|
function Get-AdsiObject { |
|
<# |
|
.SYNOPSIS |
|
Gets one or more Active Directory objects. |
|
|
|
.DESCRIPTION |
|
The Get-AdsiObject cmdlet gets an Active Directory object or performs a |
|
search to get multiple objects. |
|
|
|
The Identity parameter specifies the Active Directory object to get. You |
|
can identify the object to get by its distinguished name or GUID. |
|
|
|
To search for and get more than one object, use the Filter or LDAPFilter |
|
parameters. The Filter parameter uses the PowerShell Expression Language |
|
to write query strings for Active Directory. PowerShell Expression Language |
|
syntax provides rich type conversion support for value types received by |
|
the Filter parameter. For more information about the Filter parameter syntax, |
|
type Get-Help about_ActiveDirectory_Filter. If you have existing Lightweight |
|
Directory Access Protocol (LDAP) query strings, you can use the LDAPFilter |
|
parameter. |
|
|
|
This cmdlet gets a default set of Active Directory object properties. To |
|
get additional properties use the Properties parameter. For more information |
|
about the how to determine the properties for computer objects, see the |
|
Properties parameter description. |
|
|
|
.PARAMETER Filter |
|
Specifies a query string that retrieves Active Directory objects. This string |
|
uses the PowerShell Expression Language syntax. The PowerShell Expression |
|
Language syntax provides rich type-conversion support for value types received |
|
by the Filter parameter. The syntax uses an in-order representation, which |
|
means that the operator is placed between the operand and the value. For |
|
more information about the Filter parameter, type Get-Help |
|
about_ActiveDirectory_Filter |
|
|
|
Important note: this implementation of the -Filter parameter is considered |
|
experimental. |
|
|
|
.PARAMETER LDAPFilter |
|
Specifies an LDAP query string that is used to filter Active Directory |
|
objects. You can use this parameter to run your existing LDAP queries. |
|
|
|
.PARAMETER ResultPageSize |
|
Specifies the number of objects to include in one page for an AD DS query. |
|
|
|
The default is 256 objects per page. |
|
|
|
.PARAMETER ResultSetSize |
|
Specifies the maximum number of objects to return for an AD DS query. If you |
|
want to receive all of the objects, set this parameter to $Null (null value). |
|
You can use Ctrl+C to stop the query and return of objects. |
|
|
|
The default is $Null. |
|
|
|
.PARAMETER SearchBase |
|
Specifies an Active Directory path to search. |
|
|
|
When you run a cmdlet against an AD DS target, the default value of this |
|
parameter is the default naming context of the target domain. |
|
|
|
When you run a cmdlet against an AD LDS target, the default value is the |
|
default naming context of the target AD LDS instance if one has been |
|
specified by setting the msDS-defaultNamingContext property of the Active |
|
Directory directory service agent object (nTDSDSA) for the AD LDS instance. |
|
If no default naming context has been specified for the target AD LDS instance, |
|
then this parameter has no default value. |
|
|
|
.PARAMETER SearchScope |
|
Specifies the scope of an Active Directory search. The acceptable values for |
|
this parameter are: |
|
|
|
* Base or 0 |
|
* OneLevel or 1 |
|
* Subtree or 2 |
|
|
|
A Base query searches only the current path or object. A OneLevel query |
|
searches the immediate children of that path or object. A Subtree query searches |
|
the current path or object and all children of that path or object. |
|
|
|
.PARAMETER Identity |
|
Specifies an Active Directory object by providing one of the following property |
|
values. The identifier in parentheses is the LDAP display name for the attribute. |
|
The acceptable values for this parameter are: |
|
|
|
* A distinguished name |
|
* A GUID (objectGUID) |
|
|
|
The cmdlet searches the default naming context or partition to find the object. |
|
If two or more objects are found, the cmdlet returns a non-terminating error. |
