New to using Powershell, so I apologize for any noobness that I show.
I'm trying to extract user names, active status, Expiration Dates and Titles from Active Directory.
My Powershell command is:
Get-ADUser -Filter * -SearchBase "DC=XXX,DC=XXXX" |
Select-Object Name, GivenName, Surname, SamAccountName, DistinguishedName, enabled, Title, AccountExpirationDate |
Export-Csv -Path c:\users\myname\ADUsersWithExpirationDate.csv
The query runs successfully, but does not ever show a Title or Expiration Date even though some user accounts have either or both values in AD. Also status (Enabled) does not always populate: the returned values are True, False, or null. All of the Nulls (that I've checked) are active user accounts, but appear to be in non-standard OU's (Admins for example).
Any insight or recommendations are very welcome.
Thanks in advance.
By default the AD cmdlets don't return all the attributes. You need to use the -Properties parameter to add the AccountExpirationDate and Title attributes to the query. Your command should look something like:
Get-ADUser -Filter * -SearchBase "DC=XXX,DC=XXXX" -Properties 'Title','AccountExpirationDate' |
Select-Object Name, GivenName, Surname, SamAccountName, DistinguishedName, enabled, Title, AccountExpirationDate |
Export-Csv -Path c:\users\myname\ADUsersWithExpirationDate.csv
Related
I have an application that has never had old users cleaned out of it. I exported all the LastName, FirstName to a .CSV, but would like to have it add the SAM Account Name as well. This is so I know whether the person even still exists in the company. The below script works perfectly, but...if there is no existing SAM name, it doesn't bother to include the display name. I would like to have the field called SamAccountName just put in some text like "To be removed" if there is no matching AD account. I sure it's a simple conditional check, but my PowerShell game is weak.
Import-Csv c:\temp\DisplayName.csv | ForEach {
Get-ADUser -Filter "DisplayName -eq '$($_.DisplayName)'" -Properties Name, SamAccountName, Company |
Select Name, SamAccountName, Company
} | Export-CSV -path C:\temp\SamAccountName.csv -NoTypeInformation
You can use a calculated property for that. That way you pass everything from the original CSV, and just add in the samaccountname you want.
Import-Csv c:\temp\DisplayName.csv | Select *,#{l='samAccountName';e={Get-ADUser -Filter "DisplayName -eq '$($_.DisplayName)'" -Properties Name, SamAccountName, Company | Select -Expand SamAccountName}} | Export-CSV -path C:\temp\SamAccountName.csv -NoTypeInformation
I need to bulk "download" every user we have on Active directory.
I need the email address, location etc.
I have been looking into the PowerShell command "Get-ADuser -Filter", however I need some help getting this to work.
See the documentation for Get-ADUser which has several examples as well.
If you want to retrieve every user, you can use an asterisk * with the Filter parameter. Otherwise, you can filter using a specific property.
You can specify which properties to return using the Properties parameter. By default, the cmdlet will only return a default set of properties, which are below
DistinguishedName
Enabled
GivenName
Name
ObjectClass
ObjectGUID
SamAccountName
SID
Surname
UserPrincipalName
Example: Get every user with default property set
Get-ADUser -Filter *
Example: Get every enabled user with default property set
Get-ADUser -Filter 'enabled -eq $true'
Example: Get every user with specific properties
Get-ADUser -Filter * -Properties emailAddress,office,city
Example: Get every user with every property
Get-ADUser -Filter * -Properties *
Example: Get every user with every property and export as a CSV
Get-ADUser -Filter * -Properties * | Export-CSV -Path "C:\Temp\ADUsers.csv" -NoTypeInformation
Additional Info
Active Directory: Get-ADUser Default and Extended Properties
I have a script that is supposed to search for computers in different OUs with the same name in AD.
eg.
Get-ADComputer -filter * -Searchbase "OU=domain,DC=home,DC=com" -properties * |
Where-Object {$_.DistinguishedName -like "*XXX09*"} |
Select name, DistinguishedName
Everything works fine, but it is terribly slow, is there any way to speed it up, or build the script differently ?
