Get-aduser help

Similar Messages

• Help with get-aduser -filter command

  Hi! I'm having problems with getting user info from displayname
  function searchuzv {
  $uzvinfo=$InputBoxuzv.text;
  $uzvcheck = Get-ADUser -filter "DisplayName -like '*$uzvinfo*'"
  If i run Get-ADUser -filter "DisplayName -like '*$uzvinfo*'" line separately, everything is ok, and working, but when I run function, I m getting error "Get-ADUser : The search filter cannot be recognized"
  My objective is get user info when only part of displayname is provided.
  I suppose there is problem with syntax, but I can't find anything about this.
  Any suggestions?
  Bert regards,
  Ronald

  Hi Ronald,
  Try this.
  function searchuzv
  $uzvinfo=$InputBoxuzv.text
  $uzvDisp = "*"+$uzvinfo+"*"
  $uzvcheck = Get-ADUser -filter "DisplayName -like $uzvDisp"
  Regards,
  Satyajit
  Please “Vote As Helpful”
  if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• How do I use Get-ADUser to get just the Managers attribute? And then get rid of duplicates in my array/hash table?

  Hello,
        I am trying to just get the Managers of my users in Active Directory. I have gotten it down to the user and their manager, but I don't need the user. Here is my code so far:
  Get-ADUser-filter*-searchbase"OU=REDACTED,
  OU=Enterprise Users, DC=REDACTED, DC=REDACTED"-PropertiesManager|SelectName,@{N='Manager';E={(Get-ADUser$_.Manager).Name}}
  |export-csvc:\managers.csv-append 
  Also, I need to get rid of the duplicate values in my hash table. I tried playing around with -sort unique, but couldn't find a place it would work. Any help would be awesome.
  Thanks,
  Matt

  I would caution that, although it is not likely, managers can also be contact, group, or computer objects. If this is possible in your situation, use Get-ADObject in place of Get-ADUser inside the curly braces.
  Also, if you only want users that have a manager assigned, you can use -LDAPFilter "(manager=*)" in the first Get-ADUser.
  Finally, if you want all users that have been assigned the manager for at least one user, you can use:
  Get-ADUser
  -LDAPFilter "(directReports=*)" |
  Select @{N='Manager';E={ (Get-ADUser
  $_.sAMAccountName).Name }}
  -Unique | Sort Manager |
  Export-Csv .\managerList.csv -NoTypeInformation
  This works because when you assign the manager attribute of a user, this assigns the user to the directReports attribute of the manager. The directReports atttribute is multi-valued (an array in essence).
  Again, if managers can be groups or some other class of object (not likely), then use Get-ADObect throughout and identify by distinguishedName instead of sAMAccountName (since contacts don't have sAMAccountName).
  Richard Mueller - MVP Directory Services

• Is there a way to speed up Get-QADUser or Get-ADUser?

  Hello,  I was wondering if there was a way to speed the commands up to query faster?  My one-liner looks like:
  Get-ADUser -SearchBase "OU=People,DC=Domain,DC=Company,DC=Net" -Filter {Title -eq "Job Title"} -ResultSetSize $null -Properties * | Select SamAccountName, DisplayName, Manager
  Are we able to somehow omit property fields that it looks up?  Would that help?
  I've tried looking through Google and couple of forums, but could not find the answer.
  I have used a tool called "ADFind" and was able to get the results in less than 5 minutes, but Powershell seems to take WAYY longer to do this.
  Thank you!

  Hi,
  Yes, drop the wildcard from Properties and only request the properties that you're interested in.
  Out of curiosity, how many users are returned by this query?
  Don't retire TechNet! -
  (Don't give up yet - 12,700+ strong and growing)

• The Command Get-ADUser -Identity username -Properties * No Longer Works Due to a Bug in PowerShell 4 and Win8-1 Pro

  The 'Command Get-ADUser -Identity <username> -Properties *' No Longer Works Due to a Bug in PowerShell 4 and Win8-1 Pro
  It produces the following error:
  Get-ADUser : One or more properties are invalid.
  Parameter name: msDS-AssignedAuthNPolicy
  At line:1 char:1
  + Get-ADUser -Identity ********** -Properties *
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : InvalidArgument: (**********:ADUser) [Get-ADUser], ArgumentException
      + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
  This is already documented in these forums:
  1. http://social.technet.microsoft.com/Forums/systemcenter/en-US/1bf9568e-6adc-495d-a37c-48877f86985a/powershell-40-and-the-activedirectory-ps-module?forum=w81previtpro
  2. https://connect.microsoft.com/PowerShell/feedback/details/806452/windows-8-1-powershell-4-0-get-adcomputer-properties-bug
  Unfortunately, in typical style, Microsoft have archived number 1 without bothering to respond with advice.  Can someone in Microsoft please advise your customers here if this is being investigated and of any available workaround or fix ?
  -- huddie "If you're not seeking help or offering it, you probably shouldn't be here."

