ADSI to get groups like?

some background, i have written an app that allows users to create exchange contacts and add them to DL’s, all going well except i didnt click 99% of users wont have the AD CMDLETs


for speed i used get-adgroup to return the objects, then determine which of those were DG’s by filtering on anything that contained the “@” within the mail attribute

$DLList = get-adgroup -Filter { name -like "Hs2*" } -Properties mail | select Name, Mail


$DLList = $DLList | where { $_.mail -like "*@*" } | select name -ExpandProperty name| Sort-Object

Update-ComboBox $combobox1 $DLList


some searching later and i cant find how to accomplish this without the AD module


as an extra i just want the Name of the group to come out rather than an ldap path

It might be worth taking a look at ‘Just Enough Administration’

With JEA or New-PSSessionConfiguration, you can create a constrained end points and same can be used in your application. You will create an endpoint by giving permission to a DL or multiple users and the app can connect to the server using PowerShell remoting targeting the new custom PowerShell end point.

thanks both will look at JEA

The key to the ADSISearcher accelerator is the “findall()” or “FindOne()” methods


If you simply want the names you will need to tease out the value like so

(([adsisearcher]"(&(objectClass=Group)(name=*@*))").FindAll() | select -ExpandProperty properties).name

You do not need to install the ADDS cmdlets on any machine. You can proxy any cmdlet from any server role to a host using Implicit PSRemoting. The cmdlet are only active during the session and removed when the session is closed.

See these articles.


Remoting the Implicit Way - Scripting Blog [archived]

Use PowerShell Active Directory Cmdlets Without Installing Any Software - Scripting Blog [archived]

However, as noted by others, JEA allow you to limit only the cmdlets needed to do the job, vs all of them via implicit remoting. Well, that are use the ADSI option pointed to, though not as convenient as the native cmdlets, they still work.