Summary: The Scripting Wife learns about querying Active Directory Domain Services with Windows PowerShell in prep for the 2013 Scripting Games.
Microsoft Scripting Guy, Ed Wilson, is here. Well yesterday I gave my first presentation (of three) at the PowerShell Summit happening here in Redmond, Washington. I thought my talk went really well, and several tweets I saw seemed to confirm that. I was also able to see some excellent presentations during the say. The Scripting Wife ran the registration desk, and so she was able to see everyone who is out here this week.
I am still on Charlotte time, and therefore am waking up at oh dark thirty each day. Surprisingly, the Scripting Wife has also been making early morning appearances for breakfast as well. Anyway, I am in the lobby sipping a cup of English Breakfast Tea (I did not bring any lemon grass or cinnamon sticks with me) and so it not my favorite cup of tea ever – but it is ok. It is strong, and helps to breakdown the croissants.
My eyes are closed as I visualize my two presentations I am making today at the PowerShell Summit. I open my eyes, and there she is – the Scripting Wife.
“If you are that sleepy, you need to go back upstairs and get some rest,” she began.
“Not sleepy, I am thinking about my presentations today,” I said.
“Oh that. Then you are not really doing anything, and so you can help me,” she said.
“What do you need,” I asked.
“I need to know how to query Active Directory,” she said.
“Say what,” I shockingly exclaimed. “Why do you need to query AD?”
“Well I think it is going to be in the 2013 Scripting Games, and so I figure I need to know how to query AD,” she said with emphasis.
“Well all right,” I said.
Use the ActiveDirectory module to query AD
“First let me fire up a Windows Server 2012 domain controller on my Windows 8 Hyper-V,” I said.
“I will take your word for it,” she said will as little interest as possible. “Just let me know when you are ready.”
I logged onto the Windows Server 2012 domain controller, and opened the Windows PowerShell console.
“Ok. It is up,” I said.
“So what do I need to do,” she asked.
“Well to get a listing of all computers in AD use the Get-ADComputer cmdlet. Specify a wildcard for the filter,” I instructed.
The Scripting Wife slid the laptop over to her, and typed the following:
Get-ADCo<tab><space>-f<tab><space>*<enter>
When she typed –f<tab> there was a slight pause, and the Windows PowerShell progress bar appeared as it imported the ActiveDirectory module. After that, the command proceeded quickly. The command appears here:
Get-ADComputer -Filter *
A command and the first computer from the output appears here:
PS C:\> Get-ADComputer -Filter *
DistinguishedName : CN=DC1,OU=Domain Controllers,DC=nwtraders,DC=msft
DNSHostName : dc1.nwtraders.msft
Enabled : True
Name : DC1
ObjectClass : computer
ObjectGUID : e1b57333-7155-4026-949d-82c35400a850
SamAccountName : DC1$
SID : S-1-5-21-1844339390-1396565537-2470583527-1001
UserPrincipalName :
Requesting a specific attribute
“Well that was painless. But what if I need to know the version of the operating system. How do I get that information? It does not seem to be in the output,” she asked.
“Well that is a very good observation. There are many more properties for each object in Active Directory Domain Services than are returned by a basic query. The reason for returning a subset of the attributes is for performance reasons. To request a specific property such as operatingsystem add the properties parameter. Why don’t you go ahead and try that,” I suggested.
The Scripting Wife thought for about 30 seconds and then she used the up arrow to retrieve her previous command. Next she added the –properties parameter and she added the operatingsystem attribute. This is what she typed:
<up arrow><space>-p<tab><space>operatingsystem<enter>
The command she created appears here.
Get-ADComputer -Filter * -Properties operatingsystem
The command and first output appears here.
PS C:\> Get-ADComputer -Filter * -Properties operatingsystem
DistinguishedName : CN=DC1,OU=Domain Controllers,DC=nwtraders,DC=msft
DNSHostName : dc1.nwtraders.msft
Enabled : True
Name : DC1
ObjectClass : computer
ObjectGUID : e1b57333-7155-4026-949d-82c35400a850
OperatingSystem : Windows Server 2012 Standard
SamAccountName : DC1$
SID : S-1-5-21-1844339390-1396565537-2470583527-1001
UserPrincipalName :
Using wildcards for properties
“That is pretty cool, but I do not like the output – it is rather crowded. I only want the name of the server and the name of the operating system. Can I get that,” she asked.
“But of course you can,” I said in my best Bela Lugosi imitation.
Ignoring the humorous voice, she plowed on, “So are you going to help me?”
“Well you cannot use a wildcard in the properties parameter, but when you use the Sort-Object cmdlet and the select-Object cmdlet you can use wildcards. So retrieve your previous command and pipeline it to Sort-Object and to Select-Object,” I said.
She thought for a minute, and this is what she typed:
<up arrow><space>|<space>sort<space>oper*<space>|<space>select<space>name,oper*<enter>
The command she created appears here:
Get-ADComputer -Filter * -Properties operatingsystem | sort oper* | select name, oper*
The command and the output appears here:
PS C:\> Get-ADComputer -Filter * -Properties operatingsystem | sort oper* | select name, oper*
name OperatingSystem
---- ---------------
C7 Windows 7 Ultimate
C1 Windows 8 Enterprise
C2 Windows 8 Enterprise
SQL1 Windows Server 2012 Datacenter
DC1 Windows Server 2012 Standard
“That is pretty cool. Thanks. I am outta here, I think I just saw some PowerShell Summit people come in,” she said. And with that she was gone. I figured I would see her again when I got to building 40.
Join us tomorrow as the Scripting Wife continues studying for the 2013 Scripting Games.
I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.
Ed Wilson, Microsoft Scripting Guy