Get all Mail-enabled Users from Active Directory using PowerShell

[Exotic Hadron]

Gentlemen,

I am trying to get all mail-enabled users from a container in my Active
Directory. I am using this code

$SearchRoot =
[ADSI]"LDAP://OU=Common,OU=Users,OU=Local,OU=Sites,OU=Russia,OU=Company,DC=internal,DC=local,domain"
$SearchFilter = "(&
(objectCategory=user)
(homeMDB=*)
)"
$Properties = @("displayName", "cn", "mail", "name")

$Searcher = New-Object
System.DirectoryServices.DirectorySearcher($SearchRoot, $SearchFilter)
$Searcher.PropertiesToLoad.AddRange($Properties)

$Results = $Searcher.FindAll()

This crashes on invoking the FindAll() method with the following error

Exception calling "FindAll" with "0" argument(s): "An invalid dn syntax has
been specified.
"
At line:11 char:29
+ $Results = $Searcher.FindAll <<<< ()
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException

However, if you look in MSDN, you'll find out that this method of the
DirectorySearcher class
http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysearcher.findall.aspx does NOT require input arguments.

This 'Searching Active Directory with Windows PowerShell' article
http://www.microsoft.com/technet/scriptcenter/topics/winpsh/searchad.mspx
from Microsoft Script Center also calls the method the way I did.

Could you please help me with that? What am I doing wrong?

Thank you.

[Karl Mitschke]

Hello Exotic,

Take a look at this:

http://dmitrysotnikov.wordpress.com/2007/07/12/exception-retrieving-member-an-invalid-dn-syntax-has-been-specified/

Karl

[Exotic Hadron]

Thanks Karl,

I tried the Quest ActiveRoles… Why not if I indeed always have it on my PC -
this is a nice pack. After all, it is always good to have something made by
Aelita - some of the guys over there I knew as being good specialists.

However, talking seriously, I don't know how does the Quest ActiveRoles
package relate to my problem.

You know what? Unfortunately, this did not solve the problem:

PS C:\Users\EH> Add-PSSnapin Quest.ActiveRoles.ADManagement

________________________________________________________________________________________________________________________________________________________________________
PS C:\Users\EH> Connect-QADService -Service 'ourdc'

DefaultNamingContext Type
-------------------- ----
DC=internal,DC=local ActiveDirectory

________________________________________________________________________________________________________________________________________________________________________
PS C:\Users\EH> C:\Users\EH\Documents\GetMailEnabled4.ps1

Exception calling "FindAll" with "0" argument(s): "An invalid dn syntax has
been specified.
"

At C:\Users\EH\Documents\GetMailEnabled4.ps1:11 char:29

+ $Results = $Searcher.FindAll <<<< ()
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException

Could you please describe what did you mean by that? Possibly, I am missing
something here.

Anyways, thank you Karl.

Could anybody please suggest something else to solve this particular problem?

"Karl Mitschke" wrote:

> Hello Exotic,

[Karl Mitschke]

Hello Exotic,

Did you read the whole page?

APPLIES TO

Windows 2003 Active Directory
Windows PowerShell 1.0
Both AD cmdlets and native PowerShell [ADSI] support

Please try his suggestion and let us know if it fixes your problem.

Karl

[Exotic Hadron]

Of course I did! So what? I am using PoSH 2.0 CTP3 on Windows Server 2008. It
applies to Windows Server 2003, PoSH 1 and both the Quest and regular cmdlets.

So what he suggests is to use explicit bind. I did that by invoking

Connect-QADService -Service 'ourdc'

And yes, I did it by authenticating against the Active Directory as well by
invoking

Connect-QADService -Service 'ourdc' -Credential ( Get-Credential )

And nope. This did not help.

Am I missing something, Karl? You are speaking in riddles. Could you please
say it explicitly what do you suggest?

Once again, thank you for helping.
"Karl Mitschke" wrote:

> Hello Exotic,

[PaulChavez]

What's with the ",domain" hanging off of the end of the LDAP path? Looks like
that's the problem to me unless I'm forgetting something about how the DN is
constructed for an LDAP path.

"Exotic Hadron" wrote:

>[ADSI]"LDAP://OU=Common,OU=Users,OU=Local,OU=Sites,OU=Russia,OU=Company,DC=internal,DC=local,domain"

[Karl Mitschke]

Hello PaulChavez,

I just noticed that too :)

I should have better proof read the OP's code.

karl

[Karl Mitschke]

Hello Exotic,

I'm not meaning to speak in riddles - all I was doing was attempting to provide
an answer.

As you can see, the error is ""An invalid dn syntax has been specified."

When I go back and review your code, I see that you vave , domain at the
end of your DN - why is that?

Remove it, and it should work - works fine for me with my DN.

Karl

[Exotic Hadron]

Thank you Paul! You were right. The "domain" string at the end of the LDAP
path was incorrect. Why is that? This is the alias I am using here. I just
copied the path from Sysinternals AdExplorer... Why does it work there and
does not work for DirectorySearcher?

[Exotic Hadron]

Still you were unintentionally speaking in riddles. The article had nothing
to do with this problem.

Now you are absolutely right. The problem was incorrect LDAP path. I had a
'domain' at the end of the path. This is the alias I use here. I thought this
would work as I just copied the path from Sysinternals AdExplorer as-is. But
it did not. Once I removed the path, I got the code working.

[Shay Levy [MVP]]

Hi Exotic,

Here's how to get the users with Quest cmdlets:

Get-QADUser -ldap "(homeMDB=*)" -sizeLimit 0 -ou "OU=Common,OU=Users,OU=Local,OU=Sites,OU=Russia,OU=Company,DC=ן¿½internal,DC=local"
| Format-Table displayName,cn,Email,Name

---
Shay Levy
Windows PowerShell MVP
http://blogs.microsoft.co.il/blogs/ScriptFanatic
PowerShell Toolbar: http://tinyurl.com/PSToolbar