Get-ADObject

Get one or more AD objects.

Syntax
      Get-ADObject [-Identity] ADObject
         [-AuthType {Negotiate | Basic}] [-Credential PSCredential]
            [-IncludeDeletedObjects] [-Partition string] [-Properties string[]]
               [-Server string] [CommonParameters]

      Get-ADObject -Filter string [-ResultPageSize int] [-ResultSetSize Int32]
         [-SearchBase string] [-SearchScope {Base | OneLevel | Subtree}]
            [-AuthType {Negotiate | Basic}] [-Credential PSCredential]
               [-IncludeDeletedObjects] [-Partition string] [-Properties string[]]
                  [-Server string] [CommonParameters]

      Get-ADObject -LDAPFilter string [-ResultPageSize int] [-ResultSetSize Int32]
         [-SearchBase string] [-SearchScope {Base | OneLevel | Subtree}]
            [-AuthType {Negotiate | Basic}] [-Credential PSCredential] 
               [-IncludeDeletedObjects] [-Partition string] [-Properties string[]]
                  [-Server string] [CommonParameters]

Key
   -AuthType {Negotiate | Basic}
       The authentication method to use: Negotiate (or 0), Basic (or 1)
       A Secure Sockets Layer (SSL) connection is required for Basic authentication.

   -Credential PSCredential
       The user account credentials to use to perform this task.
       The default credentials are those of the currently logged on user unless the
       cmdlet is run from an Active Directory PowerShell provider drive.
       If the cmdlet is run from such a provider drive, the account associated with the drive is the default.

       Type a user name, such as "User64" or "Domain64\User64" or specify a
       PSCredential object such as one generated by Get-Credential 

       If a user name is specified, the cmdlet will prompt for a password.

   -Filter string
       A query string that retrieves Active Directory objects.
       This string uses the PowerShell Expression Language syntax:

       filter ::= "{" FilterComponentList"}"
       FilterComponentList ::= FilterComponent | FilterComponent JoinOperator FilterComponent | NotOperator FilterComponent
       FilterComponent ::= attr FilterOperator value | "(" FilterComponent")"
       FilterOperator ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike"
       JoinOperator ::= "-and" | "-or"
       NotOperator ::= "-not"
       attr ::= PropertyName | LDAPDisplayName_of_the_attribute
       value::= <compare this value with an attr by using the specified FilterOperator>

   -Identity ADObject
       An AD object. Most often this will be a Distinguished Name (e.g. CN=sample1,OU=demo,DC=SS64,DC=com)
       The identity may also be given as a GUID.

       Derived types, such as the following are also accepted:
          [Microsoft.ActiveDirectory.Management.]
            ADGroup,ADUser,ADComputer,ADServiceAccount,ADFineGrainedPasswordPolicy,ADDomain

       The cmdlet searches the default naming context or partition to find the object.
       If two or more objects are found, the cmdlet returns a non-terminating error.

       The ADObject may also be passed through the pipeline or set via a variable.

   -IncludeDeletedObjects
       Retrieve deleted objects and the deactivated forward and backward links.
       When specified, this cmdlet uses the LDAP controls:
          Show Deleted Objects (1.2.840.113556.1.4.417)
          Show Deactivated Links (1.2.840.113556.1.4.2065)

       If this parameter is not specified, Get-ADObject will not return or operate on deleted objects.

   -LDAPFilter string
       An LDAP query string that is used to filter AD objects.
       Use this parameter to run existing LDAP queries. 
       See also Help about_ActiveDirectory_Filter.

       For example to search an OU for names beginning with "sara".
       -LDAPFilter "(name=sara*)" -SearchScope Subtree -SearchBase "DC=demo,DC=SS64,DC=com"

   -Partition string
       The distinguished name of an AD partition.
       string must be one of the naming contexts on the current directory server.
       The cmdlet searches this partition to find the object defined by the -Identity parameter.
       Examples:
         -Partition "CN=Configuration,DC=EUROPE,DC=TEST,DC=SS64,DC=COM"
         -Partition "CN=Schema,CN=Configuration,DC=EUROPE,DC=TEST,DC=SS64,DC=COM"

       In many cases, a default value will be used for -Partition if no value is specified.

