Get an AD Object without RSAT and fast

Get an AD Object without RSAT and fast

In this article we’ll see the function I’ve built to get an AD Object without RSAT and fast. I’ve been thinking for a while to write a new function, mainly because I wanted to pass multiple SamAccountNames without having to write a filter. However I recently had to go through a ton of users and fast, this is when I though that I could finally write my custom function, which leverages┬áSystem.DirectoryServices.DirectorySearcher, so it doesn’t even require RSAT.

There are a lot of guides are out there how to use it, this article is meant to share with you the function I built around that.

The things I like the most about this:

  • It’s fast. The more objects you’re querying, the faster it’ll be compared to Get-ADObject/Get-ADUsers/Get-ADGroup.
  • You can use it to query any kind of Object.
  • You can pass multiple SamAccountNames (Sam1, Sam2, SamN), SIDs or DistinguishedNames.
    • You can also choose to pass a partial parameter with a wildcard, for example: MyUserSam*
  • You can also choose to write a plain LDAP Query instead of the SAM/SID/DN.
  • Filter down for an account status with -AccountStatus. By default you’ll get both Enabled and Disabled.

Other features:

  • You can still specify whatever Properties you need, including * for all of them.
  • You can choose to display the LDAP filter the function has used to query AD.
  • You can also choose to translate the SID. Unfortunately what you get back it’s not a string but a byte array.
  • You can specify an objectCategory with -ObjectCategory without having to use a custom ldap filter.
  • Also, you can confine the search to a specific OU (SearchRoot), use a specific Server and Port.

Here’s the code ­čÖé

 

Leave a Reply

Your email address will not be published. Required fields are marked *

IT Droplets

IT Droplets