We help IT Professionals succeed at work.

Powershell ADSI Subtree Search

Nael_Shahid
Nael_Shahid asked
on
3,834 Views
Last Modified: 2008-01-09
How can I set the search scope to the entire subtree in this powershell script.

==================================================================
$domain = [ADSI]"LDAP://dc=domain_name,dc=com"
$users = $domain.psbase.children | where-object {$_.objectClass -match "user"}
==================================================================

I know there will be many ways to do this but I want to know the basic way as I am trying to understand and learn powershell.

Thanks
Comment
Watch Question

Commented:

What you want to use is DirectorySearcher. I assume your wanting all users.. try this

$dom = [ADSI]"LDAP://dc=corp,dc=bb,dc=lab"
$filter = "(&(objectcategory=user))"
$ds = new-object System.DirectoryServices.DirectorySearcher($dom,$filter)
$users = $ds.Findall()
$users

here is this in one line
$users = (new-object System.DirectoryServices.DirectorySearcher([ADSI]"LDAP://10.254.254.1/dc=corp,dc=bb,dc=lab","(&(objectcategory=user))")).findall()
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks for this.

Do you mind giving me a brief explanation of what is going on in this code?

Commented:
no problem. You can check my blog for more examples I deal with ADSI alot.

# This gets a directory entry for the domain
$dom = [ADSI]"LDAP://dc=corp,dc=bb,dc=lab"

# This is a string the represents the LDAP filter you want to pass
$filter = "(&(objectcategory=user))"

# This is creating a new directorySearcher object with the domain and filter to search
$ds = new-object System.DirectoryServices.DirectorySearcher($dom,$filter)

# This is executing the Searcher and putting results in $users
$users = $ds.Findall()

# this is outputing the users
$users


side note... if you have more than a 1000 users you need to add a pagesize value on the searcher like this
$ds.pagesize = 1000

This will go before the .findall()

Is this clear? Please let me know.

Author

Commented:
Yes this is a lot clearer thanks.

One question; in $filter where you use an ldap query, could you have used something like the Where-object {$_.objectClass -match "user"}?

The reason I ask is because I think I understand this way of doing things. I dont know how to write an LDAP query. Basically I want to learn how to use Powershell with AD by doing simple tasks first and building from there, but the introduction of LDAP queries seems to make it harder to learn?..    

Commented:
"One question; in $filter where you use an ldap query, could you have used something like the Where-object {$_.objectClass -match "user"}?"
Quick Answers: No

Slightly Longer Answer:
Where-object is a cmdlet that allows you to filter the results you get back, but it still parses the info.
and Ldap filter is parsed on the server side so you only get back the objects that match your filter (WAY FASTER.)

In this case you would have to dump all of AD just to find users... much better to have AD only return the user objects.

Author

Commented:
Hi - For some reason I can not get the script to work. When creating a script file with the above code I do not get any results.

Author

Commented:
Managed to get this working.

I was running the script then once it was finished I was then trying to list the objects by typing the variable but the variable didn't exist. Can you confirm the variable does not remain in the console once the script has executed?

Commented:
That is correct.. unless you capture the scripts output like

$results = c:\myscript.ps1

Commented:
May I suggest some reading... Keith Hill has a awesome series on his blog one of which explains how powershell deals with output.

http://keithhill.spaces.live.com 
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.