{"id":51433,"date":"2010-02-01T00:01:00","date_gmt":"2010-02-01T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2010\/02\/01\/hey-scripting-guy-how-can-i-use-windows-powershell-to-search-active-directory\/"},"modified":"2010-02-01T00:01:00","modified_gmt":"2010-02-01T00:01:00","slug":"hey-scripting-guy-how-can-i-use-windows-powershell-to-search-active-directory","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/hey-scripting-guy-how-can-i-use-windows-powershell-to-search-active-directory\/","title":{"rendered":"Hey, Scripting Guy! How Can I Use Windows PowerShell to Search Active Directory?"},"content":{"rendered":"<p class=\"MsoNormal\">&nbsp;<a class=\"addthis_button\" href=\"http:\/\/www.addthis.com\/bookmark.php?v=250&amp;pub=scriptingguys\"><img decoding=\"async\" alt=\"Bookmark and Share\" src=\"http:\/\/s7.addthis.com\/static\/btn\/v2\/lg-share-en.gif\" width=\"125\" height=\"16\"><\/a><\/p>\n<p class=\"MsoNormal\">&nbsp;<\/p>\n<p><img decoding=\"async\" title=\"Hey, Scripting Guy! Question\" border=\"0\" alt=\"Hey, Scripting Guy! Question\" align=\"left\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/q-for-powertip.jpg\" width=\"34\" height=\"34\"><\/p>\n<p class=\"MsoNormal\">Hey, Scripting Guy! I often need to search Active Directory Domain Services (AD DS) to find information about various computers. I may need to identify all of the computers in a particular organizational unit or all the computers who happen to reside in a particular office. Whatever the reason, using Active X Data Objects (ADO) like I did in the old VBScript days is a major pain. When I learned how to use the Directory Searcher Object, it was a little better&mdash;in fact quite a bit better, but I am curious if the new Active Directory cmdlets have anything to make it easier to retrieve users?<\/p>\n<p class=\"MsoNormal\">&#8212; NN<\/p>\n<p class=\"MsoNormal\">\n<p>&nbsp;<\/p>\n<\/p>\n<p class=\"MsoNormal\"><img decoding=\"async\" title=\"Hey, Scripting Guy! Answer\" border=\"0\" alt=\"Hey, Scripting Guy! Answer\" align=\"left\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/a-for-powertip.jpg\" width=\"34\" height=\"34\">Hello NN, <\/p>\n<p class=\"MsoNormal\">Microsoft Scripting Guy Ed Wilson here. Today is a special day because I finally received my copies of the <a href=\"http:\/\/www.amazon.com\/Windows-PowerShell-2-0-Best-Practices\/dp\/0735626464\/ref=sr_1_1?ie=UTF8&amp;s=books&amp;qid=1255959455&amp;sr=8-1\">Windows PowerShell 2.0 Best Practices book<\/a> that I spent 18 months of my life writing. For me, the big thing about writing books is the enjoyment I receive when people tell me they have read my book and it helped them. On Facebook this morning, I had two notes from people who stated they had enjoyed my books. Speaking of Facebook, <a href=\"http:\/\/www.facebook.com\/Mr.Ed.Wilson\"><font face=\"Segoe\">send me a friend request<\/font><\/a>. I enjoy the interaction. In addition to the Best Practices book, the morning mail also showed up with a tin of <a href=\"http:\/\/en.wikipedia.org\/wiki\/Genmaicha\"><font face=\"Segoe\">Genmaicha tea<\/font><\/a>. This delicate green tea is best brewed for 3<span>&ndash;<\/span>5 minutes, and tastes great with a cinnamon stick in it. The beautiful blue sky, cool temperature, a special pot of green tea, and an excellent Windows PowerShell book make a wonderful way to spend the day. But I also need to check the e-mail sent to <a href=\"http:\/\/blogs.technet.commailto:scripter@microsoft.com\"><font face=\"Segoe\">scripter@microsoft.com<\/font><\/a>. <\/p>\n<p class=\"MsoNormal\">It is a bit damp outside today, but the sky is clear. It reminds me of Lima, Peru, when I was down there teaching a VBScript class a few years ago. My friend Omar took me around, and I was able to take some great pictures such as the following one.