PowerShell: Read Active Directory data

Diese Seite gibt es auch in Deutsch

Using Windows PowerShell to read Active Directory objects.

AD objects: Users / Groups and Computers

Read out users

Read out all non-deactivated domain users and show only the name:

get-aduser -ldapfilter "(&(&(objectCategory=user)(userAccountControl=512)))" | where-object -property enabled -eq true | fl name

userAccountControl=512 is "NORMAL_ACCOUNT", see:  https://support.microsoft.com/en-us/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties

Read groups

Get-ADGroup -Filter "GroupScope -eq 'Global' -and GroupCategory -eq 'Security'"

nested AD group memberships (nested)


Get-ADNestedGroupMembers "GroupName"

Read out computer

Get-ADComputer -filter 'name -like "*"' -Properties * | select name,OperatingSystem,IPv4Address

Search with a filter:

Get-ADComputer -filter 'name -like "*SEARCHSTRING*"' -Properties * | select name,OperatingSystem,IPv4Address

Username to SID

(New-Object System.Security.Principal.NTAccount($(read-host -prompt "Username"))).Translate([System.Security.Principal.SecurityIdentifier]).value

Read out OU permissions / delegation

Looking for a tool to evaluate all OU permissions, I came across a script in the Technet gallery: gallery.technet.microsoft.com

connect to another domain (trust)

as a small addition to the Technet-Gallery example:

For connecting to another domain, a specific domain controller can be used in the commands each -Server:

Get-ADObject -SearchBase (Get-ADRootDSE).schemaNamingContext -LDAPFilter '(schemaIDGUID=*)' -server $FQDN_DC_ServerName -Properties name, schemaIDGUID |

For Get-ACL to be applied to another domain, the domain can be joined using New-PSDrive as follows:

New-PSDrive -Name AD2 -PSProvider ActiveDirectory -Server $FQDN_DC_ServerName -root "//RootDSE/"

ForEach ($OU in $OUs) {
$report += Get-Acl -Path "AD2:\$OU"

AD and DNS

DNS zones

Get-DnsServerZone -ComputerName DOMAINCONTROLLERNAME

show all domain controllers:

(Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ }

to write the result to a CSV file, the command can be extended as follows:

(Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ } | Export-csv c:\temp\allDCs.csv -delimiter ";" -NoTypeInformation

Subnets in Sites and Services

Get-ADReplicationSubnet -filter * -Properties * | Select Name, Site, Location, Description | export-csv -Delimiter ";" -Path c:\temp\subnets.csv -NoTypeInformation

Exchange version

Get-ADObject "CN=ms-Exch-Schema-Version-Pt,$((Get-ADRootDSE).schemaNamingContext)" -Property Rangeupper

Here is the corresponding version table: https://eightwone.com/references/schema-versions/ or https://adsecurity.or g/?page_id=195

positive Bewertung({{pro_count}})
Rate Post:
{{percentage}} % positive
negative Bewertung({{con_count}})

THANK YOU for your review!

Top articles in this section

PowerShell Log-Files: Logging into a textfile - write to file

PowerShell Log-Files: Logging into a textfile - write to file

created: 2022-05-05 from Bernhard

Log files in PowerShell can be created via the Out-File command, via a custom function, or via PowerShell's built-in Transcript. ... continue reading

PowerShell Loops and Array

PowerShell Loops and Array

created: 2022-05-02 from Bernhard

An array stores multiple values, similar to a 2-column table. ... continue reading

Preview PowerShell text file and csv read / write

PowerShell text file and csv read / write

created: 2022-05-02 from Bernhard

PowerShell text file and csv read / write ... continue reading

Questions / Comments