Solved

Using Powershell against Active Directory

Posted on 2010-11-15
8
643 Views
Last Modified: 2012-05-10
Hi

When we had Windows 2003 servers, I used the Quest ActiveRoles product quite a lot to run Powershell written queries against our Active Directory.

We now have Windows 2008 R2 servers, and I understand those commands are included in the native Powershell installation?

I was wondering someone could help me with a query I had -

We have about 500 service accounts in our AD, all starting with the word "service". They are also located in the same OU (domain>Special>Service)

I would like to run a Powershell query to list all of this accounts into a text file. I would also like there to be a carriage return after each entry.

Does anyone know how I can achieve this?
0
Comment
Question by:tomd1976
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 27

Expert Comment

by:KenMcF
ID: 34138766

the 2008R2 cmdlets are real similar to the ones quest has

get-aduser -searchbase "OU=Service,OU=Special,DC=Domain,DC=local" -Filter * | select name | export-csv c:\servcieaccounts.csv
0
 
LVL 5

Assisted Solution

by:daveTechSearch
daveTechSearch earned 100 total points
ID: 34138950
I believe you also need to use the AD Management gateway service on at least one DC:
http://technet.microsoft.com/en-us/magazine/ee914610.aspx

Tutorial on managing AD with the cmdlets (video):
http://technet.microsoft.com/en-us/windowsserver/ff730325.aspx

Download for the web service:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=008940c6-0296-4597-be3e-1d24c1cf0dda&displaylang=en
0
 
LVL 5

Accepted Solution

by:
mittermueller earned 200 total points
ID: 34139104
Get-ADUser -Filter { CN -like "Service*" } | select name | export-csv c:\sas.csv
0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 

Author Comment

by:tomd1976
ID: 34139612
Thanks all

With Quest, I needed to attach to a DC/GC with a user account, do I need to do that here too?
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34139656
If you are running from your workstation you have a few options

1. use windows 7 or 2008R2 and add the AD module
import-module activedirectory

2. Use WinRM to remote into the DC if you have that enabled.
0
 

Author Comment

by:tomd1976
ID: 34139952
Thanks all, I used this and it works fine:

Get-ADUser -Filter { CN -like "Service*" } | select name | export-csv c:\sas.csv

A couple of related questions...

If I run:

Get-ADUser -Filter { CN -like "Service*" }

Then I get a list of account with the word "service" in them.  Couple of questions/;

1. Is it possible to have the search query look for entries that start with "service" rather than just contain it?

2.  The results only show certain attributes? How can I expand that to include attributes such as email address?
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 200 total points
ID: 34139986
You can use this depending on how the account are setup.

Get-ADUser -Filter { Name -like "Service*" }

To get other attribues

Get-ADUser -Filter { Name -like "Service*" } -properties mail  | select Name, mail

0
 

Author Comment

by:tomd1976
ID: 34140066
Perfect, thanks so much!
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows 10 came with  a lot of built in applications, Some organisations leave them there, some will control them using GPO's. This Article is useful for those who do not want to have any applications in their image (example:me).
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question