Home » PowerShell » Get-ADObject – Search AD Objects in Active Directory

Get-ADObject – Search AD Objects in Active Directory

by

Get-AdObject PowerShell cmdlet gets an Active Directory object or performs a search to get multiple objects based on search criteria. You can get all of the objects in Active Directory using the Filter * parameter.

Get-ADObject cmdlet connects to the AD domain controller or Lightweight Directory Service Server and returns active directory objects.Get-ADObject uses the Identity parameter to get specific Active Directory objects. You can use a distinguished name or GUID to identify the object.

By default, the Get-ADObject cmdlet returns only 1000 AD objects. However, you can configure the ResultSetSize parameter to get a maximum number of objects.

Table of Contents hide
1 Get-ADObject Syntax
2 Get-AdObject Filter – Get all AD Objects
3 Get-ADObject Computer from Active Directory
4 Get-ADObject Users only
5 Get-ADObject SearchBase – Get AD objects from OU
6 Get-ADObject Contact – Find Active Directory Contact
7 Get-ADObject Export to CSV
8 Get-ADObject SID – Find ADUser name
9 Conclusion

Get-ADObject Syntax

Get-AdObject cmdlet gets one or more active directory objects.

Syntax:

Get-ADObject
   [-AuthType <ADAuthType>]
   [-Credential <PSCredential>]
   -Filter <String>
   [-IncludeDeletedObjects]
   [-Properties <String[]>]
   [-ResultPageSize <Int32>]
   [-ResultSetSize <Int32>]
   [-SearchBase <String>]
   [-SearchScope <ADSearchScope>]
   [-Server <String>]
   [<CommonParameters>]

Get-ADObject
   [-AuthType <ADAuthType>]
   [-Credential <PSCredential>]
   [-IncludeDeletedObjects]
   -LDAPFilter <String>
   [-Properties <String[]>]
   [-ResultPageSize <Int32>]
   [-ResultSetSize <Int32>]
   [-SearchBase <String>]
   [-SearchScope <ADSearchScope>]
   [-Server <String>]
   [<CommonParameters>]

Parameters:

-AuthType: It specifies the authentication method to use. The acceptable values for this parameter are Basic or Negotiate. The default authentication method is Negotiate.

-Credential: It specifies the user account credentials to perform the task. By default, it uses currently logged-on user credentials. You can use the Get-Credential cmdlet to get user credentials.

–Filter: It specifies a query string to retrieves Active Directory Objects. Query string uses PowerShell Expression Language syntax. Using Filter or LDAPFilter parameter used to search and get more than one AD object.

-Identity: It specifies an Active Directory object using the distinguished name, GUID

-Properties: It Specifies the properties of AD object to retrieve from the server. To specify properties for this parameter, Use a comma-separated list of names. Use * (asterisk) to display all attributes for the object.

Let’s understand how to get active directory objects using Get-ADObject examples.

Get-AdObject Filter – Get all AD Objects

You can get adobjects from the active directory using the Filter parameter. Filter * gets all ad objects as given below

Get-ADObject -Filter *

The above Get-ADObject example gets all active directory objects like the user, computer, group, container, organizational unit, etc…

Get-ADObject Computer from Active Directory

You can get adobject computer from the active directory using filter parameter as given below

 Get-ADObject -Filter {(objectClass -eq "user") -and (objectCategory -eq "computer")}

In the above PowerShell script, the Get-AdObject cmdlet gets computers from the active directory.

Get-AdObject uses a Filter parameter to specify query string where the object class is equal to user and object category is equal to the computer.

The output of the above get-adobject computer command gets a distinguished name, object GUID, and AD object computer name.

Get-ADObject -Filter {(objectClass -eq "user") -and (objectCategory -eq "computer")}

DistinguishedName                                      Name     ObjectClass ObjectGUID
-----------------                                      ----     ----------- ----------
CN=ENG-PRO,OU=Domain Controllers,DC=SHELLPRO,DC=LOCAL ENG-PRO computer    dbf9fc91-4f31-401e-b924-89cd0c6b26c0
CN=OPER-01,CN=Computers,DC=SHELLPRO,DC=LOCAL           OPER-01  computer    69432246-a05e-4be1-bb38-1f047ds65b06

Get-ADObject Users only

You can get adobject users only from the active directory using filter parameter as given below

 Get-ADObject -Filter {(objectClass -eq "user") -and (objectCategory -eq "user")}

In the above Get-AdObject example script, the Get-AdObject cmdlet gets users from the active directory.

Get-AdObject uses a Filter parameter to specify query string where the object class is equal to user and object category is equal to user.

The output of the above get-adobject users only command gets a distinguished name, adobject user name, object class, and object GUID as below

 Get-ADObject -Filter {(objectClass -eq "user") -and (objectCategory -eq "user")}

DistinguishedName                                Name        ObjectClass ObjectGUID
-----------------                                ----        ----------- ----------
CN=Guest,CN=Users,DC=SHELLPRO,DC=LOCAL           Guest       user        1c4cede2-0375-49e6-a562-a5288713a3ec
CN=krbtgt,CN=Users,DC=SHELLPRO,DC=LOCAL          krbtgt      user        f33e6e7e-4807-40aa-b2c1-846eea98135e

Cool Tip: How to use search-adaccount cmdlet in PowerShell!

Get-ADObject SearchBase – Get AD objects from OU

If you want to get adobjects from the specific organizational unit in the active directory, use the Get-ADObject SearchBase parameter to specify the distinguished name as given below

Get-ADObject -Filter * -SearchBase 'OU=SALES,DC=SHELLPRO,DC=LOCAL'

This command gets all ad objects from the active directory using the SearchBase parameter.

The output of the above command is given below

Get-ADObject SearchBase
Get-ADObject SearchBase

Get-ADObject Contact – Find Active Directory Contact

If you want to get active directory contacts, run the below command

Get-ADObject -Filter 'objectClass -eq "contact"' -Properties CN | Format-List CN

This command finds active directory contacts. It uses the Get-ADObject Filter parameter to query objectclass equal to contact and get contact name.

Get-ADObject Export to CSV

If you want to get adobject from container and export to CSV file, use below command

Get-ADObject -Filter 'objectClass -eq "container"' | Export-Csv -Path C:\PowerShell\adobject-container.csv

In the above PowerShell script, the Get-ADObject cmdlet gets adobject from the container.

Get-ADObject uses a Filter parameter to specify query string as objectClass equal to container and passes the output to Export-CSV cmdlet.

Export-CSV cmdlet export adobject to CSV file on the specified path.

Get-ADObject SID – Find ADUser name

If you want to get aduser name, distinguished name, samaccountname, userprincipalname by SID, run the given below command

$sid = 'S-1-5-21-1326752099-4012446882-462961959-1103'
Get-ADObject -Filter "objectSid -eq '$sid'" -Properties * | Select-Object name,distinguishedname,samaccountname,userprincipalname

In the above Get-ADObject example,

User account SID is stored in the $sid variable.

Get-ADObject cmdlet uses a Filter parameter to query objectSid equal to $sid and gets username, distinguishedname, samaccountname, and userprincipalname for adobject.

Conclusion

I hope the above article to find active directory objects using the Get-ADObject cmdlet is helpful to you.

Get-AdObject gets active directory objects, get ad objects in specific OU, get-adobject by SID, and export list of adobjects to CSV file.

You can use the Get-AdObject cmdlet to get active directory objects and pass them to the Set-ADObject cmdlet to modify the active directory object property.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.