Posted by: Preetam | February 4, 2007

[DSQuery]-With PowerShell

Below post talks about querying AD. However before you go through this post I strongly recommend you go through below link from

MOW : –

Let me admit it that below post are original ideas and concept by MOM, here at the most I using better formatting and pulling out corollary out of it.

Connect to AD

$root=[adsi]” or $root=new-object directoryservices.directoryentry

List properties of AD Objects

$root fl *

List methods of AD Objects

$root.psbase gm -membertype method # Get all methods

Walk to the Domain structure to wanted OU


{OU=Domain Controllers,DC=Zarays,DC=com}
{CN=NTDS Quotas,DC=Zarays,DC=com}
{CN=Program Data,DC=Zarays,DC=com}

$users=$root.psbase.children.find(‘CN=Users’) or $users=new-object directoryservices.directoryentry(“LDAP://CN=Users,DC=Zarays,DC=com“)

-To get properties of user containers

$users fl *

-To find user in a container


$users.psbase.Children.Find(‘cn=Preetam’) fl *

Corollary 01

Lets use this feature.



Compare-Object $preetam.memberOf $shilpa.memberOf

Output is

InputObject SideIndicator
———– ————-
CN=Domain Admins,CN=Users,DC=Zarays,DC=com <=
CN=Enterprise Admins,CN=Users,DC=Zarays,DC=com <=
CN=Schema Admins,CN=Users,DC=Zarays,DC=com <=

Which means Shilpa is not member of above group

Corollary 02

$OU=new-object directoryservices.directoryentry(“LDAP://ou=Singapore,dc=zarays,dc=com”)

foreach($c in $b) {

output is Email address of all users inside OU singapore. And these address are generally required when you need to communicate back with your colleagues when you leave you current job cool

