Searching user accounts
The following code sample finds users whose job title starts with Sales and adds the users to a group.
- ADSI
-
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi") $containerDN = "CN=Users,DC=domain,DC=com" $groupDN = "CN=SalesGroup,CN=Groups,DC=domain,DC=com" # Connect to the Adaxes service $admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace" $admService = $admNS.GetServiceDirectly("localhost") $searcher = $admService.OpenObject("Adaxes://$containerDN", $NULL, $NULL, 0) $searcher.SearchFilter = "(&(objectCategory=person)(objectClass=user)(title=Sales*))" $searcher.SearchScope = "ADS_SCOPE_SUBTREE" try { # Execute search $searchResultIterator = $searcher.ExecuteSearch() # Add users to a group $group = $admService.OpenObject("Adaxes://$groupDN", $NULL, $NULL, 0) foreach ($searchResult in $searchResultIterator.FetchAll()) { $group.Add($searchResult.ADsPath) } } finally { # Release resources $searchResultIterator.Dispose() } - PowerShell
-
Import-Module Adaxes $containerDN = "CN=Users,DC=domain,DC=com" $identityGroup = "SalesGroup" # sAMAccountName # $identityGroup = "CN=SalesGroup,CN=Groups,DC=domain,DC=com" # DN # $identityGroup = "{EB5FEB21-E648-42AD-B86C-89D3C6807953}" # GUID # $identityGroup = "S-1-5-21-573937-2149998-410785" # SID Get-AdmUser -Filter {title -like "Sales*"} -SearchBase $containerDN ` -Server "domain.com" -AdaxesService localhost -SearchScope Subtree | ` Add-AdmPrincipalGroupMembership -MemberOf $identityGroup
The following code sample finds disabled user accounts and outputs their names.
- ADSI
-
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi") $containerDN = "CN=Users,DC=domain,DC=com" # Connect to the Adaxes service $admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace" $admService = $admNS.GetServiceDirectly("localhost") $searcher = $admService.OpenObject("Adaxes://$containerDN", $NULL, $NULL, 0) $searcher.SearchFilter = "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))" $searcher.SearchScope = "ADS_SCOPE_SUBTREE" try { # Execute search $searchResultIterator = $searcher.ExecuteSearch() foreach ($searchResult in $searchResultIterator.FetchAll()) { $userPath = $searchResult.AdsPath $user = $admService.OpenObject($userPath, $NULL, $NULL, 0) Write-Host $user.Name } } finally { # Release resources $searchResultIterator.Dispose() } - PowerShell
-
Import-Module Adaxes $containerDN = "CN=Users,DC=domain,DC=com" $users = Search-AdmAccount -AccountDisabled -UsersOnly ` -SearchBase $containerDN -SearchScope Subtree ` -Server "domain.com" -AdaxesService localhost foreach ($user in $users) { Write-Host $user.Name }
The following code sample finds expired user accounts and outputs their names.
- ADSI
-
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi") $containerDN = "CN=Users,DC=domain,DC=com" # Connect to the Adaxes service $admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace" $admService = $admNS.GetServiceDirectly("localhost") $searcher = $admService.OpenObject("Adaxes://$containerDN", $NULL, $NULL, 0) $currentDate = (Get-Date).ToFileTime() $searcher.SearchFilter = "(&(objectCategory=person)(objectClass=user)(accountExpires>=1)(accountExpires<=$currentDate))" $searcher.SearchScope = "ADS_SCOPE_SUBTREE" try { # Execute search $searchResultIterator = $searcher.ExecuteSearch() foreach ($searchResult in $searchResultIterator.FetchAll()) { $userPath = $searchResult.AdsPath $user = $admService.OpenObject($userPath, $NULL, $NULL, 0) Write-Host $user.Name } } finally { # Release resources $searchResultIterator.Dispose() } - PowerShell
-
Import-Module Adaxes $containerDN = "CN=Users,DC=domain,DC=com" $users = Search-AdmAccount -AccountExpired -UsersOnly ` -SearchBase $containerDN -SearchScope Subtree ` -Server "domain.com" -AdaxesService localhost foreach ($user in $users) { Write-Host $user.Name }
See also
- Writing ADSI scripts
- Server-side scripting
- IAdmDirectorySearcher
- IAdmSearchResultIterator
- IAdmSearchResult
- Online script repository