  Did you consider using one of the "workarounds" below to run an existing version of the AD Module for PowerShell under a specific PowerShell version:
  a. #require -version 3.0    (in ps1 script)
  b. powershell -version 3.0
  Thank you for sharing with us if this helps.
  Desmond, did you miss my reply below ?  I still haven't heard back from you:
  >> "Desmond,
  >> 
  >> Thanks for your quick response.
  >> 
  >> I'm running this just as a command, not in a script:
  >> 
  >> Get-ADUser -Identity <username> -Properties *
  >> 
  >> When I try to run powershell
  -version 3.0 first, then run the above command, it still fails with the same error.  When I then run Get-Host,
  the version still shows as 4.0 so maybe there's more I need to do to launch a 3.0 host.  Anyway, from what I've read it seems your command is more aimed at script compatibility.
  >> 
  >> Can you help ?"
  -- huddie "If you're not seeking help or offering it, you probably shouldn't be here."

• Get-ADUser and Get-ADPrincipalGroupMembership combined

  I'm trying to get a list of template user account and what their membership are exported to a csv file. I'm trying to combine the tables on them but having a hard time figuring it out. I spent the day racking my brain on this and figured I would reach out
  for help. This gets all my template users.
  Import-Module ActiveDirectory
  $User = "*Template*"
  $usernames = (Get-ADUser -Filter "DisplayName -like '*$User*'" -Properties * | format-table Displayname, SamAccountName)
  $usernames
  I can use this to get all the members of the groups, but since the groups repeat it doesnt break down where one user stops and the others begin. 
  $groups = Get-ADUser -Filter "SamAccountName -like '*$Usr*'" -Properties DisplayName | foreach-object{Get-ADPrincipalGroupMembership -Identity $_.SamAccountName} | format-table name
  I was thinking of joining the tables but that wasnt much help to me since I cant figure out what to join on. I also thought about looping through the first table with a foreach loop but it was assigning the whole table in the first pass and displaying nothing.
  If anyone could help or suggest something, I would greatly appreciate.
  Matt

  Hi Matt,
  Give this a shot:
  Get-ADUser -Filter "DisplayName -like '*Template*'" -Properties MemberOf | ForEach {
  $username = $_.SamAccountName
  $_.MemberOf | ForEach {
  $props = @{
  Username = $username
  GroupName = (Get-ADGroup $_).Name
  New-Object PsObject -Property $props
  } | Sort Username,GroupName |
  Select Username,GroupName |
  Export-Csv .\GroupMemberships.csv -NoTypeInformation
  Don't retire TechNet! -
  (Don't give up yet - 13,225+ strong and growing)

• Get-rid of the format we get using Get-ADuser in a CSV. Send CSV data in an email in table format

  Hi,
  I am using get-ADuser in order to extract a few AD attributes of some users. I export the users and their respective attributes to a CSV. However, the output in CSV i get has the following format in each cell for its AD attribute. 
  @{description=<Value>} or @ { info=<Value>}
  I have tried to use Expandproperty switch in order to get rid of it but it does not accept null values and hence if a user has no value for a said attribute, the previous value is copied for that user too. However, without expand property it gives me the
  above format in the output.
  $Desc = Get-ADUser $Username -Properties description | select description
  I would like the cells to contain only values and not this format along.
  Also, once I have the CSV with values I would also like to copy the values from CSV in an email in the form of a TABLE. I have been able to copy the content in an email using the following however, this in not in a table format. 
  $mail = Import-Csv $newlogonfile | Out-String
  Please HELP!

