Community

Subscribe
Highlighted

Query Active Directory

Hello! Is there any way to query Active Directory to validate if the User or Group is valid ? Does it require Importing any Module ?

Thanks,

Narendra

Re: Query Active Directory

I'm not online to my lab at the moment, so I can't check if this already exists. You could use something like the examples below:

PowerShell - Powertips: Checking whether User or Group exists

http://learningpcs.blogspot.com/2011/01/powershell-powertips-checking-whether.html

Test if AD object/path exists

http://dmitrysotnikov.wordpress.com/2010/03/22/test-if-ad-object-path-exists/

Use PowerShell to check whether AD user exists

http://social.technet.microsoft.com/Forums/windowsserver/en-US/5db5d6a4-7609-46a5-a3fc-0fb9611f3892/use-powershell-to-check-whether-and-ad-user-exists


Re: Query Active Directory

These examples use Get-ADUser cmdlet which is part of ActiveDirectory module.

So, it will require loading ActiveDirectory module in WFA ?

Re: Query Active Directory

I don't know if anyone responded to you yet, but yes, you'll have to add the ActiveDirectory module to the WFA server.

From PS command line:

Import-Module ServerManager

Add-WindowsFeature RSAT-AD-PowerShell

Re: Query Active Directory

Import-Module ServerManager itself didn't work for me on my windows 2008 Server. I found that its only available by default on Windows 2008 R2, and you need to install Exchange elsewhere.

Looking at alternatives and ActiveDirectory module seems good but again I think ActiveDirectory powershell modules are not available unless you have AD Domain Service running on your Server for which you WFA server itself will need to be a Domain Controller ( dcpromo ) which is cumbersome and not even required. If anyone can suggest otherwise, then please help.

I see its easier to enable Powershell Remoting on Active Directory and then invoking commands to AD server to query for results. Powershell Module ActiveDirectory will be available on your Domain Controller. Ypu can see it as "Start-> Administrative Tools -> Active Directory Modules for Windows Powershell" to verify.

On AD server : Enable-PSRemoting

Select A for all choices.

Now from your WFA server you can invoke commands to query for users etc.

Invoke-Command -ComputerName adserver.com -Credential $creds -ScriptBlock {Import-Module ActiveDirectory ; Get-ADUser -Filter * -SearchBase "DC=DOMAIN,DC=COM"}

warm regards,

sinhaa

Re: Query Active Directory

Sorry that command works on Server 2012. The kit works off DC there. No need to be a DC.

I'm not sure the package you need on Win 2008