   -Properties string[]
       The properties of the output object to retrieve from the server (comma-separated list).
       Use this parameter to retrieve properties that are not included in the default set.

       To discover the properties available, use Get-Member
       To display all of the attributes that are set on the object, specify * (asterisk).

       Specify the property Name or for non default/extended properties, the LDAP Display Name of the attribute.

   -ResultPageSize int
       The number of objects to include in each page for an AD Domain Services query.
       default = 256

   -ResultSetSize Int32
       The maximum number of objects to return for an AD Domain Services query.
       To receive all objects, set this to $null. Ctrl+c will stop the query and return of objects.
       default = $null.

   -SearchBase string
       An Active Directory path to search under.
       e.g.
       -SearchBase "ou=training,dc=demo,dc=ss64,dc=com"

   -SearchScope
       The scope of an AD search.
       Possible values for this parameter are:
       Base or 0        Search only the current path or object.
       OneLevel or 1    Search the immediate children
       Subtree or 2     Search the current path/object and all children

   -Server string
       The AD Domain Services instance to connect to, this may be a Fully qualified domain name,
       NetBIOS name, Fully qualified directory server name (with or without port number)

   CommonParameters:
       -Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable,
       -OutBuffer -OutVariable.

Get-ADObject cmdlet gets an AD object or performs a search to retrieve multiple objects.

The -Identity parameter specifies the AD object to get. Identify the object to get by its distinguished name (DN) or GUID. Alternatively set the parameter to an Active Directory object variable or through the PowerShell pipeline.

To search for and retrieve more than one object, use the -Filter or -LDAPFilter parameters. The -Filter parameter uses the PowerShell Expression Language to write query strings for Active Directory. For more information see help about_ActiveDirectory_Filter.
If you have existing LDAP query strings, you can
use the LDAPFilter parameter.

This cmdlet gets a default set of group object properties. To get additional properties use the -Properties parameter.

Examples

Display a list of sites for SS64 using LDAP filter syntax:

PS C:\> Get-ADObject -LDAPFilter "(objectClass=site)" -SearchBase 'CN=Configuration,DC=SS64,DC=Com' -Properties CanonicalName | Format-Table Name,CanonicalName -A

Get the Site objects from the Configuration Naming Context and then enumerate through the list outputting 'siteObjectBL':

PS C:\> Get-ADObject -Filter 'ObjectClass -eq "site"' -SearchBase 'CN=Configuration,DC=SS64,DC=Com' -Properties siteObjectBL | foreach {$_.siteObjectBL}

Get all the deleted objects, whose 'whenChanged' attribute is greater than the specified date. The clause 'name -ne "Deleted Objects"' makes sure that the Deleted Objects Container is not returned. This will only return objects w hich can be restored:

PS C:\> $changeDate = New-Object DateTime(2011, 11, 23, 1, 40, 02)
Get-ADObject -Filter 'whenChanged -gt $changeDate -and isDeleted -eq $true -and isRecycled -ne $true -and name -ne "Deleted Objects"' -IncludeDeletedObjects

Get all the deleted objects whose 'whenChanged' attribute is greater then the specified date AND at the time of deletion were the children of the specified Organizational Unit:

PS C:\> $changeDate = New-Object DateTime(2011, 11, 23, 1, 40, 02)
Get-ADObject -Filter 'whenChanged -gt $changeDate -and isDeleted -eq $true -and isRecycled -ne $true -and lastKnownParent -eq "OU=Accounting,DC=SS64,DC=com"' -IncludeDeletedObjects

“One look is worth a thousand words” - Fred R. Barnard

Related:

Move-adObject - Move an AD object or container to a different container or domain.
New-adObject - Create an AD object.
Remove-adObject - Remove an AD object.
Rename-adObject - Change the name of an AD object.
Restore-adObject - Restore an AD object.
Set-adObject - Modify an AD object.


© Copyright SS64.com 1999-2014
Some rights reserved