<\/p>\n<p class=\"Fig-Graphic\"><img decoding=\"async\" title=\"Image of Lima, Peru\" alt=\"Image of Lima, Peru\" src=\"http:\/\/img.microsoft.com\/library\/media\/1033\/technet\/images\/scriptcenter\/qanda\/hsg\/2010\/february\/hey0201\/hsg-2-1-10-1.jpg\" width=\"600\" height=\"450\"><a href=\"http:\/\/img.microsoft.com\/library\/media\/1033\/technet\/images\/scriptcenter\/qanda\/hsg\/2010\/february\/hey0201\/hsg-2-1-10-1.jpg\"><\/a><\/p>\n<p class=\"Fig-Graphic\">\n<p>&nbsp;<\/p>\n<\/p>\n<p class=\"MsoNormal\">NN, I agree with you completely. Using the <b>Directory Searcher<\/b> .NET Framework classes is easier to use than the old fashioned ADO or even new fangled ADO.NET scripts. In the end I feel it is a best practice to use what you are comfortable with, and to use what will be easiest for you to modify, to troubleshoot, and to maintain. <\/p>\n<p class=\"MsoNormal\">An example of using ADO to query AD DS is the QueryAD.Ps1 script I wrote several years ago. <\/p>\n<p class=\"CodeBlockScreenedHead\"><strong>QueryAD.ps1<\/p>\n<p><\/strong><\/p>\n<p class=\"CodeBlockScreened\"><font><font face=\"Lucida Sans Typewriter\">param(<br \/><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>$ou, <br \/><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>$domain, <br \/><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>$query,<br \/><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>[switch]$help<br \/><span>&nbsp;&nbsp;&nbsp;&nbsp; <\/span>)<\/p>\n<p>function funHelp()<br \/>{<br \/><span>&nbsp;<\/span>$helpText=@&#8221;<br \/><span>&nbsp;<\/span>DESCRIPTION:<br \/><span>&nbsp;<\/span>NAME: QueryAD.ps1<br \/><span>&nbsp;<\/span>Queries Active Directory<span>&nbsp; <\/span>on a local or remote machine. <\/p>\n<p><span>&nbsp;<\/span>PARAMETERS: <br \/><span>&nbsp;<\/span>-ou<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>the organizational unit to query<br \/><span>&nbsp;<\/span>-domain<span>&nbsp;&nbsp;&nbsp; <\/span>the domain to query<br \/><span>&nbsp;<\/span>-query<span>&nbsp;&nbsp;&nbsp;&nbsp; <\/span>the query to use. Queries for objects such as:<br \/><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>&lt; User, Group, Computer, OrganizationalUnit,<br \/><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>printqueue, grouppolicycontainer, ipsecpolicy, <br \/><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>pkicertificatetemplate, sitelink, subnet, site &gt;<br \/><span>&nbsp;<\/span>-help<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>prints help file<\/p>\n<p><span>&nbsp;<\/span>SYNTAX:<br \/><span>&nbsp;<\/span>QueryAD.ps1 <\/p>\n<p><span>&nbsp;<\/span>Generates message of missing parameter and displays help<\/p>\n<p><span>&nbsp;<\/span>QueryAD.ps1 -domain &#8220;nwtraders.com&#8221; -ou &#8220;mytestou&#8221; -query computer<\/p>\n<p><span>&nbsp;<\/span>Displays a listing of every computer object in the mytestou organizational<br \/><span>&nbsp;<\/span>unit of the nwtraders.com domain<\/p>\n<p><span>&nbsp;<\/span><br \/><span>&nbsp;<\/span>QueryAD.ps1 -help<\/p>\n<p><span>&nbsp;<\/span>Prints the help topic for the script<br \/>&#8220;@<br \/><span>&nbsp; <\/span>$helpText<br \/><span>&nbsp; <\/span>exit<br \/>} #end funHelp<\/p>\n<p>Function funQueryAD()<br \/>{<br \/><span>&nbsp;<\/span>$domain = $domain -replace(&#8220;^&#8221;,&#8221;dc=&#8221;)<span>&nbsp;&nbsp;&nbsp; <\/span>#replace first character<br \/><span>&nbsp;<\/span>$domain = $domain -replace(&#8220;.&#8221;,&#8221;,dc=&#8221;) #replace the period<\/p>\n<p><span>&nbsp;<\/span>if(!$ou)<br \/><span>&nbsp; <\/span>{ <br \/><span>&nbsp;&nbsp; <\/span>if(!$query)<br \/><span>&nbsp;&nbsp;&nbsp; <\/span>{<br \/><span>&nbsp;&nbsp;&nbsp;&nbsp; <\/span>$strQuery = &#8220;&lt;LDAP:\/\/$domain&gt;;;name;subtree&#8221;<br \/><span>&nbsp;&nbsp;&nbsp; <\/span>}<br \/><span>&nbsp;&nbsp; <\/span>ELSE<br \/><span>&nbsp;&nbsp;&nbsp; <\/span>{<br \/><span>&nbsp;&nbsp;&nbsp;&nbsp; <\/span>$strQuery = &#8220;&lt;LDAP:\/\/$domain&gt;;(objectcategory=$query);name;subtree&#8221;<br \/><span>&nbsp;&nbsp;&nbsp; <\/span>}<br \/><span>&nbsp; <\/span>}<br \/><span>&nbsp;<\/span>ELSE<br \/><span>&nbsp; <\/span>{<br \/><span>&nbsp;&nbsp; <\/span>$ou = $ou -replace(&#8220;^&#8221;,&#8221;ou=&#8221;)<span>&nbsp;&nbsp;&nbsp; <\/span><span>&nbsp; <\/span>#replace first character<br \/><span>&nbsp;&nbsp; <\/span>$ou = $ou -replace(&#8220;,&#8221;,&#8221;,ou=&#8221;) #replace a comma<br \/><span>&nbsp;&nbsp; <\/span>if(!