Get-ADUser - Cmdlet Syntax and Examples

May 14, 2018 PowerShell, Active-Directory, Get-ADUser


Gets one or more Active Directory users.




The Get-ADUser cmdlet gets a user object or performs a search to retrieve multiple user objects.

The Identity parameter specifies the Active Directory user to get. You can identify a user by its distinguished name (DN), GUID, security identifier (SID), Security Accounts Manager (SAM) account name or name. You can also set the parameter to a user object variable, such as $<localUserObject> or pass a user object through the pipeline to the Identity parameter.

To search for and retrieve more than one user, use the Filter or LDAPFilter parameters. The Filter parameter uses the PowerShell Expression Language to write query strings for Active Directory. PowerShell Expression Language syntax provides rich type conversion support for value types received by the Filter parameter. For more information about the Filter parameter syntax, type Get-Help about_ActiveDirectory_Filter. If you have existing LDAP query strings, you can use the LDAPFilter parameter.

This cmdlet retrieves a default set of user object properties. To retrieve additional properties use the Properties parameter. For more information about the how to determine the properties for user objects, see the Properties parameter description.


    [-AuthType {Negotiate | Basic}] 
    [-Credential <PSCredential>] 
    [-Properties <String[]>] 
    [-ResultPageSize <Int32>] 
    [-ResultSetSize <Int32>] 
    <String>] [-SearchScope {Base | OneLevel | Subtree}] 
    [-Server <String>] -Filter <String> [<CommonParameters>]

    [-Identity] <ADUser> 
    [-AuthType {Negotiate | Basic}] 
    [-Credential <PSCredential>] 
    [-Partition <String>] 
    [-Properties <String[]>] 
    [-Server <String>]

    [-AuthType {Negotiate | Basic}] 
    [-Credential <PSCredential>] 
    [-Properties <String[]>] 
    [-ResultPageSize <Int32>] 
    [-ResultSetSize <Int32>] 
    [-SearchBase <String>] 
    [-SearchScope {Base | OneLevel | Subtree}] 
    [-Server <String>] -LDAPFilter <String> 


Get-ADUser -Identity Michael_Kanakos -Properties * | select last*  
  • gets all properties for Michael_kanakos
  • displays any fields that start with Last

get-aduser –filter * | select name | sort-object –property name
  • Gets all users
  • Shows only name field
  • Sorts by name

get-aduser –SearchBase “OU=Users,OU=NewYork,DC=BIGFIRM,DC=BIZ” –filter *
  • gets all AD users at specified OU

get-aduser michael_kanakos -prop * | select samaccountname, @{Name='Manager';Expression={(Get-ADUser ($_.manager)).samaccountname}}
  • get user named Michael_kanakos and returns the SAMAccountName of manager for user

get-aduser michael_kanakos -prop * | select name, *phone | fl
  • gets all properties for MichaeL_kanakos
  • displays name and all fields that match phone
  • displays as list

get-aduser michael_kanakos -prop * | select name, *phone | ft
  • gets all properties for MichaeL_kanakos
  • displays name and all fields that match phone
  • displays as table

get-aduser michael_kanakos -prop department, manager | select name, department, manager | fl
  • gets department and manager fields for user named Michael_Kanakos
  • displays name, department and manager fields
  • displays as a list

get-aduser -filter * -properties emailAddress, Created | Where-Object { $_.created -gt  (get-date).AddDays(-180)} | 
select-object Name, GivenName, Surname, SAMAccountName, EmailAddress, Created | sort Surname | 
export-csv C:\Scripts\Output\emailaddresslist.csv -NoTypeInformation
  • get all user accounts created in the last 180 days
  • select name, First, Last, Username & Account Creation Date
  • sort by last name
  • export to CSV

get-aduser -filter 'Name -like "sh-*"' -prop logonworkstations | select name, logonworkstations | 
export-csv C:\Scripts\Output\Shared-Service-Accounts.csv -NoTypeInformation
  • get all user accounts that start with SH*
  • select name and logonworkstations fields
  • dump to CSV