Summary: Microsoft Scripting Guy, Ed Wilson, talks about using the Windows PowerShell Out-Gridview cmdlet to examine user information in Active Directory.
Hey, Scripting Guy! I would like a way to use Windows PowerShell to view user information from Active Directory. I would like to be able to explore the returned information and be able to see what is going on. In other words, I need kind of an Active Directory microscope. You don’t happen to have one do you?
—BJ
Hello BJ,
Microsoft Scripting Guy, Ed Wilson, is here. This has been a really busy week, and it is now 30 days until the Windows PowerShell Summit in in Redmond, Washington. The Scripting Wife and I are looking forward to attending this event. In fact, we have been looking forward to it for months. Finally, it is coming together. In one way, it will be a bit strange. This is because we are staying at the same hotel as a couple of members from the Charlotte, North Carolina Windows PowerShell User Group, so I know we will be hanging out some. But of course, the big reason for attending the event is to spend time with some of the world’s best Windows PowerShell scripters. It will be a total geek fest the entire time. I will be making three presentations, and so next week I need to spend a decent amount of time honing them.
Note This is the fifth blog in a series about using the Active Directory module.
- In Playing with the AD: Drive for Fun and Profit, I provided an overview about the AD: drive and the Active Directory module.
- In Find Active Directory User Information with the PowerShell Provider, I talked about how to use the Windows PowerShell provider to find user information in Active Directory.
- In Use PowerShell to Find Non-Default User Properties in AD, I talked about how to retrieve additional properties beyond the four basic ones.
- In Use the PowerShell AD Provider to Modify User Attributes, I discussed using standard Windows PowerShell commands to modify users in AD DS.
Using Out-GridView to explore Active Directory user info
One of the cool things I like to do with Windows PowerShell is pipe user information that I need to peruse to the Out-GridView cmdlet. I find it a very convenient way to explore user information. The result of this exploration can be a further refinement of an AD DS query, or it can be the end game itself. The command is simplicity itself. In the command that follows, I am on the Charlotte OU portion of my AD: drive. I use the diralias (alias for Get-ChildItem), and I specify that I want all properties by using a wildcard character. I pipe the results to Out-Gridview. That is it!
PS AD:\ou=charlotte,dc=iammred,dc=net> dir -Properties * | Out-GridView
Sorting and filtering data with Out-GridView
The initial display of information is not all that great. In fact, it seems a bit cluttered, and even jumbled. This is shown in the image that follows.
The strength of using Out-GridView comes by adding a criteria. This is shown here.
After I select the attributes that I am interested in working with, I click Add. Now, the GridView changes to permit modifying the operator and adding the criteria. This is shown here.
Storing results and further parsing
In Windows PowerShell 3.0, Out-GridView picks up a PassThruparameter. This means that the filtering conducted in the Out-GridView can feed back to the Windows PowerShell console. In the following example, I throw all the user objects (and their associated properties) from the Charlotte OU to the Out-GridView. I then filter the results and I store the results in a variable. Next I use Windows PowerShell to further work with the results. The command is shown here:
PS AD:\ou=charlotte,dc=iammred,dc=net> $user = dir -Properties * | Out-GridView –PassThru
The Out-GridView that is created by the command is shown here.
Note If you do not highlight all the lines, only the one line that is highlighted by default returns. So in the previous image, the filter criterion returns three objects. But right now, only the first line is highlighted, so only that object would return. Therefore, all three lines need to be highlighted, and then when OK is pressed, all three objects return to the variable.
After filtering the objects with more than 500 logons, I go back to the Windows PowerShell console, and investigate the $user variable that contains the returned objects.
PS AD:\ou=charlotte,dc=iammred,dc=net> $user = dir -Properties * | out-gridview -Pass
Thru
PS AD:\ou=charlotte,dc=iammred,dc=net> $user.Count
3
I do not even need to use an intermediate variable because I can pipe the results to another cmdlet. The following command pipes the results from whatever is filtered in the Out-Gridview cmdlet to Group-Object, where the objects are grouped by the name property.
PS AD:\ou=charlotte,dc=iammred,dc=net> dir -Properties * | out-gridview -PassThru | group name
Count Name Group
----- ---- -----
1 ED-PC {CN=ED-PC,OU=Charlotte,DC=iammred,DC=net}
1 ed wilson {CN=ed wilson,OU=Charlotte,DC=iammred,DC=net}
1 EDLT {CN=EDLT,OU=Charlotte,DC=iammred,DC=net}
1 HYPERV2 {CN=HYPERV2,OU=Charlotte,DC=iammred,DC=net}
1 Regular User {CN=Regular User,OU=Charlotte,DC=iammred,DC=net}
1 Sample User {CN=Sample User,OU=Charlotte,DC=iammred,DC=net}
1 SQL {CN=SQL,OU=Charlotte,DC=iammred,DC=net
1 Teresa Wilson {CN=Teresa Wilson,OU=Charlotte,DC=iammred,DC=net}
BJ, that is all there is to using the Active Directory module provider with the Out-GridView cmdlet. Active Directory Week will continue tomorrow when I will talk about discovering attribute names by using Windows PowerShell.
I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.
Ed Wilson, Microsoft Scripting Guy