get_objects

Use the get_objects command to perform an LDAP search of Active Directory and return a Tcl list of the distinguished names (DNs) of the objects that match the search criteria. You specify a container in Active Directory where the search begins and a standard LDAP filter that defines the objects you’re searching for.

You can control the nature of the search through options that specify whether to use the global catalog (GC) for a forest-wide search, the number of levels deep for the search to go below the beginning container of the search, and the maximum number of objects for the get_objects command to return.

Zone type

Not applicable

Syntax

get_objects [-gc] [-depth one|sub] [-limit limit] [-f forest] base filter

Abbreviation

go

Options

This command takes the following options:

Option Description

-gc

Requests a forest-wide search using a global catalog. For this option to work, ADEdit must be bound to a global catalog domain controller using the bind command with the -gc option.

If you don’t specify this option, the search is only within the currently bound domains.

-depth one | sub

Specifies how deep to search. This option must be followed by one of two values:

  • one: Specifies that the search will search only through objects immediately below the container specified by the argument base.
  • sub: Specifies that the search will be full-depth, starting at the container specified by base and continuing through all sub-containers below that level.

If you don’t specify this option, the search defaults to the value one.

-limit limit

Limits the number of objects returned by the search to the positive integer specified by limit.

If you don’t specify this option, the search returns all matching objects without limit.

-f forest

Specifies the forest to search.

If you bind ADEdit to multiple forests, you can use this option to identify a specific forest to search for objects matching the criteria you specify.

Arguments

This command takes the following arguments:

Argument Type Description

base

DN

Required. Specifies the distinguished name of an Active Directory container in which to start the search.

If you want to perform a forest-wide search using the global catalog option but do not specify the forest to search, use an empty string as the base argument. For example:

get_objects -gc -depth sub "" (cn=demo)

You should not use an empty string as the starting point for a search if you bind to multiple forests. If you bind to multiple forests, you should always specify the forest to search.

filter

LDAP filter

Required. A string that uses standard LDAP filter syntax to specify criteria for the search.

Return value

This command returns a Tcl list of the distinguished names of the objects matching the search criteria.

Examples

get_objects “cn=users,dc=acme,dc=com” (objectclass=*)

This example returns a list of distinguished name matching the objectclass filter:

CN=Builtin,DC=acme,DC=com CN=Computers,DC=acme,DC=com {OU=Domain Controllers,DC=acme,DC=com} CN=ForeignSecurityPrincipals,DC=acme,DC=com CN=Infrastructure,DC=acme,DC=com CN=LostAndFound,DC=acme,DC=com {CN=NTDS Quotas,DC=acme,DC=com} {CN=Program Data,DC=acme,DC=com} CN=System,DC=acme,DC=com CN=Users,DC=acme,DC=com

Related commands

The following commands enable you to view and select the object to work with:

  • new_object creates a new Active Directory object and stores it in memory.
  • select_object retrieves an object and its attributes from Active Directory and stores it in memory.

After you have an Active Directory object stored in memory, you can use the following commands to work with that object’s attributes, delete the object, or save information for the object:

  • add_object_value adds a value to a multi-valued field attribute of the currently selected Active Directory object.
  • delete_object deletes the selected Active Directory object from Active Directory and from memory.
  • delete_sub_tree deletes an Active Directory object and all of its children from Active Directory.
  • get_object_field reads a field value from the currently selected Active Directory object.
  • remove_object_value removes a value from a multi-valued field attribute of the currently selected Active Directory object.
  • save_object saves the selected Active Directory object with its current settings to Active Directory.
  • set_object_field sets a field value in the currently selected Active Directory object.