Active Directory Search

Hey, everyone. I’m trying to do a simple active directory search to create a list of all the “users” in the domain . The issue is that I’m stuck with Powershell 1.0 and I’m not able to install any modules (so things like Get-ADUser are a no-go for me). I’m a little new at all of this - I’m sort of teaching myself. I’ve tried a few different methods with little luck. Anyone out there that can give me some ideas to start off with? I’ve tried:

$root = [ADSI]
$searcher = New-Object System.DirectoryServices.DirectorySearcher($root)
$searcher.filter = “(objectClass=user)”

##Result - I get a list that doesn’t appear to include all users in the domain, and it includes the LDAP path…all I need is names. So, I try adding this final line:

$searcher.FindAll() | for-eachobject {$[“name”]} | sort

#Result - Now, this appears to provide me a list sorted alphabetically. However, when I checked the accuracy of the list, it was missing “users”. Anyone have any ideas that may help? Thanks in advance to anyone willing to help me out!

Hey Nick,

If you’re wanting to return more than 1000 results, you need to also set the SizeLimit property of the DirectorySearcher object to 0.


$Searcher.SizeLimit = 0

Hi Tim,

Thank you, I hadn’t considered that. I went ahead and did as you suggested, but I’m still missing users. What’s rather strange is that the script appears to retrieve a particular user from an OU, but then fails to do the same for another user in the same OU. They are identical accounts (aside from the obvious). Perhaps “(objectClass=user)” is an inefficient filter? Any suggestions?

Can you try changing the .filter property to this :

$searcher.filter = “(objectCategory=User)”

Like Tim mentioned, you may need to increase your search size. However, I remember this as pagesize, not size limit. Here is a good example of searching AD that might work out for you.