Other Posts in this Series:
- Use ADSI to List Nested Members of an AD Group (Updated)
- Use ADSI and FromFileTime to Convert Datetime Attributes in Active Directory
- Use ADSI to Find Logon Workstations in Active Directory
- Search Active Directory using PowerShell ADSISearcher Filters
- Use PowerShell ADSI to Search Users in Active Directory
There comes a time when we want to read or write an Active Directory attribute, yet we don’t know the name of the attribute we’re looking for! This handy script will list all user and computer LDAP attributes using PowerShell and ADSI.
In order to do this we need an example user and computer to find the AD attributes for. You will need to change those strings at the top of the script below.
$exampleUser = "exampleuser"
$exampleComputer = "examplecomputer"
$searcher=[adsisearcher]"(&(objectCategory=person)(objectClass=user)(SamAccountName=$exampleUser))"
$searcher.PageSize = 1
$user = $searcher.FindOne()
if ($user -ne $null) {
write-host "********All user LDAP attributes********"
$user.Properties.PropertyNames | Sort | foreach { new-object psobject -Property @{ AttributeName=$_;AttributeValue=$(($user.Properties).$_) }} | Format-Table AttributeName,AttributeValue
} else {
write-host "Cannot find user"
}
$searcher=[adsisearcher]"(&(objectClass=computer)(Name=$exampleComputer))"
$searcher.PageSize = 1
$computer = $searcher.FindOne()
if ($computer -ne $null) {
write-host "********All comptuer LDAP attributes********"
$computer.Properties.PropertyNames | Sort | foreach { new-object psobject -Property @{ AttributeName=$_;AttributeValue=$(($computer.Properties).$_) }} | Format-Table AttributeName,AttributeValue
} else {
write-host "Cannot find computer"
}
Once you’ve found what you’re looking for, you may want to look at other posts in this series such as how to use ADSI to set and clear Active Directory attributes.