AD Attribute lookup using LDAP issue

Occasional Contributor

Hi All


I am looking at querying two domain and identifying if the custom attributes exists from domain 1 into domain 2. Using Get-ADUser is an option but I am working with over 100k AD Objects and it takes days to complete the work and need to streamline it more.


ADSISearcher (LDAP Lookup) looks like the best option but having a couple of issues. 1. Is the code lined up correctly to achieve the required outcome 2. error Exception calling 'FindAll' with "0" argument(s): Unknown Error (0x80005000)  against the following variable $AllObjects1 = $sub2Searcher1.FindAll()


$sub1LDAPFilter = '(objectclass=user)'
$PageSize = 1000
$sub1DN = 'DC=sub1,DC=domain,DC=com'
$sub1SB = 'DC=sub1,DC=domain,DC=com'
$sub1Searcher = [ADSISearcher]('{0}' -f $LDAPFilter)
$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $ClientSB)
$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $clientDN)
$sub1Objects = $ClientSearcher.FindAll()

$sub2SB = 'DC=sub2,DC=domain,DC=com'
$sub2DN = 'DC=sub2,DC=domain,DC=com'

Foreach($Object in $AllObjects){

$sub2ca105 = $Object.Properties.'customattribute10'
$sub2LDAPFilter = "(objectclass=user,customattribute=$sub1ca10)"
$sub2Searcher1 = [ADSISearcher]("{0}" -f $sub2LDAPFilter)
$sub2Searcher1.SearchRoot = [ADSI]("GC://{0}" -f $SearchBase1)
$sub2Searcher1.SearchRoot = [ADSI]("GC://{0}" -f $collabDomainName1)
$AllObjects1 = $sub2Searcher1.FindAll()

if ($Object.Properties.'customattribute10' -eq $allobjects1.Properties.'customattribute10')
Write-Host 'Match in Sub1 vs Sub2' $Object.Properties.samaccountname -ForegroundColor Green
Write-Host 'No Match in Sub1 vs Sub2' $Object.Properties.samaccountname -BackgroundColor Red




3 Replies

@Andrew Price 


1. Don't know

2. Change $sub2ca105 to $sub2ca10

@Andrew Price 


Try changing the following:



$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $ClientSB)
$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $clientDN)



$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $sub1SB)
$sub1Searcher.SearchRoot = [ADSI]('GC://{0}' -f $sub1DN)

best response confirmed by Andrew Price (Occasional Contributor)

@Darrickthank you for your reply, managed to work out my issue and created a script located on my blog