$query)<br \/><span>&nbsp;&nbsp;&nbsp; <\/span>{<br \/><span>&nbsp;&nbsp;&nbsp;&nbsp; <\/span>$strQuery = &#8220;&lt;LDAP:\/\/$ou,$domain&gt;;;name;subtree&#8221;<br \/><span>&nbsp;&nbsp;&nbsp; <\/span>}<br \/><span>&nbsp;&nbsp; <\/span>ELSE<br \/><span>&nbsp;&nbsp;&nbsp; <\/span>{<br \/><span>&nbsp;&nbsp;&nbsp;&nbsp; <\/span>$strQuery = &#8220;&lt;LDAP:\/\/$ou,$domain&gt;;(objectcategory=$query);name;subtree&#8221;<br \/><span>&nbsp;&nbsp;&nbsp; <\/span>}<br \/><span>&nbsp; <\/span>}<\/p>\n<p><span>&nbsp;<\/span>$objConnection = New-Object -comObject &#8220;ADODB.Connection&#8221;<br \/><span>&nbsp;<\/span>$objCommand = New-Object -comObject &#8220;ADODB.Command&#8221;<br \/><span>&nbsp;<\/span>$objConnection.Open(&#8220;Provider=ADsDSOObject;&#8221;)<br \/><span>&nbsp;<\/span>$objCommand.ActiveConnection = $objConnection<br \/><span>&nbsp;<\/span>$objCommand.CommandText = $strQuery<br \/><span>&nbsp;<\/span>$objRecordSet = $objCommand.Execute() <\/p>\n<p><span>&nbsp;<\/span>Do<br \/><span>&nbsp;<\/span>{<br \/><span>&nbsp;&nbsp;&nbsp;&nbsp; <\/span>$objRecordSet.Fields.item(&#8220;name&#8221;) |Select-Object name,Value <br \/><span>&nbsp;&nbsp;&nbsp;&nbsp; <\/span>$objRecordSet.MoveNext()<br \/><span>&nbsp;<\/span>}<br \/><span>&nbsp;<\/span>Until ($objRecordSet.eof) <\/p>\n<p><span>&nbsp;<\/span>$objConnection.Close()<br \/>} #end funQueryAD<\/p>\n<p>if($help) { &#8220;calling help &#8230;&#8221; ; funhelp }<br \/>if(!$domain) { &#8220;missing the domain name&#8221; ; funhelp }<br \/>if(!$domain -or !$ou -or !$query) { &#8220;a parameter is required&#8221; ; funhelp }<br \/>funqueryAD<\/p>\n<p><\/font><\/font><\/p>\n<p class=\"MsoNormal\">By using the <b>Directory Searcher<\/b> object, you can reduce significantly the amount of work that is involved in querying Active Directory. The SearchAllComputersInDomain.ps1 script was used for a Hey, Scripting Guy! Blog post in <a href=\"http:\/\/blogs.technet.com\/heyscriptingguy\/archive\/2009\/03\/16\/how-do-i-search-active-directory.aspx\"><font face=\"Segoe\">March 2009<\/font><\/a> when we spent a week talking about searching Active Directory. <\/p>\n<p class=\"CodeBlockScreenedHead\"><strong>SearchAllComputersInDomain.ps1<\/p>\n<p><\/strong><\/p>\n<p class=\"CodeBlockScreened\"><font><font face=\"Lucida Sans Typewriter\">$Filter = &#8220;ObjectCategory=computer&#8221;<br \/>$Searcher = New-Object System.DirectoryServices.DirectorySearcher($Filter)<br \/>$Searcher.Findall() | <br \/>Foreach-Object `<br \/><span>&nbsp; <\/span>-Begin { &#8220;Results of $Filter query: &#8221; } `<br \/><span>&nbsp; <\/span>-Process { $_.properties ; &#8220;`r&#8221;} `<br \/><span>&nbsp; <\/span>-End { [string]$Searcher.FindAll().Count + &#8221; $Filter results were found&#8221;<\/p>\n<p><\/font><\/font><\/p>\n<p class=\"MsoNormal\">In Windows PowerShell 2.0, you can shorten the script a bit by using the <b>[adsisearcher]<\/b> type accelerator. The <b>[adsisearcher]<\/b> type accelerator saves you the trouble of creating an instance of the <b>DirectoryServices.DirectorySearcher<\/b> .NET Framework class. This is seen here. <\/p>\n<p class=\"CodeBlockScreenedHead\"><strong>SearchComputersUseAdsiSearcher.ps1<\/p>\n<p><\/strong><\/p>\n<p class=\"CodeBlockScreened\"><font><font face=\"Lucida Sans Typewriter\">$Filter = &#8220;ObjectCategory=computer&#8221;<br \/>$Searcher = [adsiSearcher]($Filter)<br \/>$Searcher.Findall() | <br \/>Foreach-Object `<br \/><span>&nbsp; <\/span>-Begin { &#8220;Results of $Filter query: &#8221; } `<br \/><span>&nbsp; <\/span>-Process { $_.properties ; &#8220;`r&#8221;} `<br \/><span>&nbsp; <\/span>-End { [string]$Searcher.FindAll().Count + &#8221; $Filter results were found&#8221; }<\/p>\n<p><\/font><\/font><\/p>\n<p class=\"MsoNormal\">If you have at least one Windows Server 2008 R2 domain controller