Last active
February 18, 2026 02:41
-
-
Save SweetAsNZ/43dd6f71dcf664ee2128e0e59565742d to your computer and use it in GitHub Desktop.
Retrieves Active Directory user and group information using ADSISearcher
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-ADUserAndGroupADSIsearcher { | |
| <# | |
| .SYNOPSIS | |
| Retrieves Active Directory user and group information using ADSISearcher. | |
| .DESCRIPTION | |
| This function searches for a user in Active Directory and retrieves their group memberships. | |
| .EXAMPLE | |
| Get-ADUserAndGroupADSIsearcher -UserName "Tim West" | Select-String "ADO" -Context 1,0 | |
| .EXAMPLE | |
| Get-ADUserAndGroupADSIsearcher -samAccountName "JDoe" | Select-String "Enabled" | |
| .NOTES | |
| Author: Tim West | |
| Created: 03/07/2025 | |
| Updated: 18/02/2026 | |
| Status: Production | |
| Version: 1.0.7 | |
| .CHANGELOG | |
| 1.0.0 - Initial version | |
| 1.0.1 - Added additional user properties to display | |
| 1.0.2 - Changed Write-Host to Write-Output for pipeline support and Select-String compatibility; sorted groups alphabetically | |
| 1.0.3 - Added targetAddress attribute for Exchange/MS365 Hybrid scenarios | |
| 1.0.4 - Added group description lookup and display for each group membership | |
| 1.0.5 - Fixed msExchRemoteRecipientType and msExchRecipientTypeDetails to properly handle IADsLargeInteger COM objects by extracting HighPart and LowPart values | |
| 1.0.6 - Added email address display for AD group memberships | |
| 1.0.7 - Added account enabled/disabled status display using userAccountControl attribute | |
| .TODO | |
| - Enhance error handling | |
| - Add support for additional search filters | |
| #> | |
| [CmdletBinding()] | |
| Param( | |
| # Define the username to search for | |
| [string]$samAccountName = "", | |
| [string]$UserName = "", | |
| [string]$DisplayName = "" | |
| ) | |
| # Create the ADSI searcher object | |
| $searcher = New-Object DirectoryServices.DirectorySearcher | |
| if ($null -ne $samAccountName -and $samAccountName -ne "") { | |
| $searcher.Filter = "(&(objectClass=user)(sAMAccountName=$samAccountName))" | |
| } | |
| if ($null -ne $UserName -and $UserName -ne "") { | |
| $searcher.Filter = "(&(objectClass=user)(Name=$UserName))" | |
| } | |
| if ($null -ne $DisplayName -and $DisplayName -ne "") { | |
| $searcher.Filter = "(&(objectClass=user)(displayName=$displayName))" | |
| } | |
| # Execute the search | |
| $user = $searcher.FindOne() | |
| if ($null -ne $user) { | |
| # Get the DirectoryEntry object | |
| $userEntry = $user.GetDirectoryEntry() | |
| # Get group memberships | |
| Write-Output "`nGroups:" | |
| $groups = $userEntry.Properties["memberOf"] | Sort-Object | |
| foreach ($group in $groups) { | |
| # Lookup group description and email | |
| $groupSearcher = New-Object DirectoryServices.DirectorySearcher | |
| $groupSearcher.Filter = "(distinguishedName=$group)" | |
| $groupSearcher.PropertiesToLoad.Add("description") | Out-Null | |
| $groupSearcher.PropertiesToLoad.Add("cn") | Out-Null | |
| $groupSearcher.PropertiesToLoad.Add("mail") | Out-Null | |
| $groupResult = $groupSearcher.FindOne() | |
| if ($null -ne $groupResult) { | |
| $groupEntry = $groupResult.GetDirectoryEntry() | |
| $groupDescription = $groupEntry.Properties["description"][0] | |
| $groupMail = $groupEntry.Properties["mail"][0] | |
| Write-Output "$group" | |
| if ($groupDescription) { | |
| Write-Output " Description: $groupDescription" | |
| } | |
| if ($groupMail) { | |
| Write-Output " Email: $groupMail" | |
| } | |
| } else { | |
| Write-Output $group | |
| } | |
| } | |
| # Extension Attributes | |
| Write-Output "extensionAttribute1: $($userEntry.Properties['extensionAttribute1'][0])" | |
| Write-Output "extensionAttribute2: $($userEntry.Properties['extensionAttribute2'][0])" | |
| Write-Output "extensionAttribute3: $($userEntry.Properties['extensionAttribute3'][0])" | |
| Write-Output "extensionAttribute4: $($userEntry.Properties['extensionAttribute4'][0])" | |
| Write-Output "extensionAttribute5: $($userEntry.Properties['extensionAttribute5'][0])" | |
| Write-Output "extensionAttribute6: $($userEntry.Properties['extensionAttribute6'][0])" | |
| Write-Output "extensionAttribute7: $($userEntry.Properties['extensionAttribute7'][0])" | |
| Write-Output "extensionAttribute8: $($userEntry.Properties['extensionAttribute8'][0])" | |
| Write-Output "extensionAttribute9: $($userEntry.Properties['extensionAttribute9'][0])" | |
| Write-Output "extensionAttribute10: $($userEntry.Properties['extensionAttribute10'][0])" | |
| Write-Output "extensionAttribute11: $($userEntry.Properties['extensionAttribute11'][0])" | |
| Write-Output "extensionAttribute12: $($userEntry.Properties['extensionAttribute12'][0])" | |
