ADSI Archives | Page 2 of 2 | Alkane Solutions

Other Posts in this Series:

This post provides an example of how we can use ADSI to find logon workstations in Active Directory.

I recently needed to search through all users in Active Directory and find logon workstations for those accounts that had them. Logon workstations for a user account essentially restricts what workstations a specific user account can log on to.

A lot of this code example is based on using the ADSI Searcher to find user accounts in Active Directory.

$Root = [ADSI]"LDAP://OU=users,DC=alkanesolutions,DC=co,DC=uk"
$Searcher = new-object System.DirectoryServices.DirectorySearcher($Root)
$Searcher.filter = "(&(objectCategory=person)(objectClass=user))"
$Searcher.PageSize = 200

$Searcher.FindAll() | % {
  
    $user = [adsi]$_.Properties.adspath[0]

    $ErrorActionPreference = "silentlycontinue"
    If (($user.get("userWorkstations")) -ne $null)
    {
        $workstations = $user.get("userWorkstations")
        $workstationsArray = $workstations.split(",")
        foreach($ws in $workstationsArray) {
            write-host $samaccount $ws
        }
    }
}

When querying Active Directory (AD) we can use a PowerShell type accelerator called the ADSI Searcher and the ActiveDirectory PowerShell Module.

Most Google searches provide examples that use the PowerShell ActiveDirectory module cmdlets such as Get-ADUser and Get-ADComputer. Whilst these work well, they require that Remote Server Administration Tools (RSAT) is installed locally. And sometimes this prerequisite is a pain in the backside if we’re working on a machine without it.

An alternative is to use PowerShell type accelerators called ADSI and the ADSI searcher. These type accelerators respectfully represent the classes System.DirectoryServices.DirectoryEntry and System.DirectoryServices.DirectorySearcher, and form part of the .Net framework.

We’ve created a series of tutorials starting with the difference between ADSI and ADSISearcher and expanding further to provide examples of filtering AD searches, manipulating users, groups, computers, attributes and much more.