Powershell

Use powershell see important account properties

Powershell is a powerful way to manage Active Directory. Let's take a look at this topic - Use powershell see important account properties and leverage it.

Highlights

  •  As you can see from the post, in a few simply commandlets, we can use powershell see important account properties and have pertinent information at our fingertips about a user account.
  •  Powershell provides access to query on all the properties of the objects that you would like to see as well as carry out actions based on those if you like as well.
  •  Now we can start selecting attributes to really hone in on the exact properties that we would like to see in the results.

When it comes to querying Active Directory, there is no easier way to see information about user and computer objects than by using Powershell.  Powershell provides access to query on all the properties of the objects that you would like to see as well as carry out actions based on those if you like as well.

This includes selecting a subset of attributes that you would like to see.  This can be extremely handy if you want to see a group of particular attributes that are helpful in troubleshooting certain user logon issues for instance.  Let’s take a look at how to use powershell see important account properties.

Use powershell see important account properties

Let’s look at the basics with get-aduser.  You can see all the properties of get-aduser by running the get-help get-aduser commands.

NAME
    Get-ADUser

SYNOPSIS
    Gets one or more Active Directory users.


SYNTAX
    Get-ADUser [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-Properties <String[]>] [-ResultPageSize
    <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope {Base | OneLevel | Subtree}] [-Server
    <String>] -Filter <String> [<CommonParameters>]

    Get-ADUser [-Identity] <ADUser> [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-Partition <String>]
    [-Properties <String[]>] [-Server <String>] [<CommonParameters>]

    Get-ADUser [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-Properties <String[]>] [-ResultPageSize
    <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope {Base | OneLevel | Subtree}] [-Server
    <String>] -LDAPFilter <String> [<CommonParameters>]

As you can see above there are quite a few parameters that can be passed to the get-aduser commandlet.  If we want to see all the users we have in Active Directory, we can do that with the following:

get-aduser -filter *

Now we can start to see the power of get-aduser for select and querying users.  Let’s add a bit of filtering to this command above to select based on identity of a particular user.

get-aduser -identity username -properties *

The above will show all the attributes of the Active Directory user.  Now we can start selecting attributes to really hone in on the exact properties that we would like to see in the results.  For instance:

get-aduser -identity username -properties * | select samaccountname, lockedout

Now, what is really useful is to pull out most if not all the attributes that are helpful in troubleshooting a user having problems logging in:

get-aduser -identity username -properties * | select accountexpirationdate, accountexpires, accountlockouttime, badlogoncount, padpwdcount, lastbadpasswordattempt, lastlogondate, lockedout, passwordexpired, passwordlastset, pwdlastset | format-list

You will see results similar to the following in a nice, neat, formatted list:

accountlockout01

If you wanted to see the above properties for every user you have in Active Directory, you could do the following:

get-aduser -filter * -properties * | select accountexpirationdate, accountexpires, accountlockouttime, badlogoncount, padpwdcount, lastbadpasswordattempt, lastlogondate, lockedout, passwordexpired, passwordlastset, pwdlastset | format-list

Final Thoughts

Powershell commandlets are a great way to manage your Active Directory infrastructure – especially when it comes to querying user and computer accounts and attributes set for each one.  As you can see from the post, in a few simply commandlets, we can use powershell see important account properties and have pertinent information at our fingertips about a user account.

Subscribe to VirtualizationHowto via Email 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.