{"id":3979,"date":"2013-03-23T00:01:00","date_gmt":"2013-03-23T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2013\/03\/23\/weekend-scripter-explore-ad-ds-attributes-with-powershell\/"},"modified":"2013-03-23T00:01:00","modified_gmt":"2013-03-23T00:01:00","slug":"weekend-scripter-explore-ad-ds-attributes-with-powershell","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/weekend-scripter-explore-ad-ds-attributes-with-powershell\/","title":{"rendered":"Weekend Scripter: Explore AD DS Attributes with PowerShell"},"content":{"rendered":"

Summary<\/strong>: Microsoft Scripting Guy, Ed Wilson, talks about using Windows PowerShell to discover the names of attributes in Active Directory Domain Services.<\/p>\n

Microsoft Scripting Guy, Ed Wilson, is here. One of the great things about writing a blog is the comments I receive. Most of the time the comments add illuminating information, express thanks for a topic, or offer thoughts to contemplate further exploration. Today’s blog is a result of one of those comments. Thomas Brevig offered a way to find the name of an attribute in Active Directory Domain Services (AD DS)<\/a> if he knew the value of the attribute. <\/span>I thought the technique was great, and it showed that by piping Windows PowerShell pieces together, powerful solutions are easily built.<\/p>\n

But I decided to see if I could find a different way to perform the search. The trick is that I access the underlying PSObject. So, the first thing I do is grab a user object with which I am interested in working. For this, I use the Get-ADUser<\/strong> cmdlet from the Active Directory module, and I choose all of the properties from the object. This command is shown here.<\/p>\n

$user = get-aduser -filter “name -eq ‘ed wilson'” -Properties *<\/p>\n

If I use the Get-Member<\/strong> cmdlet to look at the user object stored in the $user<\/strong> variable the PSObject<\/strong> <\/em>property does not appear. To see this, I must add the Force<\/strong> <\/em>parameter to the Get-Member<\/strong> command. This technique is shown here.<\/p>\n

$user | gm –Force<\/p>\n

The command and its associated output are shown in the image that follows.<\/p>\n

\"Image<\/a><\/p>\n

Now, I access the PSObject<\/strong> <\/em>property directly from the user object as shown here.<\/p>\n

PS C:\\> $user.psobject<\/p>\n

 <\/p>\n

Members             : {AccountExpirationDate, accountExpires, AccountLockoutTime,<\/p>\n

                      AccountNotDelegated…}<\/p>\n

Properties          : {AccountExpirationDate, accountExpires, AccountLockoutTime,<\/p>\n

                      AccountNotDelegated…}<\/p>\n

Methods             : {string get_GivenName(), void set_GivenName(string value),<\/p>\n

                      string get_Surname(), void set_Surname(string value)…}<\/p>\n

ImmediateBaseObject : CN=ed wilson,OU=Charlotte,DC=iammred,DC=net<\/p>\n

BaseObject          : CN=ed wilson,OU=Charlotte,DC=iammred,DC=net<\/p>\n

TypeNames           : {Microsoft.ActiveDirectory.Management.ADUser,<\/p>\n

                      Microsoft.ActiveDirectory.Management.ADAccount,<\/p>\n

                      Microsoft.ActiveDirectory.Management.ADPrincipal,<\/p>\n

                      Microsoft.ActiveDirectory.Management.ADObject…}<\/p>\n

I access the Properties<\/strong> of the PSObject<\/strong> <\/em>directly, and I get back a bunch of information about each of the properties stored in the collection. The command is shown here.<\/p>\n

$user.psobject.Properties<\/p>\n

The command and its associated output are shown in the following image.<\/p>\n

\"Image<\/a><\/p>\n

This lets me know that the attribute name appears in the Name<\/strong> <\/em>property and the value in the Value<\/strong> <\/em>property. By using this information, I come up with the following command.<\/p>\n

PS C:\\> $user.psobject.Properties | ? value -match ‘charlotte’ | select name, value<\/p>\n

 <\/p>\n

Name                                       Value<\/p>\n

—-                                       —–<\/p>\n

CanonicalName                              iammred.net\/Charlotte\/ed wilson<\/p>\n

City                                       Charlotte<\/p>\n

DistinguishedName                          CN=ed wilson,OU=Charlotte,DC=iammred,D…<\/p>\n

l                                          Charlotte<\/p>\n

Office                                     Charlotte office<\/p>\n

physicalDeliveryOfficeName                 Charlotte office<\/p>\n

If I am doing this in Windows PowerShell 2.0, I would not use the simplified Where-Object<\/strong> syntax. Instead, the command would appear as:<\/p>\n

$user.psobject.Properties | ? {$_.value -match ‘charlotte’} | select name, value<\/p>\n

I invite you to follow me on Twitter<\/a> and Facebook<\/a>. If you have any questions, send email to me at scripter@microsoft.com<\/a>, or post your questions on the Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.<\/p>\n

Ed Wilson, Microsoft Scripting Guy<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Summary: Microsoft Scripting Guy, Ed Wilson, talks about using Windows PowerShell to discover the names of attributes in Active Directory Domain Services. Microsoft Scripting Guy, Ed Wilson, is here. One of the great things about writing a blog is the comments I receive. Most of the time the comments add illuminating information, express thanks for […]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,3,303,61,45],"class_list":["post-3979","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-scripting-guy","tag-searching","tag-weekend-scripter","tag-windows-powershell"],"acf":[],"blog_post_summary":"

Summary: Microsoft Scripting Guy, Ed Wilson, talks about using Windows PowerShell to discover the names of attributes in Active Directory Domain Services. Microsoft Scripting Guy, Ed Wilson, is here. One of the great things about writing a blog is the comments I receive. Most of the time the comments add illuminating information, express thanks for […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/3979","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=3979"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/3979\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=3979"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=3979"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=3979"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}