Skip to content

Searching user accounts

The following code sample finds users whose job title starts with Sales and adds the users to a group.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$containerDN = "CN=Users,DC=domain,DC=com"
$groupDN = "CN=SalesGroup,CN=Users,DC=domain,DC=com"

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

$searcher = $admService.OpenObject("Adaxes://$containerDN", $NULL, $NULL, 0)

$searcher.SearchFilter = "(&(objectCategory=person)(objectClass=user)(title=Sales*))"
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
try
{
    # Execute search
    $searchResultIterator = $searcher.ExecuteSearch()

    # Add users to a group
    $group = $admService.OpenObject("Adaxes://$groupDN", $NULL, $NULL, 0)

    foreach ($searchResult in $searchResultIterator.FetchAll())
    {
        $group.Add($searchResult.ADsPath)
    }
}
finally
{
    # Release resources
    $searchResultIterator.Dispose()
}
Import-Module Adaxes

$containerDN = "CN=Users,DC=domain,DC=com"

$identityGroup = "SalesGroup" # sAMAccountName
# $identityGroup = "CN=SalesGroup,CN=Users,DC=domain,DC=com"  # DN
# $identityGroup = "{EB5FEB21-E648-42AD-B86C-89D3C6807953}" # GUID
# $identityGroup = "S-1-5-21-573937-2149998-410785" # SID

Get-AdmUser -Filter {title -like "Sales*"} -SearchBase $containerDN `
    -Server "domain.com" -AdaxesService localhost -SearchScope Subtree | `
    Add-AdmPrincipalGroupMembership -MemberOf $identityGroup

The following code sample finds disabled user accounts and outputs their names.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$containerDN = "CN=Users,DC=domain,DC=com"

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

$searcher = $admService.OpenObject("Adaxes://$containerDN", $NULL, $NULL, 0)

$searcher.SearchFilter = "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))"
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
try
{
    # Execute search
    $searchResultIterator = $searcher.ExecuteSearch()

    foreach ($searchResult in $searchResultIterator.FetchAll())
    {
        $userPath = $searchResult.AdsPath
        $user = $admService.OpenObject($userPath, $NULL, $NULL, 0)
        Write-Host $user.Name
    }
}
finally
{
    # Release resources
    $searchResultIterator.Dispose()
}
Import-Module Adaxes

$containerDN = "CN=Users,DC=domain,DC=com"

$users =  Search-AdmAccount -AccountDisabled -UsersOnly `
    -SearchBase $containerDN -SearchScope Subtree `
    -Server "domain.com" -AdaxesService localhost

foreach ($user in $users)
{
    Write-Host $user.Name
}

The following code sample finds expired user accounts and outputs their names.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$containerDN = "CN=Users,DC=domain,DC=com"

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

$searcher = $admService.OpenObject("Adaxes://$containerDN", $NULL, $NULL, 0)

$currentDate = (Get-Date).ToFileTime()

$searcher.SearchFilter = "(&(objectCategory=person)(objectClass=user)(accountExpires>=1)(accountExpires<=$currentDate))"
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
try
{
    # Execute search
    $searchResultIterator = $searcher.ExecuteSearch()

    foreach ($searchResult in $searchResultIterator.FetchAll())
    {
        $userPath = $searchResult.AdsPath
        $user = $admService.OpenObject($userPath, $NULL, $NULL, 0)
        Write-Host $user.Name
    }
}
finally
{
    # Release resources
    $searchResultIterator.Dispose()
}
Import-Module Adaxes

$containerDN = "CN=Users,DC=domain,DC=com"

$users = Search-AdmAccount -AccountExpired -UsersOnly `
    -SearchBase $containerDN -SearchScope Subtree `
    -Server "domain.com" -AdaxesService localhost

foreach ($user in $users)
{
    Write-Host $user.Name
}

See also