Powershell and Active Directory is marriage of pure Power.  But one of my initial stumbling blocks was in learning WHERE to find that information and what particular names to call up in Active Directory

I’ve found three tricks that worked for me.   And you can use whatever you want, it’s what works BEST for YOU.

The first one is using Active Directory Users and Computers.  I turn on the “Advanced Features” option.  Once I do this, I can double click on a User or Object in Active Directory and get a new tab. The “Attribute Editor


 image image


This gives the ability to view and edit ALL of the fields associated with an Object within Active Directory. Most of the fields are revealed on your General Tabs.  But this shows us the ACTUAL field names in Active Directory for those objects.  For our purposes with Powershell, we can browse down this list of names to see the NAMES of the INDIVIDUAL objects we can use and Edit in Powershell.


The Second one I’ve used that isn’t too nasty is very similar to the first, Using ADSIEdit to manage the users and objects, you go into the properties of an Object (IE: A User) to see all the information and names associated with that object.




The third I use is a really simple cheat in Powershell.   Using the QUEST active Roles, get the info on a user and EXPORT-CSV the all the properties from the object from there.


GET-QADUSER john.smith –includeallproperties| EXPORT-CSV ‘’C:Powershell ScriptsUserDetails.csv’

I then use my spreadsheet of choice to see not only the names I can WORK with but also the TYPES of data they contain in a SAFE and NON DESTRUCTIVE environment. 




Note this pumps out a LOT of information including all the non stamped properties (IE: Exchange Details for a non Exchange Enabled User) but it’s FANTASTIC for comparing TWO users (IE: One with a certain feature enabled like OCS and another DISABLED from that feature) to see what changes you need to make.  Also once you know the types of information AVAILABLE on a low level in Active Directory, it’s very easy to build Queries on information like when a user was created, who is locked out etc etc.

The really cool part is when you learn how to see the objects directly, you can make CmdLets or manipulate objects that don’t presently have Powershell CmdLets (Like Live Communications Server 2005 or Exchange Server 2003) since most of their job when a user is “Enabled” with that feature is to populate fields in Active Directory.  In the case of Exchange 2003, RUS takes over and checks A/D for the object information and passes that along to the address book.


Active Directory and Powershell – Two tools when leveraged together gives you more Power than you ever imagined!


The Energized Tech