#DirectorySearcher vs ActiveDirectory.Management

5 messages · Page 1 of 1 (latest)

shy void
#

I have a question but I want to state my understanding/observations in case I’m missing something…

I’m trying to write a function that gets a particular set of properties from AD. Some of the properties don’t exist on all objects.

When using Get-ADUser, requesting a property that doesn’t exist causes an error which prevents a result from being returned, regardless of what the error action preference is set to. As a way around this, I’m using a preference of Stop and am using the error code to pull out attributes from the ArrayList until I get a proper set of attributes.

Looking at DirectorySearcher, you can seemingly give it any number of properties to retrieve. Instead of erroring or anything, it instead only returns the properties it found on the object.

This is basically perfect for what I want, but I’m noticing that DirectorySearcher doesn’t seem to have the same number of properties available to query from. For example, I can query for the IPv4Address property with Get-ADComputer but that’s not returned by DirectorySearcher.

The default for DirectorySearcher is to grab all properties, and I couldn’t find anything analogous.

The question is:
Is there a way to have Get-AD* function more akin to DirectorySearcher? Maybe by like returning null for properties not found or just stripping them from the query?

Also, for my knowledge: what about DirectorySearcher causes it to have less properties than what one can get from the ActiveDirectory.Management module

#

I know I could potentially do something like -Properties * and filter, but that feels like something which should be avoided if possible

desert cobalt
#

Could just query the schema for known attributes first.

wide vigil
# shy void I know I could potentially do something like `-Properties *` and filter, but tha...

So IPV4Address is not apart of the AD Schema. Get-ADComputer basically queries DNS (to my understanding) to get the IPAddress. I've created a little loop that can do what you're asking, I think...

$objects = Get-ADObject -LDAPFilter "(|(objectClass=Computer)(ObjectClass=user))" -SearchBase "DC=company,DC=local" -pro DNSHostname,and,what,ever,other,properties,you,want
[System.Collections.ArrayList]$testarray = @()
foreach ($item in $objects) {
    if ($($item.ObjectClass -match "computer")) {
        [void]$testarray.Add($($item | Select Name,ObjectClass,@{L="IPV4Address"; E={([System.Net.Dns]::GetHostAddresses($_.DNSHostname)).IPAddressToString}}))
    } else {
        [void]$testarray.Add($($item | Select Name,ObjectClass,@{L="IPV4Address"; E={'Not a Computer Object'}}))
    }
}```
*Screenshot will show output. You can then pipe your Array to Export-CSV if you need that etc etc.*

For the -Properties * you can just pass whatever property with Get-ADObject. As long as the attribute is apart of the AD Schema, regardless if it is null or not it wont throw an error. But for example, while IPV4Address works with Get-ADComputer, it wont work with Get-ADUser or Get-ADObject as its not a valid property for those cmdlets. But DNSHostName will work with all three as DNSHostName is a valid Attribute within the AD Schema though 'User' ObjectClass objects do not have DNSHostName assigned.