Get-ADObject - How to Find and get AD Object with PowerShell (2024)

Every user, computer, container, or OU in the Active Directory is an object. For each of those are dedicated cmdlets that we can use to retrieve or update information. But to get deleted objects we will need to use the Get-ADObject cmdlet.

The Get-ADObject cmdlet can retrieve all objects from the Active Directory. With the help of filters, we can select the information we need. The cmdlet also allows us to retrieve all the information from the AD with a single command, making it great to export Active Directory structures.

In this article

In this article, we are going to take a look at how to use the Get-ADObject cmdlet and retrieve deleted objects.

Install Active Directory Module

To be able to use the Get-ADObject cmdlet in PowerShell you will need to have theActive Directory Moduleinstalled. By default, it’s installed on the domain controller, but on Windows 10 or 11, you will need to install it.

You can run the following PowerShell command in Windows 10 or 11 to install the module:

Add-WindowsCapability –online –Name “Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0”

Finding Objects with Get ADObject in PowerShell

The Get-ADObject cmdlet allows us to find objects in the Active Directory and extract information from them. The true power of this cmdlet is that it comes with different options to find those objects.

We have the following options when it comes to finding objects:

  • Identity– Find an object based on its identity. This will return only a single object
  • Filter– Retrieve multiple objects based on a query
  • LDAPFilter– Use an LDAP query string to filter objects
  • SearchBase– Specify the Active Directory path (OU) to search in
  • SearchScope– Specify how deep you want to search (baselevel, one level, or complete subtree)

To use the identity you will need to know the object’s GUID or distinguished name. In most cases, you only used the identity parameter when you pass an object through the pipeline.

Using the Filter

To search and find objects you will commonly use the -filter parameter. With the filter, we can search for one or more objects in the Active Directory. The filter parameter uses the PowerShell Expression Language the filter the result. This means that we can use the following operators in our queries:

OperatorDescription
-eqEquals
-leLess than or equal to
-geGreat than or equal to
-neNot equal to
-ltLess then
-gtGreater then
-likeLike
-notlikeNot like
-and -orand/or
-notNot

Let’s take a look at a couple of examples to retrieve objects from the Active Directory using the filter.

We can search all objects based on their name. This can be the exact name, or we can use the -like parameter to filter on a part of the name. Note that you can use an * as a wildcard in the like filter:

# Get all objects that have the name Amsterdam:Get-ADObject -Filter "Name -eq 'Amsterdam'"# Get all ojects where the name starts with LA-Get-ADObject -Filter "Name -like 'LA-*'"

A more realistic example for the Get-ADObject cmdlet is to get all objects that are changed after a specific date. For this, we will first need to create a date object, which we then can use to filter the objects:

$ChangeDate = Get-Date("01 may 2023")Get-ADObject -Filter 'whenChanged -gt $ChangeDate'
Get-ADObject - How to Find and get AD Object with PowerShell (1)

You can use the same principle to get all objects that are created after a specific date:

$CreatedDate = Get-Date("01 may 2023")Get-ADObject -Filter 'whenCreated -gt $CreatedDate'

Filtering on ObjectClass

Each object in the Active Directory has an objectClass. The class determines the type of object. We can use the ObjectClass in our filters when searching for objects with the Get-ADObject cmdlet.

There are a lot of classes in the AD, around 50 in total. I am not gone list them all here, but below you will find the most commonly used classes that we can use:

  • computer
  • contact
  • group
  • organizationalUnit
  • user

To view all classes you can use the following command in PowerShell

Get-Adobject -filter * | Select objectClass -unique | sort-object ObjectClass

Combining filters

We can also expand our filter query with multiple expressions. This allows you to further narrow down your filter queries. For example, we only want to get all computers that are created in the last 30 days:

$CreatedDate = (Get-Date) - (New-TimeSpan -Days 30)Get-ADObject -Filter 'whenCreated -gt $CreatedDate -and objectCategory -eq "computer"'

Get ADObject SearchBase

The Get-ADObject cmdlet returns all objects (limited to 1000 by default) when using filters. So you probably want to narrow down the search results. To do this we can use the -SearchBase parameter. This allows us to specify the OU (distinguishedName) where we want to search.