Not only can you speed-up this by using a filter, but also, using -Properties * is asking for ALL properties. That is useless and time consuming in this case because you only want to retrieve the Name and DistinguishedName.
Get-ADCumputer by default already returns these properties:
DistinguishedName, DNSHostName, Enabled, Name, ObjectClass, ObjectGUID, SamAccountName, SID, UserPrincipalName.
Try
Get-ADComputer -Filter "DistinguishedName -like '*XXX09*'" | Select-Object Name, DistinguishedName
Use the filter during the search instead of after will reduce the query time quite a bit.
Get-ADComputer -filter 'DistinguishedName -like "*XXX09*"' -Searchbase "OU=domain,DC=home,DC=com" -properties * | select name, DistinguishedName
You might need to tune the query slighty, but i tested it with 'name' instead of 'DistinguishedName' and that works just fine (and quite a bit quicker ;))
I need to export some information from active directory.
The current powershell script successfully get all the information it is asking for, but I want to also grab the user attribute "description" or "company."
$OUpath = 'OU=OU,DC=DC'
$ExportPath = 'C:\path\users_in_ou7.csv'
Get-ADUser -Filter * -SearchBase $OUpath | Select-object GivenName, Surname,Name,UserPrincipalName | Export-Csv -NoType $ExportPath
When I add either of those to the Select-object portion is turns up blank in my CSV.
For example:
Select-object Description, Company, GivenName, Surname, Name, UserPrincipalName
Column headers are inserted into the CSV, but the values are blank. These attributes are populated in each of the user properties in AD. I am not sure if I am calling them correctly in my script. Any help would be appreiceiated. Thank you.
Use the -Properties parameter of the Get-ADUser cmdlet.
From the Get-ADUser documentation:
This cmdlet retrieves a default set of user object properties. To retrieve additional properties use the Properties parameter.
Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, specify * (asterisk).
You add the -properties * to the query to extract all attributes.
Get-ADUser -Filter * -SearchBase $OUpath -properties * | Select-object Description,GivenName, Surname,Name,UserPrincipalName | Export-Csv -NoType $ExportPath
I'd like to get a list of users that haven't used their account in the past 90 days. And I'd like to see in which OU/DC they are without getting the CN. is this possible? I'm using PowerShell ISE for this
I currently have
Search-ADAccount -UsersOnly –AccountInActive –TimeSpan 90:00:00:00
–ResultPageSize 2000 –ResultSetSize $null
| ?{$_.Enabled –eq $True}
| Select-Object Name, SamAccountName, DistinguishedName, LastLogonDate
| Export-CSV “C:\Temp\InActiveUsers.CSV” –NoTypeInformation
This returns the full distinguished name and I have to remove the CN in Excel afterwards, which is an annoying mess - I'd rather not deal with that repeatedly.
The solution doesn't have to be based on search-adaccount, but I do want it to be in a single code, so I don't have to get a list of users and then use that list with another bit of code to get their OU/DC.
You can grab the superior DN by splitting the string on the first non-escaped comma and discard the CN part:
# ...
| Select-Object Name,SamAccountName,#{Name='OU';Expression={($_.DistinguishedName -split '(?<!\\),',2)[1]}}, LastLogonDate
If your domain is running at least Windows 2012, you can ask for the msDS-parentdistname attribute, which will give you the DN of the parent object. It's a constructed attribute, which means it's calculated at the time you ask for it. You have to specifically ask for it, which means in this case I think you'll have to pipe the result into Get-ADUser to do so. That might slow things down quite a bit (there are faster ways to do this) but it should work.
Search-ADAccount -UsersOnly –AccountInActive –TimeSpan 90:00:00:00
–ResultPageSize 2000 –ResultSetSize $null
| ?{$_.Enabled –eq $True}
| Get-AdUser -Properties Name, SamAccountName, "msDS-parentdistname", LastLogonDate
| Select-Object Name, SamAccountName, "msDS-parentdistname", LastLogonDate
| Export-CSV "C:\Temp\InActiveUsers.CSV" –NoTypeInformation