Searching user accounts
The following code sample finds users whose job title starts with Sales and adds the users to a group.
- ADSI
-
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi") $containerDN = "CN=Users,DC=domain,DC=com" $groupDN = "CN=SalesGroup,CN=Groups,DC=domain,DC=com" # Connect to the Adaxes service $ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace" $service = $ns.GetServiceDirectly("localhost") $searcher = $service.OpenObject("Adaxes://$containerDN", $null, $null, 0) $searcher.Criteria = New-AdmCriteria "user" {title -startsWith "Sales"} $searcher.SearchScope = "ADS_SCOPE_SUBTREE" try { # Execute search $searchResultIterator = $searcher.ExecuteSearch() # Add users to a group $group = $service.OpenObject("Adaxes://$groupDN", $null, $null, 0) foreach ($searchResult in $searchResultIterator.FetchAll()) { $group.Add($searchResult.ADsPath) } } finally { # Release resources $searchResultIterator.Dispose() } - PowerShell
-
Import-Module Adaxes $containerDN = "CN=Users,DC=domain,DC=com" $identityGroup = "SalesGroup" # sAMAccountName # $identityGroup = "CN=SalesGroup,CN=Groups,DC=domain,DC=com" # DN # $identityGroup = "{EB5FEB21-E648-42AD-B86C-89D3C6807953}" # GUID # $identityGroup = "S-1-5-21-573937-2149998-410785" # SID Get-AdmUser -Filter {title -like "Sales*"} -SearchBase $containerDN ` -Server "domain.com" -AdaxesService localhost -SearchScope Subtree | ` Add-AdmPrincipalGroupMembership -MemberOf $identityGroup
The following code sample finds disabled user accounts and outputs their names.
- ADSI
-
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi") $containerDN = "CN=Users,DC=domain,DC=com" # Connect to the Adaxes service $ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace" $service = $ns.GetServiceDirectly("localhost") $searcher = $service.OpenObject("Adaxes://$containerDN", $null, $null, 0) $searcher.Criteria = New-AdmCriteria "user" {accountDisabled -eq $true} $searcher.SearchScope = "ADS_SCOPE_SUBTREE" try { # Execute search $searchResultIterator = $searcher.ExecuteSearch() foreach ($searchResult in $searchResultIterator.FetchAll()) { $userPath = $searchResult.AdsPath $user = $service.OpenObject($userPath, $null, $null, 0) Write-Host $user.Name } } finally { # Release resources $searchResultIterator.Dispose() } - PowerShell
-
Import-Module Adaxes $containerDN = "CN=Users,DC=domain,DC=com" $users = Search-AdmAccount -AccountDisabled -UsersOnly ` -SearchBase $containerDN -SearchScope Subtree ` -Server "domain.com" -AdaxesService localhost foreach ($user in $users) { Write-Host $user.Name }
The following code sample finds expired user accounts and outputs their names.
- ADSI
-
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi") $containerDN = "CN=Users,DC=domain,DC=com" # Connect to the Adaxes service $ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace" $service = $ns.GetServiceDirectly("localhost") $searcher = $service.OpenObject("Adaxes://$containerDN", $null, $null, 0) $searcher.Criteria = New-AdmCriteria "user" {accountExpires -expired $true} $searcher.SearchScope = "ADS_SCOPE_SUBTREE" try { # Execute search $searchResultIterator = $searcher.ExecuteSearch() foreach ($searchResult in $searchResultIterator.FetchAll()) { $userPath = $searchResult.AdsPath $user = $service.OpenObject($userPath, $null, $null, 0) Write-Host $user.Name } } finally { # Release resources $searchResultIterator.Dispose() } - PowerShell
-
Import-Module Adaxes $containerDN = "CN=Users,DC=domain,DC=com" $users = Search-AdmAccount -AccountExpired -UsersOnly ` -SearchBase $containerDN -SearchScope Subtree ` -Server "domain.com" -AdaxesService localhost foreach ($user in $users) { Write-Host $user.Name }
See also
- Writing ADSI scripts
- Server-side scripting
- How to build criteria
- IAdmDirectorySearcher
- IAdmSearchResultIterator
- IAdmSearchResult
- Online script repository