|
|
|
.PARAMETER Partition |
|
Specifies the distinguished name of an Active Directory partition. The |
|
distinguished name must be one of the naming contexts on the current directory |
|
server. The cmdlet searches this partition to find the object defined by the |
|
Identity parameter. |
|
|
|
In many cases, a default value is used for the Partition parameter if no value |
|
is specified. The rules for determining the default value are given below. Note |
|
that rules listed first are evaluated first and once a default value can be |
|
determined, no further rules are evaluated. |
|
|
|
In Active Directory Domain Services (AD DS) environments, a default value for |
|
Partition is set in the following cases: |
|
|
|
* If the Identity parameter is set to a distinguished name, the default value |
|
of Partition is automatically generated from this distinguished name. |
|
* If the previous cases does not apply, the default value of Partition is set |
|
to the default partition or naming context of the target domain. |
|
|
|
In Active Directory Lightweight Directory Services (AD LDS) environments, a |
|
default value for Partition is set in the following cases: |
|
|
|
* If the Identity parameter is set to a distinguished name, the default value |
|
of Partition is automatically generated from this distinguished name. |
|
* If the target AD LDS instance has a default naming context, the default value |
|
of Partition is set to the default naming context. To specify a default naming |
|
context for an AD LDS environment, set the msDS-defaultNamingContext property |
|
of the Active Directory directory service agent object (nTDSDSA) for the AD |
|
LDS instance. |
|
* If none of the previous cases apply, the Partition parameter does not take a |
|
default value. |
|
|
|
|
|
.PARAMETER AuthType |
|
Specifies the authentication method to use. The acceptable values for this |
|
parameter are: |
|
|
|
* Negotiate or 0 |
|
* Basic or 1 |
|
|
|
The default authentication method is Negotiate. |
|
|
|
A Secure Sockets Layer (SSL) connection is required for the Basic authentication |
|
method. |
|
|
|
.PARAMETER Credential |
|
Specifies the user account credentials to use to perform this task. The default |
|
credentials are the credentials of the currently logged on user. |
|
|
|
You can also create a PSCredential object by using a script or by using the |
|
Get-Credential cmdlet. You can then set the Credential parameter to the PSCredential |
|
object. |
|
|
|
If the acting credentials do not have directory-level permission to perform the |
|
task, ADSI module for Windows PowerShell returns a terminating error. |
|
|
|
.PARAMETER IncludeDeletedObjects |
|
Indicates that this cmdlet retrieves deleted objects and the deactivated forward |
|
and backward links. When this parameter is specified, the cmdlet uses the following |
|
LDAP controls: |
|
|
|
Note: If this parameter is not specified, the cmdlet does not return or operate on |
|
deleted objects. |
|
|
|
.PARAMETER Properties |
|
Specifies the properties of the output object to retrieve from the server. Use this |
|
parameter to retrieve properties that are not included in the default set. |
|
|
|
Specify properties for this parameter as a comma-separated list of names. To display |
|
all of the attributes that are set on the object, specify * (asterisk). |
|
|
|
To specify an individual extended property, use the name of the property. For |
|
properties that are not default or extended properties, you must specify the |
|
LDAP display name of the attribute. |
|
|
|
To retrieve properties and display them for an object, you can use the Get-* |
|
cmdlet associated with the object and pass the output to the Get-Member cmdlet. |
|
|
|
.PARAMETER Server |
|
Specifies the AD DS instance to connect to, by providing one of the following |
|
values for a corresponding domain name or directory server. The service may be |
|
an AD LDS or an AD DS instance. |
|
|
|
