I want to get a list of all AD Users and their creation time and last logon time. First I used the Active Diretory Users and Computers app and activated the Advanced Features. In the Attribute Editor I can see the properties are called LastLogon and WhenCreated.
So I did this:
$allUsers = Get-ADUser -Filter * -Properties SamAccountName,LastLogon,WhenCreated
$allUsers | select SamAccountName,LastLogon,WhenCreated
However LastLogonand WhenCreated are only filled for 13 of 500 Users. In the Attribute Editor these values are filled for a lot more...
When I query one user only that has these values in the Attribute Editor with Get-ADUser -Identity $User -Properties * I see that the attributes are called LastLogonDateand Created (values are shown empty).
So I searched for those attributes:
$allUsers2= Get-ADUser -Filter * -Properties SamAccountName,LastLogonDate,Created
$allUsers2 | select SamAccountName,LastLogonDate,Created
Then again those 13 have the info the rest doesn't.
Has anyone an idea how I get those values? (I am going to export them with Export-CSV so another way to get those in Excel is ok, too )
As requested my comments as answer.
First attempt:
Add the -Server switch on Get-ADUser and have it query the same Domain Controller you are currently connected to with Active Directory Users and Computers. It may be that you are asking for properties that have not yet been synchronized (especially the lastLogon time stamp which I believe is synced only once every 14 days unless you have specified a different value for the ms-DS-Logon-Time-Sync-Interval attribute on the domain default naming context.)
--> didn't apply because you're running this on the DC itself
Second attempt:
Try ADSI as in $searcher = [adsisearcher]'(&(objectCategory=person)(objectClass=user))'; $searcher.FindAll()
--> same results as with Get-ADUser; still empty values
Third attempt:
Check PowerShell version(s)
--> apparently the DC had PS version 4. With version 5.1 it works
First, look at what properties your cmdlet has:
$a = Get-ADUser -server 'DomenNameTest.en' -Identity 'makarovayu' -Properties *
$a | Get-Member
I recommend copying the received data into a notepad in order to copy the available field names later.
2-Let's declare an array and use the cmdlet to try to collect information on the required fields
$userList = Get-ADUser -server 'DomenNameTest.en' -Properties SamAccountName,Name -Filter * |
#Do not forget that the comanlet has a limitation and can fall off on timeout.See how I work with each property in [select]
Select #{Name = "SamAccountName"; Expression={$_.SamAccountName}},#{Name = "Name"; Expression={$_.Name}} |
#Uploading data to [csv]
Export-Csv -Path "D:\Users\userTest\Desktop\userList.csv" -Append -NoTypeInformation -Encoding Default -Delimiter ';'
Remove-Variable a,userList #Clear the variables
Related
I'm pretty new on Powershell and this is by far the trickiest task I have gotten so far. I want to write a script that shows me if the same personal identity number occurs on multiple AD users.
I have managed to get a list of all AD users and their ID numbers using the Powershell Active Directory module and the following:
Get-ADUser -Filter * -SearchBase "OU=X,DC=X,DC=X,DC=X" -Properties PersonalIdentityNumber | Select-Object Name,PersonalIdentityNumber | Where-Object {$_.PersonalIdentityNumber} | Sort-Object -Property PersonalIdentityNumber
Although, I am not sure where to go from there. I suspect that I will have to use a for or foreach loop in some way, but I have tested a bit and not made any concluions. It will most likely be too heavy to compare every user against all other users, but I think that every user can be compared to the 20 users before or after, since matching ID numbers will probably be on users with the same name.
Any ideas on how to accomplish this?
Use the Group-Object cmdlet to group the users based on the value of the PersonalIdentityNumber property:
$usersWithPIN = Get-ADUser -Filter * -SearchBase "OU=X,DC=X,DC=X,DC=X" -Properties PersonalIdentityNumber | Select-Object Name,PersonalIdentityNumber | Where-Object {$_.PersonalIdentityNumber}
$usersWithSamePINGroups = $usersWithPIN |Group-Object PersonalIdentityNumber |Where-Object Count -gt 1
$usersWithSamePINGroups will now contain zero or more Group objects with a Count property (the number of users sharing a given PIN), and a Group property containing the user objects in question
I'm using the below line of code to get a list of computers from Active Directory and then export them to a CSV file along with certain properties. However, only "SamAccountName" and "DNSHostName" are returning values inside the CSV file. All other properties are empty.
Get-ADComputer -filter * | Select-Object -Property SamAccountName,DNSHostName,PasswordLastSet,whenCreated,accountExpirationDate,operatingSystem,operatingSystemServicePack,operatingSystemVersion,userAccountControl,LastLogonDate |export-csv -path "C:\Users\output.csv"
When I choose only the property "PasswordLastSet", the CSV file looks odd and returns only true and false as opposed to a date and time. For instance, here are the first three lines:
#TYPE Selected.Microsoft.ActiveDirectory.Management.ADComputer
enabled
TRUE
Is there something wrong with the way I'm approaching this?
