Tuesday, November 12, 2013

Finding Active Directory Users with Missing Mail Address


LDAP queries are extremely powerful and can help find accounts that are missing information.
This code would return all Active Directory users that actually have a mail address:

$searcher = [ADSISearcher]"(&(sAMAccountType=$(0x30000000))(mail=*))"
$searcher.FindAll() |
  ForEach-Object { $_.GetDirectoryEntry() } |
  Select-Object -Property sAMAccountName, name, mail  

If you want the opposite, negate the query using "!". This would return all Active Directory user accounts that currently have no mail address:

$searcher = [ADSISearcher]"(&(sAMAccountType=$(0x30000000))(!(mail=*)))"
$searcher.FindAll() |
  ForEach-Object { $_.GetDirectoryEntry() } |
  Select-Object -Property sAMAccountName, name, mail  

No comments:

Post a Comment