Find attributes in a Property Set

I will show you three methods to get Property Set and the associated attributes.

With PowerShell (recommended method)

Custom script

You can find my PowerShell script for managing Property Sets on my GitHub.

ActiveDirectory-Toolbox/Attributes/PropertySet at master · itpro-tips/ActiveDirectory-Toolbox

Contribute to itpro-tips/ActiveDirectory-Toolbox development by creating an account on GitHub.

GitHubitpro-tips

You can use the following CMDlet:

• Get All Property Set and the associated attributes: Get-ADPropertySet
• Get All Property Set only, without the associated attributes : Get-ADPropertySet -DoNoIncludeAttributes
• Get the Property Set for a specific attribute : Get-ADPropertySetForAttribute -Attribute xxxx

Without any custom script

If you prefer not to use any modules, you can use this code:

# Connect to the rootDSE
$rootDSE = New-Object System.DirectoryServices.DirectoryEntry("LDAP://rootDSE")

# Retrieve the schema naming context (distinguished name of the schema)
$schemaDN = $rootDSE.schemaNamingContext

# Construct the LDAP path to the schema
$schemaPath = "LDAP://$schemaDN"

# Create a DirectoryEntry object for the schema
$schema = New-Object System.DirectoryServices.DirectoryEntry($schemaPath)

## Attributes in Personal-Information Property Set
$guid = [guid]"77b5b886-944a-11d1-aebd-0000f80367c1"
$guidToByteArray = $guid.ToByteArray()

$schema.Children | Where-Object { [string]$_.attributeSecurityGUID[0] -eq [string]$guidToByteArray } | ForEach-Object { $_.lDAPDisplayName }

With adfind

If you're more inclined towards using an executable, adfind is a great option.

# get the rightsGUID of Personal Information (returns) 
./adfind -sc findpropsetrg:"Personal Information"

# find the member beloning to the Property Set
./adfind -sc propsetmembersl:"77b5b886-944a-11d1-aebd-0000f80367c1"