  Yes I am already using Export-Csv but still getting the same kind of format in output :-
  $Username = $Event.Properties[5].Value
              $Title_var = get-aduser $Username -properties Title | select Title
         $Ofc_phone = get-aduser $Username -Properties OfficePhone | select OfficePhone
         $Info_var = get-aduser $Username -properties info | select info
         $Display_Name = get-aduser $Username -properties DisplayName | select DisplayName
              $Mail = Get-ADUser $Username -Properties Mail | select Mail
         $Desc = Get-ADUser $Username -Properties description | select description
          $Props = @{ 
                  User = $Event.Properties[5].Value;
                  TimeCreated = $Event.TimeCreated;
                  LogonType = $Event.Properties[8].Value;
                  DCName = $Event.MachineName;
  Workstation_address = $Event.Properties[18].Value;
  Title = $Title_var;
  OfficePhone = $Ofc_phone;
  Info = $Info_var;
  DisplayName = $Display_Name;
          Description = $Desc;
         EMail = $Mail
              $LogonRecord = New-Object -TypeName psobject -Property $Props
              $Result += $LogonRecord
  $Result | Export-Csv -Path $logFile -append -UseCulture -NoTypeInformation # Log it to CSV
  OUTPUT has values in this format in the CSV :-
  @{info=} @{description=abc} @{DisplayName=} @{Officephone=}
  @{Mail=[email protected]}

• Get-ADuser and formatting results

  What Im looking to do is to output all of my AD Users, including all of their properties, and then output that to a tabular format. The issue I am having is that some of the fields, like MemberOf, dont come through. My script looks like the following:
  Get-ADuser -Filter * -Properties * | Export-CSV C:\Temp\MyFile.csv
  This is almost what I want, but I just need for all of the properties to be expanded. Some end in "..." meaning there is more to be shown, and others such as "MemberOf" show "Microsoft.ActiveDirectory.Management.ADPropertyValueCollection" instead of showing
  the actual groups.
  Thanks in advance for any help!
  Jarrod Sturdivant [email protected]

  I had the same question and the "Exchange Proxy Address (alias) Report" Blog entry helped me a lot in this case.
  Here is my adaption
  $multipcgroups = @()
   $Pclist = import-csv mypclist.csv | foreach {get-adcomputer -identity $_.name -Properties * | select name, memberof}
   foreach ($pc in $pclist) {
   [array]$pcgroups = $pc.memberof
  $ErrorActionPreference = 'SilentlyContinue'
   $pcadgroup = New-Object PSObject -Property @{
  Name = $pc.name
   pcadgroup0 = $pcgroups[0] -replace "OU=SW,OU=Groupx,OU=foo,DC=company,DC=de" -replace "OU=Filter,OU=Technical Roles,DC=company,DC=de"
  pcadgroup1 = $pcgroups[1] -replace "OU=SW,OU=Groupx,OU=foo,DC=company,DC=de" -replace "OU=Filter,OU=Technical Roles,DC=company,DC=de"
  pcadgroup2 = $pcgroups[2] -replace "OU=SW,OU=Groupx,OU=foo,DC=company,DC=de" -replace "OU=Filter,OU=Technical Roles,DC=company,DC=de"
  $ErrorActionPreference = 'Continue'
   $pcadgroupCount = ($pcgroups).count
   if ($pcadgroupCount -gt 0) {
  $multipcgroups += $pcadgroup
   $multipcgroups | select name, pcadgroup0,pcadgroup1,pcadgroup2 | Export-CSV pcadgroups.csv -notype
  regards
  Andreas

• Error troubleshooting in AD Module - Get-Aduser w/created filter

  Hi All,
  I'm working as an intern with my university, and I've been tasked with clearing out old student accounts in AD. There are currently over 4000 users in our system, and it's estimated that there are over 3500 old accounts that need to be deleted.
  We are at the 2008 R2 Domain Functional Level.
  I am going to script this through Powershell, but I'm having a terrible time getting a certain query to run properly.
  I am using the following:
  get-aduser -filter {created -lt '1/1/2010' -and lastlogontimestamp -notlike '*'} -properties created
  I will sometimes narrow my query by adding another filter for created -gt '1/1/2008', for instance.
  When I run the command as written, however, it will return several hundred users, but then it spits out the following error after the last displayed result:
  Get-ADUser : The specified method is not supported
  At C:\Users\Administrator.CSC\Desktop\test1.ps1:4 char:15
  + get-aduser <<<< -filter {created -lt '1/1/2010'} -properties created | ft name,samaccountname,created
  + CategoryInfo : NotSpecified: (:) [Get-ADUser], ADException
  + FullyQualifiedErrorId : The specified method is not supported,Microsoft.ActiveDirectory.Management.Commands.GetADUser
  If I narrow my search scope by created date, I can sometimes get the error to not appear. My guess is that there are several accounts in the database that trigger the error (or at least, that's how it appears).
  I have tried running this on both a DC and a non-dc server with server management tools installed. It doesn't matter what other filters are used, so omitting the lastlogontimestamp filter doesn't prevent the error.
  My supervisor seems to think there may be errors in the AD database, but I've done every AD health check I can think of.
  Does anyone have any suggestions?
  Thanks,
  Brandon

  If you have access to Microsoft Connect (I believe you must be an MVP), it would help to vote on this report, as that should help prioritize it.
  You don't need to be a MVP for access to Connect, here's a direct link to the bug report Richard opened:
  https://connect.microsoft.com/PowerShell/feedbackdetail/view/963333/ad-module-cmdlets-raise-error-if-there-are-more-than-256-results
  The command from the report does appear to work for me in v4 (Win7):
  PS C:\> Get-ADUser -Properties Created -Filter "Created -gt '9/1/2014'" | measure
  Count : 260
  I also tested the command that failed in the post above and v3 appears to be working for me as well (WS2012):
  PS C:\> $start = (Get-Date).AddDays(-1)
  PS C:\> get-aduser -filter {modified -gt $start} | measure
  Count : 263
  Perhaps the count needs to be higher to replicate this.
  EDIT: I just created a bunch of new user accounts and I still can't replicate this (v3 on WS2012 again):
  PS C:\> $start = (Get-Date).AddDays(-1)
  PS C:\> get-aduser -filter {modified -gt $start} | measure
  Count : 1803
  EDIT2: DC is WS2008SP2.
  Don't retire TechNet! -
  (Don't give up yet - 13,085+ strong and growing)

• Use Get-ADUser to get locked status and if locke give a choice to unlock it.

  Hi guys and girls,
  Im startling to learn powershell scripting and have made my first tool/Script.
  Below script is the one i use, however i do have an problem i would like some help with.
  I use the script to display some basic info and also to show if the user is lockedout or not.
  However i do would like to have the choice to unlock the user in the script as well, therefore im using the if statement.
  But dont get it to return the value i want. What i want it to do is to check if the account is locked if so ask if it should unlock it. Any help or input is appreciated.
  /Json
  $userinput = Read-Host "Enter Username Here"
  Get-ADUser -Identity $userinput -Properties * | Select-Object DisplayName, city, department, EmailAddress, HomeDirectory, MobilePhone, OfficePhone, Manager, PasswordExpired, PasswordLastSet, LockedOut
    If(((Get-ADUser -Identity $userinput -Properties lockedout).lockedout = $true))

  Hi there, I've not tested this properly but it should do the trick.
  add-type -AssemblyName System.DirectoryServices.AccountManagement
  $userinput = Read-Host "Enter Username Here"
  $res = Get-ADUser -Identity $userinput -Properties DisplayName, city, department, EmailAddress, HomeDirectory, MobilePhone, OfficePhone, Manager, PasswordExpired, PasswordLastSet, LockedOut | Select-Object DisplayName, city, department, EmailAddress, HomeDirectory,
  MobilePhone, OfficePhone, Manager, PasswordExpired, PasswordLastSet, LockedOut
  if ($res.lockedout -eq $true){
  $unlock = Read-host "Unlock? Y/N"
  if ($unlock -eq "Y")
  $context = [System.DirectoryServices.AccountManagement.ContextType]::Domain
  [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($context,$userinput).UnlockAccount()

• Using Get-ADUser but 3.0 needs a filter? What changed?

  I'm trying to just do a basic query of AD attributes from a text file of SamAccountNames I have, but I'm upgraded to PowerShell ISE 3.0 and there might be some things new I'm not understanding. 
  I was just trying to do something simple like this; Get-Content C:\Scripts\userabrivs.txt | ForEach { Get-ADUser -Properties * } | Export-csv C:\scripts\Output\adusers1 
  but in ISE it always asks for 
  cmdlet Get-ADUser at command pipeline position 1
  Supply values for the following parameters:
  (Type !? for Help.)
  Filter: 
  I'm not very good at this so can someone help me understand why it needs a filter when I'm just asking it to use the list of SamAccountNames I have in a text file?

  Hi,
  You're never telling Get-ADUser which user you want to return. Try this instead:
  Get-Content .\userList.txt | ForEach {
  Get-ADUser -Identity $_ -Properties *
  } | Export-Csv .\userProperties.csv
  I highly recommend only returning the properties you need, the wildcard will return more information than most people want to look at.
  Don't retire TechNet! -
  (Don't give up yet - 12,700+ strong and growing)

• Get-aduser - Export-CSV -- POWERSHELL

  I need help in getting this command to export the data into a CSV.
  Get-ADUser -Filter * -Properties
  whenCreated | Where-Object {$_.whenCreated -ge ((Get-Date).AddDays(-30)).Date} | FL SamAccountName, Name, DistinguishedName, whenCreated
  | Export-Csv
  c:\scripts\ADCreatedUsers.csv
  When doing this the command does not give me anything close to what I expect.

  Duplicate thread.
  Active thread is here:
  https://social.technet.microsoft.com/Forums/scriptcenter/en-US/15c5347a-4c18-404c-a9f9-0ba48b932384/getaduser-exportcsv-powershell?forum=ITCG
  Don't retire TechNet! -
  (Don't give up yet - 13,085+ strong and growing)

• Get-ADUser -server

  Hi all
  I am at the beginning of my powershell skills so excuse my silly question.
  I am writing a script where I want to use a specific AD controller. And want to define the server as a variable.
  $dc=srv01.contoso.com
  Get-ADUser -Identity "test" -server $dc -Properties name,enabled
  However I always get the error:
  + Get-ADUser -Identity "test" -server <<<<  $dc -Properties name,enabled
      + CategoryInfo          : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
      + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser
  If I run:
  Get-ADUser -Identity "test" -server srv01.contoso.com -Properties name,enabled
  It runs with no issues.
  Thanks for your help.

  Hi Grimbi,
  try this:
  $dc = "srv01.contoso.com"
  Get-ADUser -Identity "test" -server $dc -Properties name,enabled
  Why does this happen?
  As a parameter of a command, powershell assumes the input is a string (since the parameter demands a string). However when you Store something in a variable it has to guess about the input type. By wrapping it in double-quote, you tell PowerShell "This
  is a string". Otherwise it can't tell whether it's supposed to be a command, an Alias, etc. .
  Cheers,
  Fred
  There's no place like 127.0.0.1

• Get-ADUser with the -LDAPfilter using a regex

  I'm by no means a novice to PowerShell, but for my first year and 1/2 using it the organization I worked for only had 2003 AD functional level, so to do AD stuff I needed to use the Quest Active Directory tools (get-qaduser). Now that I'm working for a place
  that is a bit more modern on their infrastructure, I just can't seem to wrap my head around get-aduser stuff when dealing with filters and LDAPfilters - AKA, "I'm used to QAD being easy, please help!"
  Could someone give me an overview with lots of examples?
  Thank you.
  [email protected]

  There's definitely examples in both of the links Boe posted. LDAP filtering is certainly different from OPath and takes some getting used to if you haven't seen it before. Here's another set of examples:
  http://clintboessen.blogspot.com/2009/10/ldap-queries-for-group-scope.html
  Is there anything specific you're trying to do with it?
  Don't retire TechNet! -
  (Don't give up yet - 12,700+ strong and growing)
  Ahhh, I see my mistake ... I was asking for just plain old syntax/examples, and what I really wanted was a few examples of the
  entire command.
  I.E.
  get-aduser -LDAPFilter "(badpwdcount>=5)"
  I just never seem to remember what needs quotes, what needs single quotes, what needs parens, what needs brackets ... etc.
  [email protected]

• Get-AdUser and a other domain

  I'm having problems running a script to search all accounts on a Domain.
  I want to be able to switch domain choices
  Current script is:
  Import-Module activedirectory
  Get-ADUser -Filter * -Properties * |
  Select-Object Name,LastLogonDate | export-csv C:\users.csv -notypeinformation
  I've tried the following to no avail - still outputs my domain not the selected:
  import-module activedirectory
  $data =@()
  $domains = "another.domain.com"
  foreach($domain in $domains)
   $data += Get-ADUser -Filter * -Properties * | Select-Object Name,LastLogonDate
  $data | export-csv C:\users.csv -notypeinformation
  Any ideas?

  Hi ESXi,
  I’m writing to just check in to see
  if the suggestions were helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up.
  If you have
  any feedback on our support, please click here.
  Best Regards,
  Anna Wang
  TechNet Community Support