Searching Active Directory with PowerShell

Searching through a large number of Active Directory entries is a breeze with PowerShell!

This user is pretty remote, but PowerShell will find them in no time! Photo by Chung Yee Tsang on Unsplash

You’re probably tired of hearing me tell you how useful PowerShell is by now, so I’ll spare you my usual pitch.

You don’t need me to tell you that you should learn PowerShell to automate repetitive tasks because you already know all about it. You don’t need to hear another example of how unfeasible it would be to manually click through 10,000 entries in Active Directory looking for all the remote users in your company. You get it. I won’t even bother reminding you that PowerShell integrates with just about every Microsoft product out there, making it one of the most useful things you can learn early on in your career (and keeping it useful even when you have decades of experience.)

Since you already know all this, there’s no need to spend time on it. Let’s get right to the useful snippet for today, and then we can break down what’s happening.

Get-ADUser -Filter {office -like “*remote*”} -SearchBase “ou=Users,dc=SiliconPath,dc=com” | select samaccountname

Let’s look at what the above means. The commandlet we use is “Get-ADUser” which, as you may have guessed from the name, “gets an AD user.” Just about every PowerShell commandlet uses a verb-noun format like this, so it’s usually pretty easy to tell their purpose.

If you’re following along on your computer that’s already connected to an Active Directory, try this:

Get-ADUser jsmith

You’ll see displayed some of the attributes about “jsmith” that PowerShell thinks will be useful, but it won’t display all of them by default. To see all available attributes for this commandlet, type:

Get-ADUser jsmith -properties *

Notice this list is much longer. You can filter your searches using any of these attributes. That’s exactly what we do in our snippet above. We’re telling PowerShell: “Get me all AD users that have an office attribute that has “remote” in the name.”

You’ll notice that I have “remote” between two asterisks. These are wildcards in case the people who created the accounts didn’t follow a naming convention. (For example, a remote worker’s office could be entered as “remote”, “remote-Florida”, or “ParisRemote”.)

You need to tell where in your Active Directory PowerShell should search for these users. That’s what the “SearchBase” portion of the command does. This points PowerShell to the “Organizational Unit”, or “OU” where your users are stored. (Getting into OUs is beyond the scope of this article, so for now just ask someone you work with what you should put here. Or better yet, try to figure it out using your company’s documentation or Google!)

The next part is the pipe, which we’ve seen already. The pipe, which is the “|” character, passes the output from one commandlet to another. In this case, we’re passing a whole lot of attributes, but we really only care about knowing the usernames. To only get the info we want, we pass everything through the pipe and use the select command to choose “SamAccountName” which is just a fancy way of saying “user account”.

You can select more than one attribute, by the way. Just separate the attributes with a comma. For example:

Get-ADUser -Filter {office -like “*remote*”} -SearchBase “ou=Users,dc=SiliconPath,dc=com” | select samaccountname,title,office

You now know enough to explore this commandlet on your own. You could try filtering for everyone in a particular department instead of office, for example. For more ideas on what you can do with this commandlet, try:

Help Get-ADUser -examples

Go now, and may the power of the shell be with you.

With each post, I cover a new topic to help you get your start (or keep progressing) in your IT career. If it’s your first time visiting this blog, start here. And make sure to check out these top interview questions before you start interviewing!