and the <a href=\"http:\/\/www.microsoft.com\/downloads\/details.aspx?displaylang=en&amp;FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d\">Remote Server Administration Tools for Windows 7 (RSAT) tools<\/a> installed, you can use the <b>Get-ADComputer<\/b> cmdlet to retrieve information about a computer account in AD DS. The <b>&ndash;identity<\/b> parameter will accept the <b>samAccountName<\/b>, the <b>DistinguishedName<\/b>, the security identifier (SID), or the object GUID:<\/p>\n<p class=\"CodeBlockScreened\"><font><font face=\"Lucida Sans Typewriter\">PS C:&gt; Get-ADComputer -Identity hyperv<\/p>\n<p>DistinguishedName : CN=HYPERV,OU=Domain Controllers,DC=NWTraders,DC=Com<br \/>DNSHostName<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: HyperV.NWTraders.Com<br \/>Enabled<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: True<br \/>Name<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: HYPERV<br \/>ObjectClass<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: computer<br \/>ObjectGUID<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 2a76b1bd-80cb-4546-a8f2-ea46d474e06a<br \/>SamAccountName<span>&nbsp;&nbsp;&nbsp; <\/span>: HYPERV$<br \/>SID<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: S-1-5-21-3746122405-834892460-3960030898-1000<br \/>UserPrincipalName :<\/p>\n<p>PS C:&gt; Get-ADComputer -Identity &#8216;CN=HYPERV,OU=Domain Controllers,DC=NWTraders,DC=Com&#8217;<\/p>\n<p>DistinguishedName : CN=HYPERV,OU=Domain Controllers,DC=NWTraders,DC=Com<br \/>DNSHostName<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: HyperV.NWTraders.Com<br \/>Enabled<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: True<br \/>Name<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: HYPERV<br \/>ObjectClass<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: computer<br \/>ObjectGUID<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 2a76b1bd-80cb-4546-a8f2-ea46d474e06a<br \/>SamAccountName<span>&amp;nbs\np;&nbsp;&nbsp; <\/span>: HYPERV$<br \/>SID<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: S-1-5-21-3746122405-834892460-3960030898-1000<br \/>UserPrincipalName :<\/p>\n<p>PS C:&gt; Get-ADComputer -Identity S-1-5-21-3746122405-834892460-3960030898-1000<\/p>\n<p>DistinguishedName : CN=HYPERV,OU=Domain Controllers,DC=NWTraders,DC=Com<br \/>DNSHostName<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: HyperV.NWTraders.Com<br \/>Enabled<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: True<br \/>Name<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: HYPERV<br \/>ObjectClass<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: computer<br \/>ObjectGUID<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 2a76b1bd-80cb-4546-a8f2-ea46d474e06a<br \/>SamAccountName<span>&nbsp;&nbsp;&nbsp; <\/span>: HYPERV$<br \/>SID<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: S-1-5-21-3746122405-834892460-3960030898-1000<br \/>UserPrincipalName :<\/p>\n<p>PS C:&gt; Get-ADComputer -Identity 2a76b1bd-80cb-4546-a8f2-ea46d474e06a<\/p>\n<p>DistinguishedName : CN=HYPERV,OU=Domain Controllers,DC=NWTraders,DC=Com<br \/>DNSHostName<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: HyperV.NWTraders.Com<br \/>Enabled<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: True<br \/>Name<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: HYPERV<br \/>ObjectClass<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: computer<br \/>ObjectGUID<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 2a76b1bd-80cb-4546-a8f2-ea46d474e06a<br \/>SamAccountName<span>&nbsp;&nbsp;&nbsp; <\/span>: HYPERV$<br \/>SID<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: S-1-5-21-3746122405-834892460-3960030898-1000<br \/>UserPrincipalName :<\/p>\n<p><\/font><\/font><\/p>\n<p class=\"MsoNormal\">Because the <b>identity<\/b> parameter is the default parameter for <b>Get-ADComputer<\/b>, you can leave it out and just supply the name of the computer you wish to query. This is seen here:<\/p>\n<p class=\"CodeBlockScreened\"><font><font