Specify the AD DS instance in one of the following ways: |
|
|
|
Domain name values: |
|
|
|
* Fully qualified domain name |
|
* NetBIOS name |
|
|
|
Directory server values: |
|
|
|
* Fully qualified directory server name |
|
* NetBIOS name |
|
* Fully qualified directory server name and port |
|
|
|
The default value for this parameter is determined by one of the following |
|
methods in the order that they are listed: |
|
|
|
* By using the Server value from objects passed through the pipeline |
|
* By using the domain of the computer running Windows PowerShell |
|
|
|
|
|
.EXAMPLE |
|
Get-AdsiObject -LDAPFilter "(objectClass=site)" -SearchBase 'CN=Configuration,DC=Fabrikam,DC=Com' -Properties CanonicalName | FT Name,CanonicalName -A |
|
Name CanonicalName |
|
---- ------------- |
|
HQ FABRIKAM.COM/Configuration/Sites/HQ |
|
BO1 FABRIKAM.COM/Configuration/Sites/BO1 |
|
BO2 FABRIKAM.COM/Configuration/Sites/BO2 |
|
BO3 FABRIKAM.COM/Configuration/Sites/BO3 |
|
|
|
Get the sites for a domain using LDAP filter syntax |
|
|
|
.EXAMPLE |
|
Get-ADObject -Filter 'ObjectClass -eq "site"' -SearchBase 'CN=Configuration,DC=Fabrikam,DC=Com' -Properties siteObjectBL | foreach {$_.siteObjectBL} |
|
CN=192.167.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM |
|
CN=192.166.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM |
|
CN=192.168.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM |
|
CN=192.165.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM |
|
CN=192.164.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM |
|
CN=192.163.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM |
|
CN=192.162.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM |
|
CN=192.161.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM |
|
CN=192.160.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM |
|
CN=192.159.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM |
|
CN=192.158.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM |
|
CN=192.157.1.0/26,CN=Subnets,CN=Sites,CN=Configuration,DC=FABRIKAM,DC=COM |
|
|
|
This command gets the Site objects from the configuration naming context and displays a list of siteObjectBL properties. |
|
|
|
.EXAMPLE |
|
PS C:\> $ChangeDate = New-Object DateTime(2008, 11, 18, 1, 40, 02) |
|
PS C:\> Get-ADObject -Filter 'whenChanged -gt $ChangeDate' -IncludeDeletedObjects |
|
|
|
This command gets all the objects, including the deleted ones, whose whenChanged attribute |
|
is greater than the specified date. Note that both deleted and non-deleted (and |
|
non-recycled) objects matching the filter are returned. |
|
|
|
.EXAMPLE |
|
PS C:\> $ChangeDate = New-Object DateTime(2008, 11, 18, 1, 40, 02) |
|
PS C:\> Get-ADObject -Filter 'whenChanged -gt $ChangeDate -and isDeleted -eq $True -and -not (isRecycled -eq $True) -and name -ne "Deleted Objects"' -IncludeDeletedObjects |
|
|
|
ObjectGUID : 98118958-91c7-437d-8ada-ba0b66db823b |
|
Deleted : True |
|
DistinguishedName : CN=Andrew Ma\0ADEL:98118958-91c7-437d-8ada-ba0b66db823b,CN=Deleted Objects,DC=FABRIKAM,DC=COM |
|
Name : Andrew Ma |
|
DEL:98118958-91c7-437d-8ada-ba0b66db823b |
|
ObjectClass : user |
|
|
|
This example gets all the deleted objects, whose whenChanged attribute is greater than the specified date. The clause name -ne "Deleted Objects" ensures that the Deleted Objects Container is not returned. This example only returns objects that can be restored. |
|
|
|
.EXAMPLE |
|
PS C:\> $ChangeDate = New-Object DateTime(2008, 11, 18, 1, 40, 02) |
|
PS C:\> Get-ADObject -Filter 'whenChanged -gt $ChangeDate -and isDeleted -eq $True -and -not (isRecycled -eq $True) -and lastKnownParent -eq "OU=Accounting,DC=Fabrikam,DC=com"' -IncludeDeletedObjects |
|
|
|
|
|
ObjectGUID : 12d53e7f-aaf7-4790-b41a-da19044504db |
|
Deleted : True |
|
DistinguishedName : CN=Craig Dewar\0ADEL:12d53e7f-aaf7-4790-b41a-da19044504db,CN=Deleted Objects,DC=Fabrikam,DC=com |
|
Name : Craig Dewar |
|
DEL:12d53e7f-aaf7-4790-b41a-da19044504db |
|
ObjectClass : user |
|
|
|
