-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhelpers-DCs.ps1
More file actions
92 lines (73 loc) · 3.6 KB
/
helpers-DCs.ps1
File metadata and controls
92 lines (73 loc) · 3.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
<#
A collection of helper functions for Domain Controllers
#>
function Search-ADUserAnyProperty {
<#
.SYNOPSIS
Search Active Directory users by a pattern across multiple common attributes.
.DESCRIPTION
This function wraps Get-ADUser with a wide LDAP filter that checks a user-supplied
pattern against multiple commonly used identifier attributes (e.g. sAMAccountName,
userPrincipalName, displayName, cn, givenName, sn, mail, proxyAddresses).
It's intended as a convenient "search anywhere that matters" for finding users when
you only know part of a name, email, alias, or login.
Results include useful profile fields: Display Name, Department, Job Title, State,
Company, OU (derived from DistinguishedName), and all proxyAddresses flattened into
a comma-separated list. Optionally you can also search phone fields and/or restrict
the search scope with -SearchBase.
.PARAMETER Pattern
The text pattern to search for (wildcards are automatically added at both ends).
.PARAMETER SearchBase
Optional LDAP distinguished name to scope the search.
.PARAMETER IncludePhones
If specified, phone-related attributes are included in the search (makes the search a bit slower)
.EXAMPLE
# Find any user whose name, alias, or email contains "nick"
Search-ADUserAnyProperty -Pattern 'nick'
.EXAMPLE
# Search within a specific OU, also matching phone numbers
Search-ADUserAnyProperty -Pattern '2103' -IncludePhones -SearchBase 'OU=Athens,OU=Users,DC=corp,DC=example,DC=com'
.EXAMPLE
# Export results to CSV
Search-ADUserAnyProperty -Pattern 'nick' |
Export-Csv C:\temp\ad-search.csv -NoTypeInformation -Encoding UTF8
#>
[CmdletBinding()]
param(
[Parameter(Mandatory)][string]$Pattern,
[string]$SearchBase,
[switch]$IncludePhones
)
function Escape-Ldap([string]$s){
$s = $s -replace '\\','\5c' -replace '\*','\2a' -replace '\(','\28' -replace '\)','\29'
if($s.Contains([char]0)){ $s = $s -replace ([char]0), '\00' }
$s
}
$p = '*' + (Escape-Ldap $Pattern) + '*'
$attrs = @('cn','displayName','mail','samAccountName','userPrincipalName','givenName','sn','proxyAddresses','department','title','company','st')
if($IncludePhones){ $attrs += @('telephoneNumber','mobile','homePhone') }
$or = ($attrs | ForEach-Object { "($_=$p)" }) -join ''
$ldap = "(|$or)"
$props = @('displayName','samAccountName','userPrincipalName','mail','department','title','company','st','distinguishedName','proxyAddresses')
if($IncludePhones){ $props += @('telephoneNumber','mobile','homePhone') }
$adArgs = @{ LDAPFilter=$ldap; Properties=$props }
if($SearchBase){ $adArgs.SearchBase = $SearchBase }
$Results = Get-ADUser @adArgs
if(((-not $Results) -or ($Results.Count -eq 0)) -and (-not $IncludePhones)){
Write-Host -for yellow "No matches. Phone numbers were not searched; add -IncludePhones to include telephoneNumber, mobile, homePhone."
}
if($Results -and ($Results.Count -gt 10)){
Write-Host -for yellow "Too many matches. You may wish to pipe me to ogv. E.g.:`n Search-ADUserAnyProperty foo | ogv"
}
$results | Select-Object `
@{n='DisplayName';e={$_.DisplayName}},
@{n='SamAccountName';e={$_.SamAccountName}},
@{n='UserPrincipalName';e={$_.UserPrincipalName}},
@{n='Mail';e={$_.mail}},
@{n='Department';e={$_.Department}},
@{n='JobTitle';e={$_.Title}},
@{n='State';e={$_.st}},
@{n='Company';e={$_.Company}},
@{n='ProxyAddresses';e={($_.proxyAddresses -join ', ')}},
@{n='OU';e={($_.DistinguishedName -replace '^[^,]+,','')}}
}