get_objects
Use the get_objects command to perform an LDAP search of Active Directory and return a Tcl list of the distinguished names (DNs) of the objects that match the search criteria. You specify a container in Active Directory where the search begins and a standard LDAP filter that defines the objects you’re searching for.
You can control the nature of the search through options that specify whether to use the global catalog (GC) for a forest-wide search, the number of levels deep for the search to go below the beginning container of the search, and the maximum number of objects for the get_objects command to return.
Zone Type
Not applicable
Syntax
get_objects [-gc] [-depth one|sub] [-limit limit] [-f forest] base filter
Abbreviation
go
Options
This command takes the following options:
| Option | Description |
|---|---|
| -gc | Requests a forest-wide search using a global catalog. For this option to work, ADEdit must be bound to a global catalog domain controller using the bind command with the -gc option. If you don’t specify this option, the search is only within the currently bound domains. |
| -depth one | sub | Specifies how deep to search. This option must be followed by one of two values: one: Specifies that the search will search only through objects immediately below the container specified by the argument base. sub: Specifies that the search will be full-depth, starting at the container specified by base and continuing through all sub-containers below that level. If you don’t specify this option, the search defaults to the value one. |
| -limit limit | Limits the number of objects returned by the search to the positive integer specified by limit. If you don’t specify this option, the search returns all matching objects without limit. |
| -f forest | Specifies the forest to search. If you bind ADEdit to multiple forests, you can use this option to identify a specific forest to search for objects matching the criteria you specify. |
Arguments
This command takes the following arguments:
| Argument | Type | Description |
|---|---|---|
| base | DN | Required. Specifies the distinguished name of an Active Directory container in which to start the search. If you want to perform a forest-wide search using the global catalog option but do not specify the forest to search, use an empty string as the base argument. For example: get_objects -gc -depth sub "" (cn=demo). You should not use an empty string as the starting point for a search if you bind to multiple forests. If you bind to multiple forests, you should always specify the forest to search. |
| filter | LDAP filter | Required. A string that uses standard LDAP filter syntax to specify criteria for the search. |
Return Value
This command returns a Tcl list of the distinguished names of the objects matching the search criteria.
Examples
get_objects “cn=users,dc=acme,dc=com” (objectclass=*)
This example returns a list of distinguished name matching the objectclass filter:
CN=Builtin,DC=acme,DC=com CN=Computers,DC=acme,DC=com {OU=Domain Controllers,DC=acme,DC=com} CN=ForeignSecurityPrincipals,DC=acme,DC=com CN=Infrastructure,DC=acme,DC=com CN=LostAndFound,DC=acme,DC=com {CN=NTDS Quotas,DC=acme,DC=com} {CN=Program Data,DC=acme,DC=com} CN=System,DC=acme,DC=com CN=Users,DC=acme,DC=com
Related Commands
The following commands enable you to view and select the object to work with:
new_objectcreates a new Active Directory object and stores it in memory.select_objectretrieves an object and its attributes from Active Directory and stores it in memory.
After you have an Active Directory object stored in memory, you can use the following commands to work with that object’s attributes, delete the object, or save information for the object:
add_object_valueadds a value to a multi-valued field attribute of the currently selected Active Directory object.delete_objectdeletes the selected Active Directory object from Active Directory and from memory.delete_sub_treedeletes an Active Directory object and all of its children from Active Directory.get_object_fieldreads a field value from the currently selected Active Directory object.remove_object_valueremoves a value from a multi-valued field attribute of the currently selected Active Directory object.save_objectsaves the selected Active Directory object with its current settings to Active Directory.set_object_fieldsets a field value in the currently selected Active Directory object.