This example gets all the deleted objects whose whenChanged attribute is greater than the specified date and at the time of deletion were the children of the specified organizational unit. |
|
|
|
.EXAMPLE |
|
PS C:\> Get-ADObject -Identity "DC=AppNC" -Server "FABRIKAM-SRV1:60000" |
|
ObjectGUID DistinguishedName Name ObjectClass |
|
---------- ----------------- ---- ----------- |
|
62b2e185-9322-4980-9c93-cf... DC=AppNC AppNC domainDNS |
|
|
|
This command gets the information of the domainDNS object of an LDS instance. |
|
|
|
.NOTES |
|
Place additional notes here. |
|
|
|
.LINK |
|
URLs to related sites |
|
The first link is opened by Get-Help -Online Get-AdsiObject |
|
|
|
.INPUTS |
|
None |
|
|
|
.OUTPUTS |
|
[Object] |
|
#> |
|
|
|
|
|
[cmdletbinding(DefaultParameterSetName='identity')] |
|
param( |
|
[parameter(ParameterSetName='filter',position=0)] |
|
[string]$Filter, |
|
|
|
[parameter(ParameterSetName='ldapfilter',position=0)] |
|
[string]$LDAPFilter, |
|
|
|
[parameter(ParameterSetName='filter')] |
|
[parameter(ParameterSetName='ldapfilter')] |
|
[int]$ResultPageSize, |
|
|
|
[parameter(ParameterSetName='filter')] |
|
[parameter(ParameterSetName='ldapfilter')] |
|
[int]$ResultSetSize, |
|
|
|
[parameter(ParameterSetName='filter')] |
|
[parameter(ParameterSetName='ldapfilter')] |
|
[string]$SearchBase, |
|
|
|
[parameter(ParameterSetName='filter')] |
|
[parameter(ParameterSetName='ldapfilter')] |
|
[System.DirectoryServices.SearchScope]$SearchScope, |
|
|
|
[parameter(ParameterSetName='identity',position=0)] |
|
$Identity, # [ADObject] |
|
[parameter(ParameterSetName='identity')] |
|
[String]$Partition, |
|
|
|
[ValidateSet('Basic','Negociate')] |
|
[string]$AuthType, |
|
[PSCredential]$Credential, |
|
[switch]$IncludeDeletedObjects, |
|
[String[]]$Properties, |
|
[String]$Server |
|
) |
|
|
|
function _CanonicalFromDN([string]$dn) { |
|
$cninfo = $dn -split ',' |
|
$root = ($cninfo | ? { $_ -match '^DC=' }) -replace '^DC=' |
|
$path = ($cninfo | ? { $_ -notmatch '^DC=' }) -replace '^\w\w=' |
|
[array]::Reverse($path) |
|
'{0}/{1}' -f ($root -join '.'),($path -join '/') |
|
} |
|
|
|
if ($PSBoundParameters.ContainsKey('Identity')) { |
|
# Identity is either a GUID or a DistinguishedName. We try to parse |
|
# a GUID and if it fails, we consider it's a DN and we populate |
|
# the LdapFilter accordingly. |
|
$guid = [guid]::Empty |
|
if ([guid]::TryParse($Identity,[ref]$guid)) { |
|
|
|
$charArray = foreach ($byte in $guid.ToByteArray()) { $byte.ToString('x2') } |
|
$LDAPFilter = 'objectguid=\{0}' -f ( $charArray -join '\' ) |
|
} else { |
|
$LDAPFilter = 'distinguishedname={0}' -f $Identity |
|
} |
|
} elseif ($PSBoundParameters.ContainsKey('Filter')) { |
|
# If We receive a filter, we TRY to parse it. |
|
Write-Warning -Message 'The ''-filter'' parameter is experimental.' |
|
$LDAPFilter = ConvertTo-LdapFilter -filter $Filter |
|
} |
|
|
|
$getRootDseParameters = @{} |
|
# Server and Credential parameters are forwarded to Get-AdsiRootDSE |
|
# |
|
# The first thing we're going to do is to get the Root DSE. We do it |
|
# for two reasons: |
|
# 1) We need some of the info it provides (naming contexts). |
|
# 2) We're going to use an adsisearcher object (adsisearcher is a |
|
# type accelerator for System.DirectoryServices.DirectorySearcher). |
|
# The way to select a specific set of credentials to the Directory |
|
# Searcher is to enter it in the RootDSE directory, then to |
|
# feed that directory to the Searcher. |
|
if ($PSBoundParameters.ContainsKey('Server')) { $getRootDseParameters += @{Server = $Server} } |
|
if ($PSBoundParameters.ContainsKey('Credential')) { $getRootDseParameters += @{Credential = $Credential} } |
|
|
|
$RootDSE = Get-AdsiRootDSE @getRootDseParameters |
|
|
|
if (-not $PSBoundParameters.ContainsKey('Partition')) { |
|
$Partition = $RootDSE.defaultNamingContext |
|
} else { |
|
# If a partition has been specified, we check that it's one |
|
# of the NamingContexts values. |
|
# |
|
# Active Directory is splitted in several physical (IE. different files) partitions. |
|
