Summary: Microsoft Scripting Guy, Ed Wilson, talks about using Windows PowerShell to discover the names of attributes in Active Directory Domain Services.
Microsoft Scripting Guy, Ed Wilson, is here. One of the great things about writing a blog is the comments I receive. Most of the time the comments add illuminating information, express thanks for a topic, or offer thoughts to contemplate further exploration. Today’s blog is a result of one of those comments. Thomas Brevig offered a way to find the name of an attribute in Active Directory Domain Services (AD DS) if he knew the value of the attribute. I thought the technique was great, and it showed that by piping Windows PowerShell pieces together, powerful solutions are easily built.
But I decided to see if I could find a different way to perform the search. The trick is that I access the underlying PSObject. So, the first thing I do is grab a user object with which I am interested in working. For this, I use the Get-ADUser cmdlet from the Active Directory module, and I choose all of the properties from the object. This command is shown here.
$user = get-aduser -filter "name -eq 'ed wilson'" -Properties *
If I use the Get-Member cmdlet to look at the user object stored in the $user variable the PSObjectproperty does not appear. To see this, I must add the Forceparameter to the Get-Member command. This technique is shown here.
$user | gm –Force
The command and its associated output are shown in the image that follows.
Now, I access the PSObjectproperty directly from the user object as shown here.
PS C:\> $user.psobject
Members : {AccountExpirationDate, accountExpires, AccountLockoutTime,
AccountNotDelegated...}
Properties : {AccountExpirationDate, accountExpires, AccountLockoutTime,
AccountNotDelegated...}
Methods : {string get_GivenName(), void set_GivenName(string value),
string get_Surname(), void set_Surname(string value)...}
ImmediateBaseObject : CN=ed wilson,OU=Charlotte,DC=iammred,DC=net
BaseObject : CN=ed wilson,OU=Charlotte,DC=iammred,DC=net
TypeNames : {Microsoft.ActiveDirectory.Management.ADUser,
Microsoft.ActiveDirectory.Management.ADAccount,
Microsoft.ActiveDirectory.Management.ADPrincipal,
Microsoft.ActiveDirectory.Management.ADObject...}
I access the Properties of the PSObjectdirectly, and I get back a bunch of information about each of the properties stored in the collection. The command is shown here.
$user.psobject.Properties
The command and its associated output are shown in the following image.
This lets me know that the attribute name appears in the Nameproperty and the value in the Valueproperty. By using this information, I come up with the following command.
PS C:\> $user.psobject.Properties | ? value -match 'charlotte' | select name, value
Name Value
---- -----
CanonicalName iammred.net/Charlotte/ed wilson
City Charlotte
DistinguishedName CN=ed wilson,OU=Charlotte,DC=iammred,D...
l Charlotte
Office Charlotte office
physicalDeliveryOfficeName Charlotte office
If I am doing this in Windows PowerShell 2.0, I would not use the simplified Where-Object syntax. Instead, the command would appear as:
$user.psobject.Properties | ? {$_.value -match 'charlotte'} | select name, value
I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.
Ed Wilson, Microsoft Scripting Guy