none
Searching within ADSIedit RRS feed

  • Question

  • We are running Windows 2008 AD. Sometimes, I want to search for a user in AD using ADSI, however we have thousands of entries and I can't scroll to them. Does anyone know of a method to search for an object within ADSI?

    Secondly, is there any way to get all the attributes I see in ADSI using Quest Powershell or simliar?

    Saturday, July 9, 2011 10:28 PM

Answers

  • I'm not aware of anyway to search within ADSIEdit, you could search using ldp or ADFind (Freeware from joeware.net).

    I believe ADFind will provide all attributes, if so desired.
    http://www.joeware.net/freetools/tools/adfind/index.htm

    ADFind is a tool all AD Admins should have at their fingertips.


    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Saturday, July 9, 2011 10:38 PM
    Moderator
  • Hello,

    agree with what Paul said.

    For searches, you can use dsquery commands.

    More here: http://technet.microsoft.com/en-us/library/cc732952(WS.10).aspx

    For Powershell questions, ask here: http://social.technet.microsoft.com/Forums/en-US/winserverpowershell/threads

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator

    Sunday, July 10, 2011 1:12 AM
  • To retrieve values of all attributes (that can be retrieved) for a given user object using the PowerShell AD cmdlets, use:

    Get-ADUser -Identity jsmith -Properties * > .\jsmith.txt

    I redirected the output to a text file because it will be large. There is no find or query in ADSI Edit. In ADUC you can use View, Filter Options, Create Custom, Customize, Advanced and enter an LDAP filter. However, even here, while only the object(s) that match your filter show up, you must search OU's to find it. I use dsquery * as follows to retrieve the DN, which shows where the object is in AD:

    dsquery * -filter "(sAMAccountName=jsmith)"

    You can filter on other attributes, of course, like cn (Common Name).

     


    Richard Mueller - MVP Directory Services
    Sunday, July 10, 2011 2:28 AM

All replies

  • I'm not aware of anyway to search within ADSIEdit, you could search using ldp or ADFind (Freeware from joeware.net).

    I believe ADFind will provide all attributes, if so desired.
    http://www.joeware.net/freetools/tools/adfind/index.htm

    ADFind is a tool all AD Admins should have at their fingertips.


    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    http://www.pbbergs.com    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Saturday, July 9, 2011 10:38 PM
    Moderator
  • Hello,

    agree with what Paul said.

    For searches, you can use dsquery commands.

    More here: http://technet.microsoft.com/en-us/library/cc732952(WS.10).aspx

    For Powershell questions, ask here: http://social.technet.microsoft.com/Forums/en-US/winserverpowershell/threads

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator

    Sunday, July 10, 2011 1:12 AM
  • To retrieve values of all attributes (that can be retrieved) for a given user object using the PowerShell AD cmdlets, use:

    Get-ADUser -Identity jsmith -Properties * > .\jsmith.txt

    I redirected the output to a text file because it will be large. There is no find or query in ADSI Edit. In ADUC you can use View, Filter Options, Create Custom, Customize, Advanced and enter an LDAP filter. However, even here, while only the object(s) that match your filter show up, you must search OU's to find it. I use dsquery * as follows to retrieve the DN, which shows where the object is in AD:

    dsquery * -filter "(sAMAccountName=jsmith)"

    You can filter on other attributes, of course, like cn (Common Name).

     


    Richard Mueller - MVP Directory Services
    Sunday, July 10, 2011 2:28 AM


  • You can indeed setup a query in ADSIEdit and search for a particular object in a huge environment albeit with some difficulty. In ADSIEdit, connect to the desired Naming Context, usually the domain, right mouse click on the domain node, choose New then Query from the context sensitive menu.

    To effectively make this work, basic knowledge of LDAP syntax is required e.g.

    (&(objectCategory=person)(objectClass=user)(name=username))

    Please share with us if this helps. Thanks.



    TechNet/MSDN Forum Moderator - http://www.leedesmond.com

    Wednesday, July 3, 2013 1:06 PM
  • You cannot search an object inside ADSI object.  However, you can directly connect to an object using the correct Naming Context.  Please follow the instructions provided by Desmond. 


    Santhosh Sivarajan | Houston, TX

    Windows 2012 Book - Migrating from 2008 to Windows Server 2012

    http://www.sivarajan.com/
    FaceBookTwitter LinkedIn SS Tech Forum
    This post is provided ASIS with no warran

    Wednesday, July 3, 2013 2:13 PM
    Moderator
  • A few notes about this method:

    • You must select the naming context, not the domain node.
    • For "Name" you can enter anything, it is just the name of the query that will be saved.
    • For "Root" you must click the "Browse" button. You probably want to select the domain.
    • For "Query String" you can click "Edit Query" to have the GUI create a filter, or you can just enter a valid LDAP syntax filter.

    Regarding the suggested filter, recognize that "name" (the Relative Distinguished Name) does not uniquely identify the object. There may be several objects in the Root with the same RDN. The suggested clauses involving objectCategory and objectClass restrict the filter to user objects, but I would expect most, if not all, duplicates to be user objects anyway. So perhaps you might just as well use "(name=Jim Smith)" to find the user with name (the value of the cn attribute) equal to "Jim Smith". If there are duplicates, all will show in the results (the query will have the name you selected). You could instead filter on sAMAccountName, which is the "pre-Windows 2000 logon" name of a user, which is unique in the domain. Then the filter would be similar to "(sAMAccountName=jsmith)".


    Richard Mueller - MVP Directory Services

    • Proposed as answer by Patris_70 Wednesday, July 3, 2013 6:37 PM
    Wednesday, July 3, 2013 3:55 PM