Powershell to search DN for users

Here's how to search through multiple domains in a forest.
http://halfloaded.com/blog/powershell-using-posh-to-search-across-multiple-domains-in-forest/

Here's how to get the DN from the SAMACCOUNTNAME
http://blogs.technet.com/b/benp/archive/2007/03/26/searching-the-active-directory-with-powershell.aspx

put them together and you got yourself your script.

I am newbie to powershell. Can you help on combining them together?

Thanks

Hi Chandru,

Check with the below script.

Please CSV in "c:\temp\user.csv"

Regards,
Prem

#Importing Active Directory Module in PowerShell
Import-Module ActiveDirectory
#Forest Wide Search Function
Function ForestWideSearch([String]$Filter)
{
  Foreach ($Domain in (Get-ADForest).Domains)
#Listing the Domains in a Forest
{
$Domain = (Get-ADDomain $Domain).DNSRoot
#Performing Search Operation per Domain
$Objects = Get-ADObject -LDAPFilter $Filter -Server $Domain -Properties *
Foreach ($Object in $Objects)
{
#Perform any Operation
Write-Host $Object.name $Object.distinguishedname
}
}
}
#LDAP Filter
$userobjects = import-csv c:\temp\user.csv
ForEach ( $userobject in $userobjects ) {
$samid = $userobject.samaccountname
}
$Filter = "(&(objeCtcategory=Person)(objectClass=User)(samaccountname=$samid))"
#Calling the Function
ForestWideSearch $Filter

Select allOpen in new window

Hope you are doing good! :-)

Thanks Prem. I will check and get back to you

Get-ADObject : The search filter cannot be recognized. i get this error

This should work..Replace Domain.com with your root forest..

Connect-QADService Domain.com -GC
Import-Csv C:\input.csv | %{Get-QADUser $_.sAMAccountName | Select sAMAccountName,DN} | Export-Csv C:\report.csv -NoTypeInformation

Select allOpen in new window

Sample CSV file

sAMAccountName
User1
User2
User3
User4

Select allOpen in new window

Will it be able to pull all attributes or only attributes replicated to GC. Can i also use this to export managers for users?

Only works for domain where my username exist and not for all domains. I have users from all domains in csv file

If use replace Domain.com with you root domain then it should work. It will give you manager..

I tried and it doesn't seem to work and doesn't pull details from other domains

It did work for me in my multidomain enviornment..  I can collect user information from 7 different domains (Same forest).. :-)

What if you run against single user from different domain?

Connect-QADService Domain.com -GC
Get-QADUser Testuser

Select allOpen in new window

Sorry Subsun i tried and it doesn't seem to bring user in other domain. Is there any pre-requisites for this to work

I can see it is trying to connect to default naming context of domain where i am connected and brings back blank result

Anyway to find out why?

You just need read permission on all domain objects.. Are you able to search the objects in ADUC?

What is the result you get when you run Connect-QADService Domain.com -GC

I think by default all users have read permission in AD. Yes i am able to search user in ADUC
DefaultNamingContext                               Type            
--------------------                               ----            
DC=child,DC=parent,DC=com                             ActiveDirectory

DC=child,DC=parent,DC=com, is this your root domain? where is the user located? I mean what is the user domain name?

Say for example i have below structure

parent.com
Child1.parent.domain.com
Child2.parent.domain.com
Child3.parent.domain.com
Child4.parent.domain.com

User was in Child3.parent.domain.com

Machine from where i am running script is connected to Child1.parent.domain.com and user who is running script is from child1.parent.domain.com

What is the result of..

Connect-QADService parent.com -GC
Get-QADUser Testuser

Select allOpen in new window

or

Connect-QADService  parent.domain.com -GC
Get-QADUser Testuser

Select allOpen in new window

Sorry it is not parent.domain.com (just parent.com) :-)

if root is parent.com then child should be like  Child1.parent.com.. and you should connect to parent.com

Yes tried same but it is connecting to defaultnamingcontext child1.parent.com

Well that's a problem then..  Try this..

Import-Csv C:\input.csv | %{Get-QADUser $_.sAMAccountName -SearchRoot "DC=parent,DC=com" -UseGlobalCatalog | Select sAMAccountName,DN} | Export-Csv C:\report.csv -NoTypeInformation

Select allOpen in new window

I will try this now. Any idea why that is happening?

Not sure .. I am running scripts from computer connected to my parent domain,.. may be due to that I am getting all details.. never tried on a computer which is in child domain..

it works but something weird

Username for example user1 is pulled for a user list in csv but samaccountname is user

You can run
Get-QADUser user1 -SearchRoot "DC=parent,DC=com" -UseGlobalCatalog | FL
and check..

Definitely pulling wrong user

Child1.parent.com - Test1_ad (samaccountname)

Child2.parent.com - Test1 (samaccountname)

i am checking for samaccountname test1 but it is brining test1_ad

Add -SamAccountName parameter, then it won’t give you the wrong user..

Import-Csv C:\input.csv | %{Get-QADUser -SamAccountName  $_.sAMAccountName -SearchRoot "DC=parent,DC=com" -UseGlobalCatalog | Select sAMAccountName,DN} | Export-Csv C:\report.csv -NoTypeInformation

Select allOpen in new window

Checking this now...


Can you please help on this question as well?

https://www.experts-exchange.com/questions/27996820/Vbscript-to-update-AD-attributes.html

Thanks

Can this be used for exporting all attributes or only attributes replicate to GC?

Thanks

Only attributes which are thre in GC.. You can run the following command and see the available attributes

Get-QADUser user1 -SearchRoot "DC=parent,DC=com" -UseGlobalCatalog -IncludeAllProperties | FL

Select allOpen in new window

I assume no other way of getting other attributes or is there still ways to get all attributes

Thanks

Wanted to ask you you prefer Poweshell AD or Quest AD?

It will be really helpful if you could check other question too

You can get all attributes.. which attribute you want?.. :-)

i would like to document all attributes or know of ways for some attributes and i can add them in future

extensionattributes
manager
telephone

etc....

Thanks! I will try and let you know

what is the difference between Quest AD and Powershell AD?

Best way to start learning powershell. I am sure it is worth learning powershell but where to start is question

Thanks

I love Powershell and its potential and flexibility. Please guide me to go in right way to learn

:-)

Thanks

what is the difference between Quest AD and Powershell AD?

*QAD* cmdlets are from Quest: http://wwww.quest.com/powershell 
And *AD* cmdlets are from Microsoft (Windows 2008 R2 and later)..
Both have different parameters to use but you can get same output from both (Property name may differ but values will be same.. :-))..

I love Powershell and its potential and flexibility. Please guide me to go in right way to learn

I thought you already started, I had given you some reference book in last question..
Best way to learn is to start scripting.. The more you do the more you learn... :-).  I am learning a lot by helping you guys...

Following article should help..
http://social.technet.microsoft.com/wiki/contents/articles/183.windows-powershell-survival-guide.aspx

Thanks Subsun!! Appreciated

Have been really very busy with full time job. I am trying to find sometime soon to get hands on this and start helping and learn


Thanks again! :-)