To specify the OU where we want to search we need to write the distinguishedNamefrom the bottom up. Thus, the string starts with the OU where you want to search and ends with the domain name.

Take the following Active Directory structure, we want to get all users from the IT OU:

Get-ADObject - How to Find and get AD Object with PowerShell (2)

TheSearchBasestring, in this case, would be:

1: IT2: Amsterdam3: Sites4: Lazyadmin5: NL"OU=IT,OU=Amsterdam,OU=Sites,DC=Lazyadmin,DC=NL"

Thus to get all objects from the IT department in Amsterdam we can use the following PowerShell command:

Get-ADObject -Filter * -SearchBase "OU=IT,OU=Amsterdam,OU=Sites,DC=Lazyadmin,DC=NL" | ft

Using the SearchScope

By default, the-SearchBaseparameter will return all objects from the specified OU and nested OU’s. This is not always wanted, you might only want to return the results from the specified OU or only one level deep. With the-SearchScopeparameter, we can specify how deep or not we want to search through the Active Directory tree. You can use the following values for the SearchScope:

  • Base
  • OneLevel
  • Subtree

To get only the objects from the Amsterdam OU we can use the SearchScope Base parameter. This allows us to limit the SearchBase to the current level only:

Get-ADUser -Filter * -SearchBase "OU=Amsterdam,OU=Sites,DC=Lazyadmin,DC=NL" -SearchScope OneLevel | ft

Get Deleted Objects

The dedicated cmdlets, like Get-ADUser and Get-ADComputer, can’t retrieve the deleted objects from the Active Directory. To get deleted objects from the AD, we will need to use the Get-ADObject cmdlet with the parameter IncludeDeletedObjects.

Note

Make sure that you have enabled the Active Directory Recycle bin. Otherwise you won’t be able to find deleted objects.

To get all deleted computers we can use the command below. Note that we also need to add the filter isDeleted -eq $true. This way only objects that are deleted are returned. We also filter the objects based on the objectClass:

Get-ADObject -Filter 'objectClass -eq "computer" -and isDeleted -eq $True' -IncludeDeletedObjects | ft

Not all deleted objects can also be restored. The command below returns only the objects that are deleted, and that can be restored. It also filters out the Deleted Objects container from the result:

Get-ADObject -Filter 'isDeleted -eq $True -and -not (isRecycled -eq $True) -and name -ne "Deleted Objects"' -IncludeDeletedObjects 

Wrapping Up

The Get-ADObject cmdlet allows you to retrieve all objects from the AD with a single cmdlet. Using the different filters allows you to retrieve only the information that you really need. You can export the results from the cmdlet easily with the Export-CSV cmdlet.

Make sure that you also check out my articles about Get-ADUser and Get-ADComputer, both with a complete script to export all the information that you need.

If you have any questions, just drop a comment below.

0 Shares

Get-ADObject - How to Find and get AD Object with PowerShell (2024)

FAQs

Get-ADObject - How to Find and get AD Object with PowerShell? ›

The Get-ADObject cmdlet allows you to retrieve all objects from the AD with a single cmdlet. Using the different filters allows you to retrieve only the information that you really need. You can export the results from the cmdlet easily with the Export-CSV cmdlet.

How do I get AD computer object in PowerShell? ›

Get-ADComputer is a PowerShell cmdlet that retrieves one or more computers from Active Directory. It can be used to retrieve a single computer by specifying its distinguishedname, GUID, security identifier (SID), or SAMaccountname.