| Write-Output "extensionAttribute13: $($userEntry.Properties['extensionAttribute13'][0])" | |
| Write-Output "extensionAttribute14: $($userEntry.Properties['extensionAttribute14'][0])" | |
| Write-Output "extensionAttribute15: $($userEntry.Properties['extensionAttribute15'][0])" | |
| # Display basic user info | |
| Write-Output "User found: $($userEntry.Properties['cn'][0])" | |
| Write-Output "Distinguished Name: $($userEntry.Properties['distinguishedName'][0])" | |
| # Check if account is enabled (userAccountControl bit 2 = disabled) | |
| $uac = [int]$userEntry.Properties['userAccountControl'].Value | |
| $isEnabled = -not ($uac -band 2) | |
| Write-Output "Account Enabled: $isEnabled" | |
| Write-Output "Dept Number: $($userEntry.Properties['departmentNumber'][0])" | |
| Write-Output "Manager: $($userEntry.Properties['manager'][0])" | |
| Write-Output "Division: $($userEntry.Properties['division'][0])" | |
| Write-Output "StreetAddress: $($userEntry.Properties['StreetAddress'][0])" | |
| Write-Output "PhysicalDeliveryAddr: $($userEntry.Properties['physicalDeliveryOfficeName'][0])" | |
| Write-Output "postalCode: $($userEntry.Properties['postalCode'][0])" | |
| Write-Output "Company: $($userEntry.Properties['Company'][0])" | |
| Write-Output "Department: $($userEntry.Properties['department'][0])" | |
| Write-Output "Country: $($userEntry.Properties['co'][0])" | |
| Write-Output "Employee ID: $($userEntry.Properties['employeeID'][0])" | |
| Write-Output "Employee Number: $($userEntry.Properties['employeeNumber'][0])" | |
| Write-Output "Employee Type: $($userEntry.Properties['employeeType'][0])" | |
| Write-Output "Logon Count: $($userEntry.Properties['logonCount'][0])" | |
| Write-Output "primaryGroupID: $($userEntry.Properties['primaryGroupID'][0])" | |
| Write-Output "Object SID: $($userEntry.Properties['objectSid'][0])" | |
| Write-Output "objectGUID: $($userEntry.Properties['objectGUID'][0])" | |
| Write-Output "Object Class: $($userEntry.Properties['objectClass'][0])" | |
| # Display username and email | |
| Write-Output "When Created: $($userEntry.Properties['whenCreated'][0])" | |
| Write-Output "When Changed: $($userEntry.Properties['whenChanged'][0])" | |
| Write-Output "Name: $($userEntry.Properties['Name'][0])" | |
| Write-Output "Canonical Name: $($userEntry.Properties['cn'][0])" | |
| Write-Output "displayName: $($userEntry.Properties['displayName'][0])" | |
| Write-Output "SAMAccountName: $($userEntry.Properties['sAMAccountName'][0])" | |
| Write-Output "UPN: $($userEntry.Properties['userPrincipalName'][0])" | |
| Write-Output "Title: $($userEntry.Properties['title'][0])" | |
| # Mail Attributes | |
| Write-Output "mailNickname: $($userEntry.Properties['mailNickname'][0])" | |
| Write-Output "Email: $($userEntry.Properties['mail'][0])" | |
| # Handle IADsLargeInteger COM objects for Exchange attributes | |
| if ($userEntry.Properties['msExchRemoteRecipientType'].Count -gt 0) { | |
| $largeInt = $userEntry.Properties['msExchRemoteRecipientType'].Value | |
| $highPart = $largeInt.GetType().InvokeMember("HighPart", [System.Reflection.BindingFlags]::GetProperty, $null, $largeInt, $null) | |
| $lowPart = $largeInt.GetType().InvokeMember("LowPart", [System.Reflection.BindingFlags]::GetProperty, $null, $largeInt, $null) | |
| $msExchRemoteRecipientType = [Int64]$highPart * [Math]::Pow(2, 32) + $lowPart | |
| Write-Output "msExchRemoteRecipientType: $msExchRemoteRecipientType" | |
| } else { | |
| Write-Output "msExchRemoteRecipientType:" | |
| } | |
| Write-Output "msExchRecipientDisplayType: $($userEntry.Properties['msExchRecipientDisplayType'][0])" | |
| if ($userEntry.Properties['msExchRecipientTypeDetails'].Count -gt 0) { | |
| $largeInt = $userEntry.Properties['msExchRecipientTypeDetails'].Value | |
| $highPart = $largeInt.GetType().InvokeMember("HighPart", [System.Reflection.BindingFlags]::GetProperty, $null, $largeInt, $null) | |
| $lowPart = $largeInt.GetType().InvokeMember("LowPart", [System.Reflection.BindingFlags]::GetProperty, $null, $largeInt, $null) | |
| $msExchRecipientTypeDetails = [Int64]$highPart * [Math]::Pow(2, 32) + $lowPart | |
| Write-Output "msExchRecipientTypeDetails: $msExchRecipientTypeDetails" | |
| } else { | |
| Write-Output "msExchRecipientTypeDetails:" | |
| } | |
| Write-Output "targetAddress: $($userEntry.Properties['targetAddress'].Value)" | |
| Write-Output "msDS-ExternalDirectoryObjectID: $($userEntry.Properties['msDS-ExternalDirectoryObjectID'][0])" | |
| Write-Output "proxyAddresses: $($userEntry.Properties['proxyAddresses'][0])" | |
| } | |
| else { | |
| Write-Output "User '$samAccountName' not found." | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment