top of page

PowerShell Get-ADUser

Query Active Directory for users by specifying OU by specifying the OU distinguished name.

 Get-ADUser -filter * -searchbase "OU=MyUsers,DC=MynewForest,DC=local"  -ErrorAction Continue | Select Name, SamAccountName

Query Active Directory from SamAccoutnName and customized header output.

Get-ADuser -Properties * -f {SamAccountName -like " Sjobs"} |`
Select @{name="Login ID";expression={$($_.Samaccountname)}},`
@{name="First Name";expression={$($_.Givenname)}},`
@{name="Last Name";expression={$($_.Surname)}},`
@{name="Description";expression={$($_.Description)}},
@{name="Job Title";expression={$($_.Title)}},
@{name="Office";expression={$($_.Office)}},
@{name="Department";expression={$($_.Department)}},
@{name="Company";expression={$($_.Company)}},
@{name="Current Manager";expression={$($_.Manager)}},
@{name="Account Enabled";expression={$($_.Enabled)}} 

Get Old User Accounts

$Date = [DateTime]::Today.AddDays(-100)

Get-ADUser -Filter  ‘PasswordLastSet -le $Date’ -properties * | Select Name, PasswordLastSet, Enabled | Export-csv C:\temp\Old_UserAccount.csv 

Get User Account Where Password Never Expires for Auditing

 Get-ADuser -Properties * -filter {PasswordNeverExpires -eq $True} | Select Samaccountname, Givenname, Surname, Enabled

Lists the group membership for each user account listed in the source file. It creates a CSV file for each user.

$users= Get-Content C:\Temp\SamAccountList.txt        
foreach ($user in $users) {        
$user=$user.Trim()        
Get-ADUser $User -Properties MemberOf | Select -ExpandProperty memberof | Out-File C:\temp\$user.csv -Append        
}             

Lists the info for each user account listed in the source file.

$Users= Get-Content C:\Temp\Accounts.txt        
foreach ($user in $users) {         
Get-ADuser -Properties * -filter {DisplayName -like $user} | Select Samaccountname, Givenname, Surname, Description, Enabled}               

 

Get-ADuser By First Last Name Comparison

I always get names from staff instead of login accounts and have to pull and compare lists because people have spelling issues,

people get married, people have multiple names and are not in the first and last name fields correctly etc...

   Function Get-AduserFirstLastNameQuery() {
        # \\ Parameters Defined \\
               [CmdletBinding()]        
                Param(
                    [Parameter(Mandatory=$True,ValueFromPipelineByPropertyName=$true)]
                    [string]$FirstName,        
                    [Parameter(Mandatory=$True,ValueFromPipelineByPropertyName=$true)]
                    [string]$LastName
               )
        #\\ Start Processing \\
            Process {        
            #\\ Remove White Space \\
            $FirstName=$_.Firstname.Trim()                           
            $LastName=$_.LastName.Trim()        
            #\\ Query AD and Change Headers \\
            Get-ADuser -Properties * -f {(GivenName -like $FirstName) -and (Surname -like $LastName)} |` 
            Select @{name="Login Name";expression={$($_.Samaccountname)}},`
            @{name="First Name";expression={$($_.Givenname)}},`
            @{name="Last Name";expression={$($_.Surname)}},`
            @{name="Account Status";expression={$($_.Enabled)}} | `                                           
            #\\ Export Query \\
            Export-Csv -NoTypeInformation -Path "C:\Temp\UserInformantion.csv" -Append               
                }                               
        }
            #\\ Error Trapping \\
            Try{
                #\\ Import CSV and Call Function\\
                Import-CSV C:\Temp\Book1.csv |  Get-AduserFirstLastNameQuery -ErrorAction Stop
                } 
            catch
                {
                #\\ Write Out Error Message \\
                Write-host Processing Halted Not All Account Reviewed  $_.Exception.Message
                }        
            #\\ Open Output \\
            Invoke-Item "C:\Temp\UserInformantion.csv"        

bottom of page