AD objects like ADComputer have a lot of properties and Get-ADComputer, by default, retrieves just a few of those properties for performance reasons. Use the -properties parameter to specify the properties you need.
Get-ADComputer -filter * -Properties SamAccountName,DNSHostName,PasswordLastSet,whenCreated,accountExpirationDate,operatingSystem,operatingSystemServicePack,operatingSystemVersion,userAccountControl,LastLogonDate
| Select-Object -Property SamAccountName,DNSHostName,PasswordLastSet,whenCreated,accountExpirationDate,operatingSystem,operatingSystemServicePack,operatingSystemVersion,userAccountControl,LastLogonDate
| export-csv -path "C:\Users\output.csv"
Use -properties * to get all
I have a PowerShell script that compares the contents of a CSV file with Active Directory. The CSV file contains a list of demographic information of people already in AD. One of the columns is "emplid". The values in this field correspond to the values of the "employeeID" attribute of user objects in AD. So, I currently use this "emplid" property to cross reference AD and find the corresponding user accounts. To do this I use a line similar to this:
$UserAccounts = $ListOfEmloyeeIDs | ForEach-Object {Get-ADUser -Properties * -Filter {employeeID -Eq $_}}
I then use this to add those user accounts to a security group:
$UserAccounts.SamAccountName | ForEach-Object {Add-ADGroupMember -Identity SpecialSecurityGroup -Members $_}
The problem is with the first line. There are thousands of user accounts and the script can take hours to run. This has also led to complaints from the AD admins. What I would like to do is load all active AD users into a variable (which takes less than 2 minutes to run) using:
$ADPeopleActive = Get-ADUser -SearchBase "OU=People,DC=MyAD,DC=com" -Properties EmployeeID -Filter {Enabled -Eq $True}
Then I would like to do my cross reference against this array and build a list of SamAccountNames to feed to something like my second line to populate my security group.
My problem is I can't figure out a way to do this cross reference against an array that I've built the same way I can cross reference with AD using Get-ADuser. Can anyone help?
Something like
$UserAccounts = $ADPeopleActive| Where-Object { $ListOfEmloyeeIDs -contains $_.EmployeeID }
?
I have created the below
Get-ADGroup -Filter * -SearchBase "DC=Domain,dc=.com" -properties name, members |
Select-Object *,#{Name='Member';Expression={$_.Members -replace '^CN=([^,]+).+$','$1'}} |
FT Name, Member -Autosize |
out-file c:\text.txt
Ignore Domain and .com I have them populated with my relevant information, but for sake of here removed them.
When I run this it returns what I'm after but when looking at the members within the group they all end with ... and don't show all the members
There are a few things to correct. Let's look at them in order. The actual AD query can be simplified: you only need to specify 'Members' as an additional property to retrieve as 'Name' is brought back by default:
Get-ADGroup -Filter * -SearchBase "DC=Domain,dc=.com" -properties members
Given that you only want to output two properties ('Name' and your custom one 'Member'), use your select to retrieve only the ones you want:
Select-Object Name ,#{Name='Member';Expression={$_.Members -replace '^CN=([^,]+).+$','$1'}}
Remove the Format-Table: we have already limited the selection in the previous command. Format cmdlets are designed to format the output to the console window and best practice dictates that they should only be used for that purpose and that they should always be the last element of a pipeline.
Piping all of that to Export-Csv will then produce what you want:
Export-Csv -NoTypeInformation -Path C:\text.csv
This one did the trick for me
Get-ADGroupMember -Identity Administrators | Select-Object name, objectClass,distinguishedName | Export-CSV -Path “adgroupmembers.csv”
I got this here.
https://www.lepide.com/how-to/export-members-of-a-particular-ad-group-using-poweshell.html#:~:text=The%20PowerShell%20Get%2DADGroupMember%20cmdlet,group%20you%20want%20to%20use.
I have a small script in powershell written to query user groups in a specific OU in AD to get the name of those groups and to also try and get the ManagedBy attribute of those groups. I've been searching online and here for solutions to why the ManagedBy attribute is not populated results but I have had no luck. Every solution I have found has been written in C# (or another language) and I have tried using the Quest software for AD which doesn't seem to help.
$test = 'OU=example,DC=example,DC=test'
$test | ForEach {Get-ADGroup -Filter * -Properties ManagedBy -SearchBase $_ } | Select Name, Properties | Sort -Property Name | Out-File C:\test.csv
I am only getting results of the name of the groups and empty brackets for the ManagedBy attribute. My question is, is there anyway to query the managedby attribute in powershell without using another language or integrating different plugins? I've never written in C and I would prefer using native powershell if possible.
You've got an error in your Select. Properties should be ManagedBy.
$test = 'OU=example,DC=example,DC=test'
$test | ForEach {Get-ADGroup -Filter * -Properties ManagedBy -SearchBase $_ } |
Select Name, ManagedBy |
Sort -Property Name |
Out-File C:\test.csv