Some Command Prompt commands have a direct PowerShell equivalent that is easy to identify. For example, the PowerShell equivalent of NSLookup is Resolve-DnsName, and the PowerShell equivalent of Taskkill is Stop-Process. Others are a little more complicated. For example, if you've seen our article covering the PowerShell equivalent of DSAdd, you'll know that we covered several different commands because DSAdd uses switches to provide more specific functionality. Similarly, dsquery uses switches to alter the results of the command, so to make things clear as mud, we'll be covering several PowerShell cmdlets that replicate the functionality of dsquery and its switches.
What is dsquery
Before we talk about the PowerShell equivalent of dsquery, it's important to understand what dsquery does. Simply put, dsquery returns objects from Active Directory. These objects include users, computers, groups, organizational units, and more. Here's an example:
dsquery user -name "username"
Notice that we include the user switch to specify the type of object that we want to return. If, instead, we wanted to return a computer object with the name odin, we would need to include the computer switch.
dsquery computer -name "computer name"
Yes, I'm aware I have a user and a computer, both named Odin. Yes, it's weird. Moving on.
Now that we know what dsquery is and how it works, let's look at its PowerShell equivalents.
The PowerShell Equivalents of dsquery
The most accurate PowerShell equivalent of dsquery is Get-ADObject. But as I mentioned, it's more complicated than that. So instead of flapping my digital lips for several paragraphs describing the intricacies of these commands, it'll be easier to lay everything out in an informational table. Besides, who doesn't enjoy a good table?
As you can see from this table, while dsquery adds a class specification switch, such as user or computer, to designate the type of object to query, PowerShell instead uses specific cmdlets to designate the type of object to query. The exception to this rule is Get-ADObject which is object class agnostic, meaning this cmdlet can return any type of object from AD.
Get-ADObject Help File
As always, if you're new to a command and trying to figure out exactly what it does and how to use it, a good place to start is to review the help documentation. To do so, use the Get-Help command followed by the command in question. Here's the help file for Get-ADObject.
Get-Help Get-ADObject
NAME
Get-ADObject
SYNOPSIS
Gets one or more Active Directory objects.
SYNTAX
Get-ADObject [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-IncludeDeletedObjects] [-Properties
<String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope {Base |
OneLevel | Subtree}] [-Server <String>] -Filter <String> [<CommonParameters>]
Get-ADObject [-Identity] <ADObject> [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>]
[-IncludeDeletedObjects] [-Partition <String>] [-Properties <String[]>] [-Server <String>] [<CommonParameters>]
Get-ADObject [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-IncludeDeletedObjects] [-Properties
<String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope {Base |
OneLevel | Subtree}] [-Server <String>] -LDAPFilter <String> [<CommonParameters>]
DESCRIPTION
The Get-ADObject cmdlet gets an Active Directory object or performs a search to retrieve multiple objects.
The Identity parameter specifies the Active Directory object to get. You can identify the object to get by its
distinguished name (DN) or GUID. You can also set the parameter to an Active Directory object variable, such as
$<localADObject> or pass an object through the pipeline to the Identity parameter.
To search for and retrieve more than one object, use the Filter or LDAPFilter parameters. The Filter parameter
uses the PowerShell Expression Language to write query strings for Active Directory. PowerShell Expression
Language syntax provides rich type conversion support for value types received by the Filter parameter. For more
information about the Filter parameter syntax, see about_ActiveDirectory_Filter. If you have existing LDAP query
strings, you can use the LDAPFilter parameter.
This cmdlet gets a default set of Active Directory object properties. To get additional properties use the
Properties parameter. For more information about the how to determine the properties for computer objects, see the
Properties parameter description.
RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/p/?linkid=291034
New-ADObject
Remove-ADObject
Set-ADObject
REMARKS
To see the examples, type: "get-help Get-ADObject -examples".
For more information, type: "get-help Get-ADObject -detailed".
For technical information, type: "get-help Get-ADObject -full".
For online help, type: "get-help Get-ADObject -online"Again, if you're interested in viewing the help documentation for any of the other PowerShell commands we cover in this guide, use the following command:
Get-Help "PowerShell Command"Now that we know what the PowerShell commands are, let's look at some real-world examples of how to use them.
Get-ADObject Example
Get-ADObject -Filter 'name -like "object_name*"'
This first example is pretty basic, but I wanted to emphasize that Get-ADObject searches all AD objects, not just a specific object class. As you can see, I've used the -like filter operator to return objects that start with a specific name. In this case, I'm searching for objects that start with odin, followed by an asterisk to return all results. Both the computer object "ODIN" and the user object "odin borson" were returned.
Get-ADUser Example
Get-ADUser -SearchBase "OU=OU_name,DC=domain,DC=domain" -Filter 'EmailAddress -notlike "*"' -Properties Department | Select Name, Department
In this example, we're using the Get-ADUser cmdlet, which specifically searches for user objects. We've specified an OU to search using the -SearchBase parameter. We've then used the -Filter parameter to filter based on the EmailAddress property and used the -notlike operator to specifically search for users with an empty EmailAddress property. We've included the -Properties parameter with the Department attribute since department isn't an attribute that's returned by default with Get-ADUser. Lastly, we've piped this command to the Select cmdlet to output only the Name and Department properties.
Get-ADComputer Example
$date = (Get-Date).AddDays(-180)
Get-ADComputer -SearchBase "OU=OU_name,DC=domain,DC=domain" -Filter 'Created -ge $date' -Properties operatingSystem, Created | Select-Object Name, operatingSystem, Created
For our last example, we're using the Get-ADComputer cmdlet to return a list of computers created in the last 180 days. First, we use the Get-Date cmdlet to return the current date, minus 180 days and assign it to the $date variable. Next, we use the Get-ADComputer cmdlet to search for computers in a specific OU. Then, we use the -Filter parameter to compare the Created property against the $date variable. Lastly, we return the operatingSystem and Created properties which aren't returned by default, and use the Select-Object (alias Select) to output only the Name, operatingSystem, and Created properties.
You can easily modify the $date variable command to suit your needs. If you want to return computers created in the last 30 days, change -180 to -30.
Wrapping Up
If you haven't started the transition to PowerShell yet, now's the time. PowerShell is one bandwagon you don't want to miss jumping on. Once you start using it, it'll be hard to stop. And just think, now that you know the PowerShell equivalent of dsquery, you're one cmdlet closer to mastering PowerShell.
