Monthly Archive


ADSIsearcher returns

I’ve been using the Microsoft AD cmdlets (and before that the Quest cmdlets) for so long that I’d sort of forgotten about [adsisearcher].

It was introduced in PowerShell 2.0 and is a shortcut for System.DirectoryServices.DirectorySearcher


A question in the forum about using this remotely made me realise that many people have probably never used it before – and to think that 5 years ago it was the way to go – how things change.


The question revolved around using this code

$filter = "(&(objectCategory=computer)(objectClass=computer)(cn=$env:COMPUTERNAME))"

for other machines.


An attempt was made to use Invoke-Command but that won’t work because you are attempting to delegate you credentials to make the call to AD – and that’s not allowed under the default configuration for remoting. You also can’t guarantee that remoting is enabled on older machines.


All you have to do is replace $env:COMPUTERNAME with the name of the computer for which you want to get the distinguished name.  Easiest way to do this is with a function


function get-computerDN {
param ($computername)
$filter = "(&(objectCategory=computer)(objectClass=computer)(cn=$computername))"



This is an absolute bare bones function just to show the way the parameter is used – you should validate the input and add some error handling as basic improvements.


£> get-computerDN -computername server02
CN=SERVER02,OU=Domain Controllers,DC=Manticore,DC=org


Next time I’ll show how to take the basic functionality and create something a bit more robust

Comments are closed.