Appendix A. Searching Active Directory

 

You’ve seen many examples of searching Active Directory throughout the book. Unless you work in a very small organization where you know every member of the staff, you’ll need to search Active Directory to find the user, group, or computer you need to work with. This appendix pulls together the examples you’ve seen already and a new set of search filters that you can use directly or with a little bit of modification. The searches are shown in PowerShell, but remember that the LDAP filters can be used in ADUC.

The Microsoft AD cmdlets can be used in a number of ways:

  • Supply a value to the Identity parameter.
  • Supply an LDAP filter.
  • Supply a PowerShell filter.

You’ll see how the different filters work. There are two ways to filter your search in the AD cmdlets: using PowerShell syntax, which you already know, and using LDAP query syntax. The main objects you’ll search for are users, groups, and computers. Examples of the filters (PowerShell and LDAP) are provided for the main searches you’re likely to conduct. The appendix closes with a look at searching in the GUI tools.

A.1. PowerShell Identity parameter

The Identity parameter takes one of several types of values:

  • Account name
  • Distinguished name
  • GUID
  • Security identifier

Let’s look at these in order. The examples in the following sections all return the same user account.

A.1.1. Account name

The account name is commonly used for searching. This is the logon ID or sam-AccountName:

A.2. LDAP query syntax

 
 
 

A.3. Ambiguous name resolution

 
 
 

A.4. Searching for specific users

 
 

A.5. Searching for groups

 
 

A.6. Searching for computers

 
 

A.7. Other miscellaneous searches

 
 
 
 

A.8. Searching with the GUI tools

 
 
 
 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest