Generic Search of Active Directory

A PowerShell Version 1.0 script to search Active Directory. The program prompts for the base of the query, the LDAP syntax filter, and a comma delimited list of attribute values to retrieve. Results are in list or comma delimited format.

The program handles single and multi-valued attributes. The attributes can be strings, DN values, byte arrays, SID values, GUID values, 64-bit integers, 32-bit integers, generalized time values, booleans, and the logonHours attribute. If the 64-bit integers are large enough, they are converted into the equivalent datetime in the local time zone, or into a timespan.

When the program prompts for the base of the query, you can enter nothing to search the entire domain. Otherwise, enter the Distinguished Name of an OU or container. If you omit the dc components, the program appends the DN of the current domain to your base. You can query the schema container by entering cn=Schema,cn=Configuration, or the Sites container by entering cn=Sites,cn=Configuration. To target a specific Domain Controller (because you are retrieving attributes that are not replicated, like lastLogon), enter the NetBIOS name of the DC, followed by a forward slash, and then the Distinguished Name of the base of the query.

When the program prompts for the LDAP syntax filter, enter any standard filter, where clauses are enclosed in parentheses. For example, to filter on all user objects, you would enter: (&(objectCategory=person)(objectClass=user)). For more information on LDAP syntax filters, see this link: ADOSearchTips.htm

When prompted for the comma delimited list of attribute values to retrieve, enter the LDAP Display Names of the attributes. The distinguishedName attribute is always included, so don't specify it. If any attributes are listed twice, the duplicates are not removed. Do not specify the tokenGroups attribute, or an error will be raised.

When you run the program, you can specify any of three optional parameter. You can specify either /csv or -csv, to indicate that the output should be in comma delimited format. Otherwise, the output is in a list format. If you do not specify /csv, the program indicates the number of objects found. You can specify /OneLevel or -OneLevel to assign the scope of the query as "oneLevel", rather than the default "subTree". Or, you can specify /Count or -Count to just retrieve the number of objects that match the filter in the base of the query. In many cases you will want to redirect the output to a text file.

An error is raised if you are not authenticated to a domain, if the base is invalid, or if the filter is invalid. If you request a non-existent attribute, the values retrieved will be "<no value>".

GenericSearch.txt <<-- Click here to view or download the program