Other Posts in this Series:
- Use PowerShell ADSI to Search Computers in Active Directory
- Use PowerShell ADSI to Search Groups in Active Directory
- Use PowerShell ADSI to Create an AD Group
- Use PowerShell ADSI to Delete an AD Group
- Use PowerShell ADSI to Modify an AD Group
There comes a time when we want to read or write an Active Directory attribute, yet we don’t know the name of the attribute we’re looking for! This handy script will list all user and computer LDAP attributes using PowerShell and ADSI.
In order to do this we need an example user and computer to find the AD attributes for. You will need to change those strings at the top of the script below.
$exampleUser = "exampleuser"
$exampleComputer = "examplecomputer"
$searcher=[adsisearcher]"(&(objectCategory=person)(objectClass=user)(SamAccountName=$exampleUser))"
$searcher.PageSize = 1
$user = $searcher.FindOne()
if ($user -ne $null) {
write-host "********All user LDAP attributes********"
$user.Properties.PropertyNames | Sort | foreach { new-object psobject -Property @{ AttributeName=$_;AttributeValue=$(($user.Properties).$_) }} | Format-Table AttributeName,AttributeValue
} else {
write-host "Cannot find user"
}
$searcher=[adsisearcher]"(&(objectClass=computer)(Name=$exampleComputer))"
$searcher.PageSize = 1
$computer = $searcher.FindOne()
if ($computer -ne $null) {
write-host "********All comptuer LDAP attributes********"
$computer.Properties.PropertyNames | Sort | foreach { new-object psobject -Property @{ AttributeName=$_;AttributeValue=$(($computer.Properties).$_) }} | Format-Table AttributeName,AttributeValue
} else {
write-host "Cannot find computer"
}
Once you’ve found what you’re looking for, you may want to look at other posts in this series such as how to use ADSI to set and clear Active Directory attributes.