How to get object id in PowerShell? ›

Get device ObjectId for one computer using PowerShell Get-AzureADDevice
  1. $ComputerName = "PELXXASJVFK8ZX"
  2. Get-AzureADDevice -SearchString $ComputerName |
  3. Get-AzureADDevice -SearchString $ComputerName |
Jun 27, 2023

How do I get the Active Directory details from PowerShell? ›

Steps:
  1. Launch Powershell ISE as an administrator.
  2. Type Get- aduser "user1" -Properties * ...
  3. To see the properties PasswordExpired, PasswordLastSet, or PasswordNeverExpires, open the formatting of Get-ADUser output and allow the necessary fields to be displayed.
Mar 7, 2024

How do I get the directory items in PowerShell? ›

To get all files in a folder using PowerShell, you can use the 'Get-ChildItem' cmdlet with the '-File' parameter. This parameter specifies that you want to retrieve only files, not folders. This command uses the Path parameter to retrieve all files in the 'C:\Documents' folder.

How do I get AD object in PowerShell? ›

The Get-ADObject cmdlet allows you to retrieve all objects from the AD with a single cmdlet. Using the different filters allows you to retrieve only the information that you really need. You can export the results from the cmdlet easily with the Export-CSV cmdlet.

How do I find a computer in Active Directory? ›

In server manager, click Tools > Active Directory Users and Computers:
  1. Click the Find Objects button. ...
  2. The find drop down lets you choose between the type of Object you are looking for. ...
  3. The in drop down will let you change the OU or domain you are searching for.

How to get ad site details in PowerShell command? ›

Use the Get-AdSite cmdlet to display configuration information about one or more Active Directory sites. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.

How to check ad attributes using PowerShell? ›

Default Limitations: The standard get-aduser cmdlet in PowerShell returns only 10 user attributes by default. Expanding Output:To view all attributes, modify the cmdlet with the -properties * parameter. For example, get-aduser -Identity username -properties * displays all attributes of a user.

How to find Active Directory? ›

Select Start > Administrative Tools > Active Directory Users and Computers. In the Active Directory Users and Computers tree, find and select your domain name. Expand the tree to find the path through your Active Directory hierarchy.

How do I get a list of all directories in PowerShell? ›

To get a list of directories, use the Directory parameter or the Attributes parameter with the Directory property. You can use the Recurse parameter with Directory.

What is the get command in PowerShell? ›

Description. The Get-Command cmdlet gets all commands that are installed on the computer, including cmdlets, aliases, functions, filters, scripts, and applications. Get-Command gets the commands from PowerShell modules and commands that were imported from other sessions.

How do I find a directory in Windows PowerShell? ›

The Get-Location cmdlet returns the current directory of the current PowerShell runspace.

How do I get the AD site of a computer in PowerShell? ›

Get-ADSiteName outputs a string object representing the name of the AD site the computer belongs to. This command will get the name of the AD site the local computer is a part of. This command will get the names of the sites that machines "Server01" and Server02" are a part of.

How do I get the computer AD group in PowerShell? ›

Enter the PowerShell cmdlet Get-ADPrincipalGroupMembership. This cmdlet shows the AD groups that a specified user, computer, group, or service account is a member. A global catalog is necessary for this command to perform a group search.

What is get AD computer description in PowerShell? ›

Description. The Get-ADComputer cmdlet gets a computer or performs a search to retrieve multiple computers. The Identity parameter specifies the Active Directory computer to retrieve. You can identify a computer by its distinguished name, GUID, security identifier (SID) or Security Accounts Manager (SAM) account name.

What is the command to get computer properties in PowerShell? ›

The Get-ComputerInfo cmdlet gets a consolidated object of system and operating system properties.

Top Articles
Latest Posts
Article information

Author: Roderick King

Last Updated:

Views: 5698

Rating: 4 / 5 (51 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Roderick King

Birthday: 1997-10-09

Address: 3782 Madge Knoll, East Dudley, MA 63913

Phone: +2521695290067

Job: Customer Sales Coordinator

Hobby: Gunsmithing, Embroidery, Parkour, Kitesurfing, Rock climbing, Sand art, Beekeeping

Introduction: My name is Roderick King, I am a cute, splendid, excited, perfect, gentle, funny, vivacious person who loves writing and wants to share my knowledge and understanding with you.