Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Searching for deleted AD objects in PowerShell

71 views
Skip to first unread message

RichS

unread,
Apr 28, 2007, 4:20:01 PM4/28/07
to
I have a PowerShell script that searches the AD for deleted objects. I have
conected to the root of the domain and use a directory searcher object to
return the deleted objects. I would really like to bind to the deleted
objects container so that the scope of the search is reduced.

I know that the LDAP string needed is of the form

"LDAP://<WKGUID=18e2ea80684f11d2b9aa00c04f79f805,dc=domain,dc=com>" but I
keep getting a "No such object on server" . I know the WKGUI is correct from
several sources but suspect that PowerShell just doesn't like doing this.
Has anyone got working code for connecting to the Deleted Objects container
please?
--
Richard Siddaway
Please note that all scripts are supplied "as is" and with no warranty
Blog: http://richardsiddaway.spaces.live.com/
PowerShell User Group: http://www.get-psuguk.org.uk

RichS

unread,
Apr 29, 2007, 9:06:02 AM4/29/07
to
I've done some more digging and I have an answer that appears to work

$adspath = "LDAP://DC=starking,DC=org"
$root = [System.DirectoryServices.DirectoryEntry]$adsPath

$root.psbase.AuthenticationType =
[System.DirectoryServices.AuthenticationTypes]::FastBind
#$root.psbase.path = "LDAP://cn=Deleted Objects,dc=starking,dc=org"

$root.psbase.path =
"LDAP://<WKGUID=18e2ea80684f11d2b9aa00c04f79f805,dc=starking,dc=org>"


$search = [System.DirectoryServices.DirectorySearcher]$root
$search.Filter = "(&(isDeleted=TRUE)(objectclass=user))"
#$search.Filter = "(isDeleted=TRUE)"
$search.tombstone = $true
$search.SearchScope = [System.DirectoryServices.SearchScope]::OneLevel
$result = $search.Findall()
$result

This will display all of the deleted user objects in the domain. The path
can be set either using the WKGUID or the cn=Deleted Objects,....
syntax.

The one thing to note that is that if you set the properties this way that
if you type $root to display its properties you may well get an error even
though it works in the search. The whole system seems quite picky as to what
you can and can't do when accessing the deleted objects.

A useful reference for this is Kaplan and Dunn's book on Directory Services
Programming and the following MSDN article

http://msdn.microsoft.com/msdnmag/issues/05/12/DirectoryServices/

if anyone knows of an easier way I would be grateful


--
Richard Siddaway
Please note that all scripts are supplied "as is" and with no warranty
Blog: http://richardsiddaway.spaces.live.com/
PowerShell User Group: http://www.get-psuguk.org.uk

0 new messages