active directory

Posted on 2016-10-24
Last Modified: 2016-10-24
PS C:\UsersUSERXXX> get-aduser -filter {objectclass -like "user"} | Measure-Object

I  just ran above  count on objectclass like “user” and it returned 8531 objects

and I ran Get-ADObject -Filter {name -like '*'} -SearchBase 'CN=Schema,CN=Configuration,DC=Fabrikam,DC=COM' -ResultSetSize $null | Measure-Object  and it gave 2786 objects

so what is the difference between those 2
Question by:pramod1
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
LVL 22

Expert Comment

by:Joseph Moody
ID: 41857295
The first one is only getting objects which are users. The second is getting every object in AD but only under the schema container.

Author Comment

ID: 41857299
so the 1st one is getting all users  who are contacts users and users in domain who re also in schema?

and 2nd one is pulling users from only schema ? can you elaborate

Author Comment

ID: 41857304
I mean all objects are in schema
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 41857332
so from where other objects are being pulled in 1st command
LVL 22

Expert Comment

by:Joseph Moody
ID: 41857338
everywhere in the first command. It doesn't have a searchbase parameter so it searches the entire domain.

Author Comment

ID: 41857354
I still didn't get it

1st command searches entire domain -that is fine

but the 2nd command searches users in schema only but all users I think are in schema>
LVL 40

Expert Comment

ID: 41857391
First command gives count of user objects for entire domain. Also Get-ADuser list only user objects so using -filter {objectclass -like "user"} will not do anything.

Second command lists all objects under 'CN=Schema' container, it does not contain any users objects. Schema container stores class and attribute definitions for all existing and possible Active Directory objects.
Ref :

To get user count using Get-ADObject, Try..
Get-ADObject -Filter {ObjectClass -eq "user" -and ObjectCategory -eq "Person"} | Measure

Open in new window


Author Comment

ID: 41857431
1) Get-ADObject -Filter * -this pulled 16421 user objects
2)get-aduser -filter {objectclass -like "user"} | Measure-Object-  thsi pulled 8531 user objects
3) ADObject -Filter {name -like '*'} -SearchBase 'CN=Schema,CN=Configuration,DC=Fabrikam,DC=COM' -ResultSetSize $null | Measure-Object  -2786 objects

2nd one gave all user objects in domain-8531 user objects
3rd one gave all objects and attributes -2786 user objects in schema container

so how come 1st one gave -16421?
LVL 40

Accepted Solution

Subsun earned 500 total points
ID: 41857450
First command lists all objects not just users object..

Second command list just user objects..

Third command doesn't list any users objects, it lists the objects contains in schema container as I explained in my previous comment.

Hope it's clear..

Featured Post

Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question