face=\"Lucida Sans Typewriter\">PS C:&gt; Get-ADComputer win7-pc<\/p>\n<p>DistinguishedName : CN=WIN7-PC,CN=Computers,DC=NWTraders,DC=Com<br \/>DNSHostName<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: WIN7-PC.NWTraders.Com<br \/>Enabled<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: True<br \/>Name<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: WIN7-PC<br \/>ObjectClass<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: computer<br \/>ObjectGUID<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 3e802bb2-702a-4039-90dd-d7b624c97440<br \/>SamAccountName<span>&nbsp;&nbsp;&nbsp; <\/span>: WIN7-PC$<br \/>SID<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: S-1-5-21-3746122405-834892460-3960030898-1103<br \/>UserPrincipalName :<\/p>\n<p><\/font><\/font><\/p>\n<p class=\"MsoNormal\">One strange thing is the use of the <b>property<\/b> parameter from the <b>Get-ADComputer<\/b> cmdlet. You would expect that piping the <b>computer<\/b> object that is returned by the cmdlet to the <b>Format-List<\/b> cmdlet would provide you the opportunity to work with computer object properties. When working with other objects, you can use the wildcard character &ldquo;*&rdquo; and the <b>force<\/b> switch with the <b>Format-List<\/b> cmdlet and retrieve all properties and values of an object. As seen here, when working with the <b>Get-ADComputer<\/b> cmdlet, that is not the case:<\/p>\n<p class=\"CodeBlockScreened\"><font><font face=\"Lucida Sans Typewriter\">PS C:&gt; Get-ADComputer win7-pc | format-list * -Force<\/p>\n<p>DistinguishedName : CN=WIN7-PC,CN=Computers,DC=NWTraders,DC=Com<br \/>DNSHostName<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: WIN7-PC.NWTraders.Com<br \/>Enabled<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: True<br \/>Name<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: WIN7-PC<br \/>ObjectClass<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: computer<br \/>ObjectGUID<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 3e802bb2-702a-4039-90dd-d7b624c97440<br \/>SamAccountName<span>&nbsp;&nbsp;&nbsp; <\/span>: WIN7-PC$<br \/>SID<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: S-1-5-21-3746122405-834892460-3960030898-1103<br \/>UserPrincipalName :<br \/>PropertyNames<span>&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: {DistinguishedName, DNSHostName, Enabled, Name&#8230;}<br \/>PropertyCount<span>&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 9<\/p>\n<p>PS C:&gt;<\/p>\n<p><\/font><\/font><\/p>\n<p class=\"MsoNormal\">To obtain all of the information available from a computer object, you must use the <b>property<\/b> parameter from the <b>Get-ADComputer<\/b> cmdlet, as seen here:<\/p>\n<p class=\"CodeBlockScreened\"><font><font face=\"Lucida Sans Typewriter\">PS C:&gt; Get-ADComputer -Identity win7-pc -Properties *<\/p>\n<p>AccountExpirationDate<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>:<br \/>accountExpires<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 9223372036854775807<br \/>AccountLockoutTime<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>:<br \/>AccountNotDelegated<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: False<br \/>AllowReversiblePasswordEncryption<span>&nbsp; <\/span>: False<br \/>BadLogonCount<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 0<br \/>badPasswordTime<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 0<br \/>badPwdCount<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 0<br \/>CannotChangePassword<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&amp;nb\nsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: False<br \/>CanonicalName<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: NWTraders.Com\/Computers\/WIN7-PC<br \/>Certificates<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: {}<br \/>CN<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span>: WIN7-PC<br \/>codePage<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 0<br \/>countryCode<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 