Skip to content

enumeration ad

list all users

$domainObj = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()

$PDC = ($domainObj.PdcRoleOwner).Name

$searchStr = "LDAP://"
$searchStr += $PDC + "/"
$Name = "DC=$($domainObj.Name.Replace('.',',DC='))"
$searchStr += $Name
$searchStr

$seracher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$searchStr)
$objDomain = New-Object System.DirectoryServices.DirectoryEntry

$seracher.SearchRoot = $objDomain

$seracher.filter = "samAccountType=805306368" # <- filter by type ->  user
#$seracher.filter = "name=Administrator" # <- filter by name -> Administrator

$items = $seracher.FindAll()

Foreach($obj in $items) {
    Foreach($prop in $obj.Properties) {
        $prop  # <- print all
        #$prop.name # <- print only name
    }
    Write-Host "-------------------------"
}