Fixing a Broken Connection to Active Directory

Active Directory

Active Directory (AD) is the name of Microsoft’s proprietary directory service. It is used in corporate environments and utilizes a Windows Server operating system. Active Directory enables network administrators to manage the permissions of users and their access to network resources. The client computers used in an AD environment will normally be running a version … Read more

How to Restore Active Directory Object

ADRestore

Have you ever been in a postition where someone has deleted something that they shouldn’t have done in Active Directory and you desperately need to restore it? Well you can go through your backups and look at restoring that way, but there is a much simplier way to restore any Active Directory object. ADRestore Tool … Read more

ADRestore

ADRestore

ADRestore is an Active Directory tool to allow you to restore objects that may have been deleted from your system. Download To download, simply scroll down towards the bottom of this page and you will see the options for this download. Ensure you select the correct one and click the blue Download button as detailed … Read more

Get OU Distinguished Name

Active Directory Logo

There are many reasons as to why you would need to identify an Active Directory Organisational Unit’s Distinguished Name.

Most techies out there will use an AD distinguished name when writing or using PowerShell scripts.

However, quickly finding what the Distinguished name of a particular OU is not immediately clear. You can click on the object tab for information, but not the distinguished name.

Using PowerShell to get the Distinguished Name

The simple solution on how to quickly find an OU’s distinguished name is to use PowerShell itself.

The information you will need first is:

  • OU Name
  • AD Integration for PowerShell

That’s it – once you have this, you can go ahead and run the below PowerShell script:

Get-ADOrganizationalUnit -Filter 'Name -like "*"' | Format-Table Name, DistinguishedName -A

The only part you need to change in this PowerShell script is the * wildcard. If you leave it as a wildcard, it will bring back the distinguished name for all of your OU’s.

To bring back just one particular OU distinguished name, then change this * wildcard to the name of your OU.

Comments

If you have any problems with getting this working or if you just want to leave us a thanks – feel free to leave us a message below in the comments box.

Newsletter

If you want to be notified when we post more quality guides like this one, sign up to our newsletter and you will receive an email when a new post is live.

Join 520 other subscribers.

Don’t worry, we won’t be filling your inbox with spam and you can unsubscribe anytime you like.

SQL Query to find members of an Active Directory Security Group

sql2016

We recently helped out with a data migration which included creating a completely new set of Active Directory security groups. They wanted all the members to have the same level of access but wanted all the new security groups to have a matching standard.

So we needed to create all the new security groups and then add all the existing members into the new ones that we had created. Considering that some of the existing security groups had 100’s of members, we needed to find a quick and simple way to copy and paste the members into the new security groups.

We found a SQL query on the internet here that worked perfectly for us, also gave us a lot of other information that we can use for future queries.

SQL query to find members of an AD security group

DECLARE @group NVARCHAR(128) = 'AD GroupName'
DECLARE @DC1 NVARCHAR(128) = 'domain'
DECLARE @DC2 NVARCHAR(128) = 'com'

DECLARE @SQL NVARCHAR(MAX)
DECLARE @group_dn NVARCHAR(512)
DECLARE @result TABLE(name NVARCHAR(512))

SET @SQL =
'SELECT distinguishedName
 FROM OPENQUERY
 (ADSI,''SELECT cn, distinguishedName, dc
 FROM ''''LDAP://DC=' + @DC1 + ',DC=' + @DC2 + '''''
 WHERE objectCategory = ''''group'''' AND cn = ''''' + @group + ''''''')'

--PRINT @SQL
INSERT @result(name)
EXEC sp_executesql @SQL
SELECT @group_dn = name FROM @result

SET @SQL =
 'SELECT *
 FROM OPENQUERY (ADSI, ''<LDAP://' + @DC1 + '.' + @DC2 + '>;
 (&(objectCategory=person)(memberOf:1.2.840.113556.1.4.1941:=' + @group_dn + '));
 cn, sAMAccountName, givenName, sn, mail;subtree'')
 ORDER BY cn;'

--PRINT @SQL
EXEC sp_executesql @SQL

Remember to state your declare variables at the top of query.

Thanks to the original poster as we were able to then simply copy and paste the column one that is produced and paste that into our new security group!

Powershell – Export all Active Directory User Information to CSV

powershell

If you need to export all Active Directory user information to CSV, then you can use a simple Powershell script to carry this out. First Import the Active Directory module: Then get the user information from Active Directory. For the example below we are just going to grab all information, hence the * wildcard, but … Read more