How to Search Objects in Active Directory

In this article, you will learn how to search Active Directory to find objects such as users, computers, OUs, and groups. There are multiple options for searching Active Directory some provide more features than others such as creating advanced filters.

Table of Contents:

• Search Active Directory Using ADUC
  • Example 1. Search for Users, Groups, or Computers
  • Example 2. Search for Organizational Units
  • Example 3. Custom Search
  • Example 4. Search for All Disabled User Accounts
• Search Active Directory using PowerShell
• Search AD Using the AD Pro Toolkit (GUI TOOL)

Search Active Directory Using ADUC

In this example, I’ll show you how to search Active Directory using the Active Directory Users and Computers Console.

Example 1. Search for Users, Groups, or Computers

Step 1. Click the Find icon

Using Active Directory Users and Computers click the find Icon.

Step 2. Select the object type

In the find drop-down select the object type you want to search for. In this example, I’m going to search for specific user accounts and select from the entire directory. If you want to search in a specific container or OU click the browse button.

Step 3. Enter keywords to search

In the fields provided (depending on what object you selected) enter the keywords you want to search and click the “Find Now” button. In this example, I’m looking for all the users that have Smith in their name. I entered smith in the Name: field and clicked the Find Now button.

Example 2. Search for Organizational Units

In this second example, I’m searching for all Organizational Units that start with the letter “mar”. I select Organizational Units in the Find Box, enter “mar” in the Name: field, and click “Find Now”. My search returned three OUs that contain the words mar.

Example 3. Custom Search

The custom search allows you to search within an object and search for very specific details, such as City, State, Zip, address, and basically any field that exists in an object. Common queries are a quick and easy way to find disabled accounts, non expiring passwords, and accounts that have not been logged into for a certain amount of time.

In this example, I’m going to search for users

With the find object window open select custom search -> Field -> “User” and then “City”

You can see from the above screenshot all the different fields from the User object that you can select and use in your search.

In the conditions field select “starts with” and in the value field enter “spr”.

This will show me all the cities that start with “spr”. You could also set the condition to “Is (exactly)” and enter the complete city name in the value field.

You can verify the results by opening one of the search results and then click on the address tab.

Example 4. Search for All Disabled Users

In this example, I’ll show you how to find disabled users in AD using the built-in common queries.

Select “common queries” from the find drop-down menu. Then Click the box for disabled accounts and click the “find now” button.

My search found 15 accounts that are disabled.

Eays.

Search Active Directory Using PowerShell

PowerShell is a great option to search AD to find users, computers, groups, and other objects. Below are some examples of searching Active Directory with PowerShell.

1. Search for all domain users.

get-aduser -filter*

2. Search for a user by last name.

Get-ADUser -Filter "Surname -eq 'smith'"

3. Seach for all computers

get-adcomputer -filter *

4. Search for a computer with a specific name

Get-ADComputer -Filter "Name -like 'PC*'" | select Name, Enabled

5. Seach for all Active Directory Groups

Get-ADGroup -filter *

6. Search for a group with a specific name

Get-ADGroup -filter "Name -like 'grp*'"

7. Search for multiple object types

 Search-ADAccount -AccountDisabled | FT Name,ObjectClass -A

The search-ADAccount command can search for user, computer or service accounts. In the example below, the command will search for objects that are disabled.

For more PowerShell examples see the links below.

• Get-ADUser – This command is used to search for AD user accounts. In this article, I provide ten different examples of how to search AD for user accounts.
• Get-ADComputer – This command is used to search Active Directory for computer accounts.
• Get-ADGroup – Search for single or multiple AD groups. I provide several examples in this article, including how to run a wildcard search.
• Get-ADGroupMember – Gets members of an Active Directory group. I break down the steps to search for a group and display the group members. I also show you how to export the results to a CSV file.

Search AD Using the AD Pro Toolkit (GUI TOOL)

The AD Pro Toolkit includes over 200 built-in reports. All reports can be filtered and searched.

You can download a free trial of the AD Pro Toolkit and try it for yourself.

For example, in the report below I’ll click the search icon and search for a user that includes “smith” in the name.

Search for users in an OU

To search for accounts in an OU first select the OU and click run.

Now you will have a list of all users from the OU.

Click the search icon and enter text to search the results.

Advanced Search

You can create advanced filters using the built-in filter editor.

For example, here is a filter that searches for all enabled users that contain smith in the display name.

Summary

As you can see searching Active Directory is pretty easy using the Active Directory Users and Computers console but it does have its limitations. For more advanced searches and to quickly export AD objects, I would recommend PowerShell or the AD Pro Toolkit.

I hope you enjoyed this article, if you have questions or comments please leave a comment.