Author Posts

August 14, 2017 at 3:08 am

Hi Guys.

I have discovered that I can use the AD functionality to retrieve user information (See my code below. I was wondering if there is a way to retrieve the same user information without using the AD functionality?

Cheers,

Matt.

####################################
$UserArray = Get-ADUser -Identity $Username -Properties Name, Title, mail, canonicalname, streetaddress, telephoneNumber, mobile

####################################
$UserFullName = $UserArray.Name; If ($UserFullName -eq $null) {$UserFullName = $DefaultNoDataMsg}
$UserLogin = $Username
$UserTitle = $UserArray.Title; If ($UserTitle -eq $null) {$UserTitle = $DefaultNoDataMsg}
$UserEmail = $UserArray.mail; If ($UserEmail -eq $null) {$UserEmail = $DefaultNoDataMsg}
$UserOU = $UserArray.canonicalname
$UserAddress = $UserArray.streetaddress; If ($UserAddress -eq $null) {$UserAddress = $DefaultNoDataMsg}
$UserPhone = $UserArray.telephonenumber; If ($UserPhone – eq $null) {$UserPhone = $DefaultNoDataMsg}
$UserMobile = $UserArray.mobile; If ($UserMobile -eq $null) {$UserMobile = $DefaultNoDataMsg}

August 14, 2017 at 1:34 pm

It depends on what you mean by "functionality," too. You cannot retrieve AD information without using AD, no. As noted above, you can get some stuff using ADSI rather than the AD cmdlets – although ADSI is deprecated, so taking a long-term dependency on it may be problematic. The AD commands are definitely considered the "way forward" in terms of PowerShell. You could also use some of the underlying .NET Framework functionality, if you're comfortable basically coding in C#.

August 15, 2017 at 12:13 am

Hi guys... Thanks for your help. The reason I can't use the AD functionality is because The Active Directory CMDlets seem to require the installation of the RSAT tools. This is not something that is typically deployed on the desktops of our clients, and would be a hard sell to get our clients to enable it on their fleet... Hence I have the problem.

August 15, 2017 at 7:21 am

You still could use Implicit Remoting but what for would you need these functionality on all clients? That's usually something you need for administrative purposes.

August 15, 2017 at 7:37 am

If you are stuck using ADSI you could check here for some ideas http://www.lazywinadmin.com/2013/10/powershell-get-domaincomputer-adsi.html

That said Implicit Remoting would give you more flexibility and future proofing of your code as Olaf suggested

August 15, 2017 at 3:36 pm

I understand what your trying to do skankykiwi – I'm in the same boat. I need to do ad queries without relying on the AD Cmdlts as well.

To answer the question for others – at least in my case – the company I work for is wanting to replace all of their scripts with multiple powershell scripts for login/special application launches/etc. Because of this – I had to build all of my scripts without relying on RSAT and the cmdlts that comes with it if I knew they were going to be deployed to endpoints.

skankykiwi – just as an example on how to do some of this without ADSI and without the AD CMDLTS I have included the below function from one of my scripts – let me know if I can provide more/answer any questions on them. They are basic – but right now I only need to return the basic data points. To retrieve data another way (for example: computer accounts) you would just need to modify the ldap query. The ldap query can be a pain – but it works.

function Get-AHCLdapUser
{
	[CmdletBinding()]
	param
	(
		[Parameter(Mandatory = $true)]
		[string]$SamAccountName
	)
	$strFilter = "(&(objectCategory=user)(SamaccountName=$($SamAccountName)))"
	$objDomain = New-Object System.DirectoryServices.DirectoryEntry
	$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
	$objSearcher.SearchRoot = $objDomain
	$objSearcher.PageSize = 1000
	$objSearcher.Filter = $strFilter
	$objSearcher.SearchScope = "Subtree"
        $colResults = $objSearcher.FindAll()
	return $colResults
}