Searching user accounts¶
The following code sample finds users whose job title starts with Sales and adds the users to a group.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")
$containerDN = "CN=Users,DC=domain,DC=com"
$groupDN = "CN=SalesGroup,CN=Users,DC=domain,DC=com"
# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")
$searcher = $admService.OpenObject("Adaxes://$containerDN", $NULL, $NULL, 0)
$searcher.SearchFilter = "(&(objectCategory=person)(objectClass=user)(title=Sales*))"
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
try
{
# Execute search
$searchResultIterator = $searcher.ExecuteSearch()
# Add users to a group
$group = $admService.OpenObject("Adaxes://$groupDN", $NULL, $NULL, 0)
foreach ($searchResult in $searchResultIterator.FetchAll())
{
$group.Add($searchResult.ADsPath)
}
}
finally
{
# Release resources
$searchResultIterator.Dispose()
}
Import-Module Adaxes
$containerDN = "CN=Users,DC=domain,DC=com"
$identityGroup = "SalesGroup" # sAMAccountName
# $identityGroup = "CN=SalesGroup,CN=Users,DC=domain,DC=com" # DN
# $identityGroup = "{EB5FEB21-E648-42AD-B86C-89D3C6807953}" # GUID
# $identityGroup = "S-1-5-21-573937-2149998-410785" # SID
Get-AdmUser -Filter {title -like "Sales*"} -SearchBase $containerDN `
-Server "domain.com" -AdaxesService localhost -SearchScope Subtree | `
Add-AdmPrincipalGroupMembership -MemberOf $identityGroup
The following code sample finds disabled user accounts and outputs their names.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")
$containerDN = "CN=Users,DC=domain,DC=com"
# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")
$searcher = $admService.OpenObject("Adaxes://$containerDN", $NULL, $NULL, 0)
$searcher.SearchFilter = "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))"
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
try
{
# Execute search
$searchResultIterator = $searcher.ExecuteSearch()
foreach ($searchResult in $searchResultIterator.FetchAll())
{
$userPath = $searchResult.AdsPath
$user = $admService.OpenObject($userPath, $NULL, $NULL, 0)
Write-Host $user.Name
}
}
finally
{
# Release resources
$searchResultIterator.Dispose()
}
Import-Module Adaxes
$containerDN = "CN=Users,DC=domain,DC=com"
$users = Search-AdmAccount -AccountDisabled -UsersOnly `
-SearchBase $containerDN -SearchScope Subtree `
-Server "domain.com" -AdaxesService localhost
foreach ($user in $users)
{
Write-Host $user.Name
}
The following code sample finds expired user accounts and outputs their names.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")
$containerDN = "CN=Users,DC=domain,DC=com"
# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")
$searcher = $admService.OpenObject("Adaxes://$containerDN", $NULL, $NULL, 0)
$currentDate = (Get-Date).ToFileTime()
$searcher.SearchFilter = "(&(objectCategory=person)(objectClass=user)(accountExpires>=1)(accountExpires<=$currentDate))"
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
try
{
# Execute search
$searchResultIterator = $searcher.ExecuteSearch()
foreach ($searchResult in $searchResultIterator.FetchAll())
{
$userPath = $searchResult.AdsPath
$user = $admService.OpenObject($userPath, $NULL, $NULL, 0)
Write-Host $user.Name
}
}
finally
{
# Release resources
$searchResultIterator.Dispose()
}
Import-Module Adaxes
$containerDN = "CN=Users,DC=domain,DC=com"
$users = Search-AdmAccount -AccountExpired -UsersOnly `
-SearchBase $containerDN -SearchScope Subtree `
-Server "domain.com" -AdaxesService localhost
foreach ($user in $users)
{
Write-Host $user.Name
}
See also¶
- Writing ADSI scripts
- Server-side scripting
- IAdmDirectorySearcher
- IAdmSearchResultIterator
- IAdmSearchResult
- Online script repository