# At the very list, there's one that contains the configuration, one that contains |
|
# the schema, and at least one for the primary domain. Those partitions each have |
|
# their own distinguished name, and those partition addressing DNs are the |
|
# available naming contexts. The list can be found in the namingContexts attribute |
|
# of the RootDSE. |
|
if ($Partition -notin $RootDSE.namingContexts) { |
|
Throw ('The supplied partition distinguishedName should have one of the following value(s): ''{0}''.' -f ($RootDSE.namingContexts -join ' , ')) |
|
} |
|
} |
|
|
|
if ($PSBoundParameters.ContainsKey('server')) { |
|
$Server = '{0}/' -f $Server |
|
} |
|
|
|
$aDSISearcher = New-Object -TypeName adsisearcher -ArgumentList $RootDSE |
|
$aDSISearcher.SearchRoot.Path = 'LDAP://{0}{1}' -f $Server,$Partition |
|
$aDSISearcher.Filter = $LDAPFilter |
|
|
|
if ($PSBoundParameters.ContainsKey('ResultPageSize')) { |
|
$aDSISearcher.PageSize = $ResultPageSize |
|
} |
|
|
|
if ($PSBoundParameters.ContainsKey('ResultSetSize')) { |
|
$aDSISearcher.SizeLimit = $ResultSetSize |
|
} |
|
|
|
if ($PSBoundParameters.ContainsKey('SearchBase')) { |
|
$aDSISearcher.SearchRoot = 'LDAP://{0}' -f $SearchBase |
|
} |
|
|
|
if ($PSBoundParameters.ContainsKey('SearchScope')) { |
|
$aDSISearcher.SearchScope = $SearchScope |
|
} |
|
|
|
if ($PSBoundParameters.ContainsKey('AuthType')) { |
|
# The AdsiSearcher object AuthenticationType takes a AuthenticationTypes |
|
# (https://docs.microsoft.com/en-us/dotnet/api/system.directoryservices.authenticationtypes), |
|
# a flag with 11 defferent values, whereas Get-AdObject takes a ADAuthType |
|
# (https://docs.microsoft.com/en-us/dotnet/api/microsoft.activedirectory.management.adauthtype), |
|
# which only has two values. the nice thing is that the two possible adauthtype |
|
# values are the first flag in authenticationtypes, IE. 0 or 1, which |
|
# is a boolean casted as an integer, just like this: |
|
$aDSISearcher.AuthenticationType = [int]($AuthType -eq 'Negociate') |
|
} |
|
|
|
if ($PSBoundParameters.ContainsKey('IncludeDeletedObjects') -and $IncludeDeletedObjects) { |
|
$aDSISearcher.Tombstone = $true |
|
} |
|
|
|
# # Removed the following lines to use the pipeline. |
|
# $results = $aDSISearcher.FindAll() |
|
# if ( $PSCmdlet.ParameterSetName -eq 'Identity' -and $results.Count -gt 1) { |
|
# Write-Error -Message 'More than one object have been found' |
|
# } |
|
|
|
foreach($rawObject in ($aDSISearcher.FindAll())) { |
|
$baseObject = $rawObject.GetDirectoryEntry() |
|
|
|
$defaultProperties = 'DistinguishedName','Name','ObjectClass','ObjectGUID' |
|
$extendedProperties = 'CanonicalName','CN','Created','Deleted','Description','DisplayName','LastKnownParent','Modified','ObjectCategory','ProtectedFromAccidentalDeletion' |
|
|
|
if ($Properties -eq '*') { |
|
$Properties = $rawObject.Properties.keys + ($Properties | ? { $_ -ne '*' }) |
|
$defaultProperties += $extendedProperties |
|
} |
|
$Properties = $defaultProperties + ( $Properties | ? {$_ -notin $defaultProperties} ) | sort |
|
|
|
$aDSIObject = New-Object -TypeName psobject |
|
|
|
$PSDefaultParameterValues = @{'Add-Member:MemberType' = 'NoteProperty'} |
|
switch ($Properties) { |
|
'CanonicalName' { $aDSIObject | Add-Member -Name 'CanonicalName' -Value (_CanonicalFromDN -dn $rawObject.Properties.distinguishedname[0]) } |
|
'CN' { $aDSIObject | Add-Member -Name 'CN' -Value $rawObject.Properties.cn[0] } |
|
'Created' { $aDSIObject | Add-Member -Name 'Created' -Value $rawObject.Properties.whencreated[0] } |
|
'Deleted' { $aDSIObject | Add-Member -Name 'Deleted' -Value $( if ($rawObject.Properties.contains('isDeleted')) {$rawObject.Properties.isDeleted[0]} ) } |
|
'Description' { $aDSIObject | Add-Member -Name 'Description' -Value $rawObject.Properties.description[0] } |
|
'DisplayName' { $aDSIObject | Add-Member -Name 'DisplayName' -Value $rawObject.Properties.displayname[0] } |
|
