Other Posts in this Series:
- LDAP Does Not Return All Active Directory Group Members
- The Difference Between PowerShell ADSI and ADSISearcher
- Use ADSI to Check if a User is a Member of an AD Group
- Use ADSI to Check if a Computer is a Member of an AD Group
- Use PowerShell ADSI to Migrate AD Group Members
There comes a time when we want to read or write an Active Directory attribute, yet we don’t know the name of the attribute we’re looking for! This handy script will list all user and computer LDAP attributes using PowerShell and ADSI.
In order to do this we need an example user and computer to find the AD attributes for. You will need to change those strings at the top of the script below.
$exampleUser = "exampleuser"
$exampleComputer = "examplecomputer"
$searcher=[adsisearcher]"(&(objectCategory=person)(objectClass=user)(SamAccountName=$exampleUser))"
$searcher.PageSize = 1
$user = $searcher.FindOne()
if ($user -ne $null) {
write-host "********All user LDAP attributes********"
$user.Properties.PropertyNames | Sort | foreach { new-object psobject -Property @{ AttributeName=$_;AttributeValue=$(($user.Properties).$_) }} | Format-Table AttributeName,AttributeValue
} else {
write-host "Cannot find user"
}
$searcher=[adsisearcher]"(&(objectClass=computer)(Name=$exampleComputer))"
$searcher.PageSize = 1
$computer = $searcher.FindOne()
if ($computer -ne $null) {
write-host "********All comptuer LDAP attributes********"
$computer.Properties.PropertyNames | Sort | foreach { new-object psobject -Property @{ AttributeName=$_;AttributeValue=$(($computer.Properties).$_) }} | Format-Table AttributeName,AttributeValue
} else {
write-host "Cannot find computer"
} Once you’ve found what you’re looking for, you may want to look at other posts in this series such as how to use ADSI to set and clear Active Directory attributes.
