Appendix A. Searching Active Directory
You’ve seen many examples of searching Active Directory throughout the book. Unless you work in a very small organization where you know every member of the staff, you’ll need to search Active Directory to find the user, group, or computer you need to work with. This appendix pulls together the examples you’ve seen already and a new set of search filters that you can use directly or with a little bit of modification. The searches are shown in PowerShell, but remember that the LDAP filters can be used in ADUC.
The Microsoft AD cmdlets can be used in a number of ways:
- Supply a value to the Identity parameter.
- Supply an LDAP filter.
- Supply a PowerShell filter.
You’ll see how the different filters work. There are two ways to filter your search in the AD cmdlets: using PowerShell syntax, which you already know, and using LDAP query syntax. The main objects you’ll search for are users, groups, and computers. Examples of the filters (PowerShell and LDAP) are provided for the main searches you’re likely to conduct. The appendix closes with a look at searching in the GUI tools.
The Identity parameter takes one of several types of values:
- Account name
- Distinguished name
- GUID
- Security identifier
Let’s look at these in order. The examples in the following sections all return the same user account.