find it on http://www.joeware.net. You can learn ADSI and VBScripting. You can go to http://technet.microsoft.com and search through ScriptCenter for samples and examples. There is some great stuff to be found.
Of course, I want to do this in PowerShell, specifically. Even in PowerShell there are multiple ways to go about this. Where to start? where to start? Oh yeah...
Get-Help
How do I find all of the AD commands? Get-Help may be able to help, it usually is.
PS c:\> Get-Help *comman*
Get-Command looks promising. First step is to look at the help content for the Get-Command cmdlet. You already know how to get that (Hint "Get-Help Get-Command -Full").
Of course get started with searching for cmdlets or if you already know where to start just read the help on that cmdlet. You can use the Get-Command cmdlet to begin narrowing down what you are looking for.
PS C:\> Get-Command -Module *activedi*
Find all the commands that have *activedi* in them. Want to know how many cmdlets are in the ActiveDirectory module?
PS C:\> Get-Command -Module *activedi* |Measure
There are lots, 135 from my list. I just want the 'get' commands. (We'll come back to the 'Measure' switch later)
PS C:\> Get-Command -Module *activedi* -verb Get
There are only 41 of those. A bit easier to look through. Let's take a look at Get-ADObject.
Time to learn.
PS c:\> Get-Help Get-ADObject -Full
There is a lot to read but it is well worth the time. Play around with the parameters.
Get-ADObject
The scenario that brought this up today was specific to something that we do at Specops Software. With our Self-Service Password Reset product we store the challenge response data securely in Active Directory. It creates a very thin solution that is super efficient. We have a reporting component to the tool that allows admins to look at how many users are enrolled, how many users are you licensed for and general health and well-being of the system. It is great. But what if you can't or don't want that much high-fidelity? What if you just want a quick look at the system. In this case we wanted to quickly look at a domain and find out how many users have enrolled in the Password Reset environment. We want to do this with the Get-ADObject cmdlet in PowerShell.
So, here is another really helpful tip for working with PowerShell. Run the following.
PS c:\> Show-Command Get-ADObject
This will open a dialog for the Get-ADObject command.
Each tab in the dialog represent a parameter set. these are all the parameters that work together. More on that later but to be clear you can't just choose any parameter or switch to go with any other ones. It is a bit more particular than that.
If a field has an asterick that means it is mandatory so you must fill it in.
For my example I'm just using the -Filter parameter. Enter your filter into the field in the command dialog box and click run. It will write the PowerShell command to the console and execute it. This is a fantastic way to figure out how to use certain cmdlets and ensure you get their syntax down properly.
My filter looked like this 'name -eq "specops-spp-pwdreset"'. When I clicked run it wrote the following to the console windows.
PS c:\> Get-ADObject -Filter 'name -eq "Specops-spp-pwdreset"'
It then looked at AD and returned all of the objects it found that met the filter. It wrote all of those objects to the screen. Not what you want I imagine. Now we go back to the 'Measure' switch from earlier. My friend and colleague, Darren shared this one with me. It was new to me and crazy helpful. Simply pipe to the 'Measure' switch and it just returns the number of objects returned by the cmdlet.
PS c:\> Get-ADObject -Filter 'name -eq "Specops-spp-pwdreset"' |Measure
Great stuff. yet another quick, repeatable solution to a real problem. There are surely other ways to get to this data but this one worked for us!
No comments:
Post a Comment