0<br \/>Created<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 9\/8\/2009 9:48:38 PM<br \/>createTimeStamp<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 9\/8\/2009 9:48:38 PM<br \/>Deleted<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>:<br \/>Description<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>:<br \/>DisplayName<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>:<br \/>DistinguishedName<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: CN=WIN7-PC,CN=Computers,DC=NWTraders,DC=Com<br \/>DNSHostName<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: WIN7-PC.NWTraders.Com<br \/>DoesNotRequirePreAuth<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: False<br \/>dSCorePropagationData<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: {12\/3\/2009 6:32:30 PM, 12\/3\/2009 6:32:29 PM, 12\/2\/2009 7:18:22 AM, 12\/2\/2009 7:18:<br \/><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>22 AM&#8230;}<br \/>Enabled<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: True<br \/>HomedirRequired<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: False<br \/>HomePage<span>&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span>:<br \/>instanceType<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 4<br \/>IPv4Address<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 192.168.1.110<br \/>IPv6Address<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>:<br \/>isCriticalSystemObject<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: False<br \/>isDeleted<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>:<br \/>LastBadPasswordAttempt<span>&nbsp;&nbsp; <\/span><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span>:<br \/>LastKnownParent<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>:<br \/>lastLogoff<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 0<br \/>lastLogon<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 129084954052650603<br \/>LastLogonDate<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 1\/15\/2010 12:28:29 PM<br \/>lastLogonTimestamp<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 129080501096745399<br \/>localPolicyFlags<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 0<br \/>Location<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>:<br \/>LockedOut<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: False<br \/>logonCount<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: 255<br \/>ManagedBy<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>:<br \/>MemberOf<span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span>: {}<br \/>MNSLogonAccount <span><\/span><\/font><\/font><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; &nbsp; Hey, Scripting Guy! I often need to search Active Directory Domain Services (AD DS) to find information about various computers. I may need to identify all of the computers in a particular organizational unit or all the computers who happen to reside in a particular office. Whatever the reason, using Active X Data [&hellip;]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,3,8,45],"class_list":["post-51433","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-scripting-guy","tag-searching-active-directory","tag-windows-powershell"],"acf":[],"blog_post_summary":"<p>&nbsp; &nbsp; Hey, Scripting Guy! I often need to search Active Directory Domain Services (AD DS) to find information about various computers. I may need to identify all of the computers in a particular organizational unit or all the computers who happen to reside in a particular office. Whatever the reason, using Active X Data [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/51433","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=51433"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/51433\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=51433"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=51433"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=51433"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}