/ .net

LDAP query in PowerShell

I was looking for away of listing the account names of the active users in the AD, and Google suggested som more or less exotic ways of doing that. But this little PowerShell script is not too bad have in the toolbox:

$Search = New-Object DirectoryServices.DirectorySearcher([ADSI]"LDAP://CN=Users,DC=domain,DC=local")
$Search.filter = "(&(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
Foreach($result in $Search.Findall()){
$user = $result.GetDirectoryEntry()

The filter prevents service accounts and disabled users to show up in the list.