Get-ADGroup not showing all attributes listed in ADSI Edit

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Lance Rosser Lance Rosser 1 year, 10 months ago.

  • Author
    Posts
  • #22257
    Profile photo of Lance Rosser
    Lance Rosser
    Participant

    We are using some additional AD Object attributes to track object ownership. For example when I use ADSIEdit to view the properties for an AD group I see the attribute names:

    MIISGroupPrimaryOwnwerName
    MIISGroupSecondaryOwnerName

    However, when I issue the PowerShell command:

    get-adgroup "groupA" -prop *

    I do not see these attributes listed. In fact there are many attributes that I see in ADSIEdit that I don't see when I run the PowerShell command listed above.

    Using ADSIEdit i added a value to the attribute 'MIISGroupSecondaryOwnerName'. Now when I run the PowerShell command the attribute is displayed (with the value I added).

    So seems to be that get-adgroup "groupA" -prop * only shows attributes populated with values.

    Is that a correct statement? Is there a way using PowerShell to show all the attributes (populated or not) that I see when using ADSIEdit?

    Thanks in advance for any help you can provide.

  • #22258
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Yeah, so, AD isn't like SQL Server in that way. When you add a property to a class, you make it available for use – but the directory doesn't automatically "attach" the property, with an empty value, to all existing objects. So until the value is there, the property doesn't exist. Some tools will fake it out to make it look more consistent, but the AD cmdlets don't.

    You could try using the older [ADSI] interface, or the Quest AD cmdlets, instead of the MS AD cmdlets.

  • #22278
    Profile photo of Lance Rosser
    Lance Rosser
    Participant

    Thank you Don. 🙂

You must be logged in to reply to this topic.