In this article we’ll see the function I’ve built to get an AD Object without RSAT and fast. I’ve been thinking for a while to write a new function, mainly because I wanted to pass multiple SamAccountNames without having to write a filter. However I recently had to go through a ton of users and fast, this is when I though that I could finally write my custom function, which leverages System.DirectoryServices.DirectorySearcher, so it doesn’t even require RSAT.
There are a lot of guides are out there how to use it, this article is meant to share with you the function I built around that.
The things I like the most about this:
- It’s fast. The more objects you’re querying, the faster it’ll be compared to Get-ADObject/Get-ADUsers/Get-ADGroup.
- You can use it to query any kind of Object.
- You can pass multiple SamAccountNames (Sam1, Sam2, SamN), SIDs or DistinguishedNames.
- You can also choose to pass a partial parameter with a wildcard, for example: MyUserSam*
- You can also choose to write a plain LDAP Query instead of the SAM/SID/DN.
- Filter down for an account status with -AccountStatus. By default you’ll get both Enabled and Disabled.