retrieve user information without using the AD functionality

This topic contains 6 replies, has 5 voices, and was last updated by  Paul DeArment Jr 2 months, 1 week ago.

  • Author
    Posts
  • #77274

    skankykiwi
    Participant

    Hi Guys.

    I have discovered that I can use the AD functionality to retrieve user information (See my code below. I was wondering if there is a way to retrieve the same user information without using the AD functionality?

    Cheers,

    Matt.

    ####################################
    $UserArray = Get-ADUser -Identity $Username -Properties Name, Title, mail, canonicalname, streetaddress, telephoneNumber, mobile

    ####################################
    $UserFullName = $UserArray.Name; If ($UserFullName -eq $null) {$UserFullName = $DefaultNoDataMsg}
    $UserLogin = $Username
    $UserTitle = $UserArray.Title; If ($UserTitle -eq $null) {$UserTitle = $DefaultNoDataMsg}
    $UserEmail = $UserArray.mail; If ($UserEmail -eq $null) {$UserEmail = $DefaultNoDataMsg}
    $UserOU = $UserArray.canonicalname
    $UserAddress = $UserArray.streetaddress; If ($UserAddress -eq $null) {$UserAddress = $DefaultNoDataMsg}
    $UserPhone = $UserArray.telephonenumber; If ($UserPhone – eq $null) {$UserPhone = $DefaultNoDataMsg}
    $UserMobile = $UserArray.mobile; If ($UserMobile -eq $null) {$UserMobile = $DefaultNoDataMsg}

  • #77277

    Simon B
    Participant

    you could get most of that using the adsi connector

    https://stackoverflow.com/questions/30710755/extract-ad-user-information-via-adsi

  • #77283

    Don Jones
    Keymaster

    It depends on what you mean by "functionality," too. You cannot retrieve AD information without using AD, no. As noted above, you can get some stuff using ADSI rather than the AD cmdlets – although ADSI is deprecated, so taking a long-term dependency on it may be problematic. The AD commands are definitely considered the "way forward" in terms of PowerShell. You could also use some of the underlying .NET Framework functionality, if you're comfortable basically coding in C#.

  • #77290

    skankykiwi
    Participant

    Hi guys... Thanks for your help. The reason I can't use the AD functionality is because The Active Directory CMDlets seem to require the installation of the RSAT tools. This is not something that is typically deployed on the desktops of our clients, and would be a hard sell to get our clients to enable it on their fleet... Hence I have the problem.

  • #77292

    Olaf Soyk
    Participant

    You still could use Implicit Remoting but what for would you need these functionality on all clients? That's usually something you need for administrative purposes.

  • #77295

    Simon B
    Participant

    If you are stuck using ADSI you could check here for some ideas http://www.lazywinadmin.com/2013/10/powershell-get-domaincomputer-adsi.html

    That said Implicit Remoting would give you more flexibility and future proofing of your code as Olaf suggested

  • #77308

    Paul DeArment Jr
    Participant

    I understand what your trying to do skankykiwi – I'm in the same boat. I need to do ad queries without relying on the AD Cmdlts as well.

    To answer the question for others – at least in my case – the company I work for is wanting to replace all of their scripts with multiple powershell scripts for login/special application launches/etc. Because of this – I had to build all of my scripts without relying on RSAT and the cmdlts that comes with it if I knew they were going to be deployed to endpoints.

    skankykiwi – just as an example on how to do some of this without ADSI and without the AD CMDLTS I have included the below function from one of my scripts – let me know if I can provide more/answer any questions on them. They are basic – but right now I only need to return the basic data points. To retrieve data another way (for example: computer accounts) you would just need to modify the ldap query. The ldap query can be a pain – but it works.

    function Get-AHCLdapUser
    {
    	[CmdletBinding()]
    	param
    	(
    		[Parameter(Mandatory = $true)]
    		[string]$SamAccountName
    	)
    	$strFilter = "(&(objectCategory=user)(SamaccountName=$($SamAccountName)))"
    	$objDomain = New-Object System.DirectoryServices.DirectoryEntry
    	$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
    	$objSearcher.SearchRoot = $objDomain
    	$objSearcher.PageSize = 1000
    	$objSearcher.Filter = $strFilter
    	$objSearcher.SearchScope = "Subtree"
            $colResults = $objSearcher.FindAll()
    	return $colResults
    }
    

You must be logged in to reply to this topic.