'DistinguishedName' { $aDSIObject | Add-Member -Name 'DistinguishedName' -Value $rawObject.Properties.distinguishedname[0] } |
|
'LastKnownParent' { $aDSIObject | Add-Member -Name 'LastKnownParent' -Value $( if ($rawObject.Properties.contains('LastKnownParent')) {$rawObject.Properties.lastKnownParent[0]} ) } |
|
'Modified' { $aDSIObject | Add-Member -Name 'Modified' -Value 'TODO' } |
|
'Name' { $aDSIObject | Add-Member -Name 'Name' -Value $rawObject.Properties.cn[0] } |
|
'ObjectCategory' { $aDSIObject | Add-Member -Name 'ObjectCategory' -Value $rawObject.Properties.objectcategory[0] } |
|
'ObjectClass' { $aDSIObject | Add-Member -Name 'ObjectClass' -Value ( $rawObject.Properties.objectclass | select -Last 1 ) } |
|
'ObjectGuid' { $aDSIObject | Add-Member -Name 'ObjectGuid' -Value ([guid]$rawObject.Properties.objectguid[0]) } |
|
'ProtectedFromAccidentalDeletion' { $aDSIObject | Add-Member -Name 'ProtectedFromAccidentalDeletion' -Value ( $null -ne ( $baseObject.ObjectSecurity.Access | ? { $_.ActiveDirectoryRights -eq 'DeleteTree,Delete' -and $_.AccessControlType -eq 'Deny' -and $_.IsInherited -eq $false -and $_.IdentityReference -eq 'EveryOne' } ) ) } |
|
|
|
default { |
|
$propName = ($rawObject.Properties.Keys -eq $_)[0] |
|
if ( $rawObject.Properties.Contains($_) ) { |
|
$propValue = $rawObject.Properties.$propName[0] |
|
$aDSIObject | Add-Member -Name $propName -Value $propValue |
|
} |
|
} |
|
} |
|
|
|
$aDSIObject |
|
} |
|
} |
|
|
|
|
|
<# |
|
The comment based help for Get-AdsiObject has been pasted from the help for |
|
Get-ADObject. The sentences below have been removed because they do not |
|
apply to our current implementation. |
|
|
|
.Description |
|
You can |
|
also set the parameter to an Active Directory object variable, such as |
|
$<localADObject> or pass an object through the pipeline to the Identity |
|
parameter. |
|
|
|
.PARAMETER SearchBase |
|
When the value of the SearchBase parameter is set to an empty string and you |
|
are connected to a global catalog (GC) port, all partitions are searched. If |
|
the value of the SearchBase parameter is set to an empty string and you are |
|
not connected to a GC port, an error is thrown. |
|
|
|
.PARAMETER Identity |
|
This parameter can also get this object through the pipeline or you can set |
|
this parameter to an object instance. |
|
|
|
Derived types, such as the following, are also accepted: |
|
|
|
* Microsoft.ActiveDirectory.Management.ADGroup |
|
* Microsoft.ActiveDirectory.Management.ADUser |
|
* Microsoft.ActiveDirectory.Management.ADComputer |
|
* Microsoft.ActiveDirectory.Management.ADServiceAccount |
|
* Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy |
|
* Microsoft.ActiveDirectory.Management.ADDomain |
|
|
|
.PARAMETER Partition |
|
* If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. |
|
* If running cmdlets from an Active Directory provider drive, the default value of Partition is automatically generated from the current path in the drive. |
|
|
|
.PARAMETER Credential |
|
unless the cmdlet is run from an Active |
|
Directory module for Windows PowerShell provider drive. If the cmdlet is run from such a |
|
provider drive, the account associated with the drive is the default. |
|
|
|
To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or |
|
you can specify a PSCredential object. If you specify a user name for this parameter, the |
|
cmdlet prompts for a password. |
|
|
|
.PARAMETER IncludeDeletedObjects |
|
When this parameter is specified, the cmdlet uses the following LDAP controls: |
|
|
|
Show Deleted Objects (1.2.840.113556.1.4.417) |
|
Show Deactivated Links (1.2.840.113556.1.4.2065) |
|
|
|
.PARAMETER Server |
|
Specifies the AD DS instance to connect to, by providing one of the following |
|
values for a corresponding domain name or directory server. The service may be |
|
any of the following: AD LDS, AD DS, or Active Directory snapshot instance. |
|
|
|
* By using the server information associated with the AD DS Windows PowerShell provider drive, when the cmdlet runs in that drive |
|
#> |
|
|