trying to search AD and return userobjects with property

This topic contains 3 replies, has 3 voices, and was last updated by Profile photo of Ron Ron 5 months, 1 week ago.

  • Author
  • #63883
    Profile photo of Nex6

    hi all,

    I am trying to build a powershell script that searches AD, and returns all userobjects that have the logonto property enabled.
    (largish AD) (so I can update them all at once....)

    I found a sample code in TechNet/msdn what I have is:

    this is the search code.... it returns "0" if you switch Samaccount to Name it returns all the names....

    rem $strFilter = "(&(objectCategory=User)(Department=Finance))"
    $objDomain = New-Object System.DirectoryServices.DirectoryEntry
    $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
    $objSearcher.SearchRoot = $objDomain
    $objSearcher.PageSize = 1000
    $objSearcher.Filter = $strFilter
    $objSearcher.SearchScope = "Subtree"
    $colProplist = "sAMAccountName"
    foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}
    $colResults = $objSearcher.FindAll()
    foreach ($objResult in $colResults)
        {$objItem = $objResult.Properties; $objItem.sAMAccountName}

    I have the code for the logonto also:

    rem Import-CSV C:\scripts\logonto-QRY\input.csv | % { 
    rem $UserN = $_.UserName
    $UserN = $
    $ComputerN = $_.ComputerName
    $ObjFilter = "(&(objectCategory=person)(objectCategory=User)(samaccountname=$UserN))" 
    $objSearch = New-Object System.DirectoryServices.DirectorySearcher 
    $objSearch.PageSize = 15000 
    $objSearch.Filter = $ObjFilter  
    $objSearch.SearchRoot = "LDAP://....DN here......" 
    $AllObj = $objSearch.findOne()
    $user = [ADSI] $AllObj.path
    $ErrorActionPreference = "silentlycontinue"
    If (($user.get("userWorkstations")) -ne $null)
    {$ComputerN = $user.get("userWorkstations") + $ComputerN}
    write-host $userN","$ComputerN
    rem Write-host -NoNewLine "Updating $UserN Properties ..."
    rem $user.psbase.invokeSet("userWorkstations",$ComputerN)
    Write-host "Done!"



  • #63895
    Profile photo of Richard Diphoorn
    Richard Diphoorn

    Brrrr I get the shivers when reading code like this. Don't you have the Active Directory cmdlets to your disposal? You're writing code like you are still using VBScript. Don't do that, try to use native cmdlets first.

  • #63896
    Profile photo of Nex6

    found the answer, way easier dont know why i didnt thing of it. I think this was a case of try to reuse code:

    Get-ADUser -Filter * -Properties LogonWorkstations | Where-Object {$_.LogonWorkstations -ne $null }|export-csv "c:\pathtofile.csv"


  • #63962
    Profile photo of Ron

    This might be a bit faster in a large AD. No need to load everyone and then filter.

    get-aduser -Filter {LogonWorkstations -notlike "*"}

You must be logged in to reply to this topic.