SYNOPSIS
Gets one or more Active Directory users.
CMDLET ALIASES
None
DESCRIPTION
The Get-ADUser
cmdlet gets a user object or performs a search to retrieve multiple user objects.
The Identity
parameter specifies the Active Directory user to get. You can identify a user by its distinguished name (DN), GUID, security identifier (SID), Security Accounts Manager (SAM) account name or name. You can also set the parameter to a user object variable, such as $<localUserObject>
or pass a user object through the pipeline to the Identity parameter.
To search for and retrieve more than one user, use the Filter
or LDAPFilter
parameters. The Filter
parameter uses the PowerShell Expression Language to write query strings for Active Directory. PowerShell Expression Language syntax provides rich type conversion support for value types received by the Filter parameter. For more information about the Filter parameter syntax, type Get-Help about_ActiveDirectory_Filter
. If you have existing LDAP query strings, you can use the LDAPFilter parameter.
This cmdlet retrieves a default set of user object properties. To retrieve additional properties use the Properties parameter. For more information about the how to determine the properties for user objects, see the Properties parameter description.
SYNTAX
Get-ADUser
[-AuthType {Negotiate | Basic}]
[-Credential <PSCredential>]
[-Properties <String[]>]
[-ResultPageSize <Int32>]
[-ResultSetSize <Int32>]
[-SearchBase
<String>] [-SearchScope {Base | OneLevel | Subtree}]
[-Server <String>] -Filter <String> [<CommonParameters>]
Get-ADUser
[-Identity] <ADUser>
[-AuthType {Negotiate | Basic}]
[-Credential <PSCredential>]
[-Partition <String>]
[-Properties <String[]>]
[-Server <String>]
[<CommonParameters>]
Get-ADUser
[-AuthType {Negotiate | Basic}]
[-Credential <PSCredential>]
[-Properties <String[]>]
[-ResultPageSize <Int32>]
[-ResultSetSize <Int32>]
[-SearchBase <String>]
[-SearchScope {Base | OneLevel | Subtree}]
[-Server <String>] -LDAPFilter <String>
[<CommonParameters>]
EXAMPLES
Get-ADUser -Identity Michael_Kanakos -Properties * | select last*
- gets all properties for Michael_kanakos
- displays any fields that start with Last
get-aduser –filter * | select name | sort-object –property name
- Gets all users
- Shows only name field
- Sorts by name
get-aduser –SearchBase “OU=Users,OU=NewYork,DC=BIGFIRM,DC=BIZ” –filter *
- gets all AD users at specified OU
get-aduser michael_kanakos -prop * | select samaccountname, @{Name='Manager';Expression={(Get-ADUser ($_.manager)).samaccountname}}
- get user named Michael_kanakos and returns the SAMAccountName of manager for user
get-aduser michael_kanakos -prop * | select name, *phone | fl
- gets all properties for MichaeL_kanakos
- displays name and all fields that match phone
- displays as list
get-aduser michael_kanakos -prop * | select name, *phone | ft
- gets all properties for MichaeL_kanakos
- displays name and all fields that match phone
- displays as table
get-aduser michael_kanakos -prop department, manager | select name, department, manager | fl
- gets department and manager fields for user named Michael_Kanakos
- displays name, department and manager fields
- displays as a list
get-aduser -filter * -properties emailAddress, Created | Where-Object { $_.created -gt (get-date).AddDays(-180)} |
select-object Name, GivenName, Surname, SAMAccountName, EmailAddress, Created | sort Surname |
export-csv C:\Scripts\Output\emailaddresslist.csv -NoTypeInformation
- get all user accounts created in the last 180 days
- select name, First, Last, Username & Account Creation Date
- sort by last name
- export to CSV
get-aduser -filter 'Name -like "sh-*"' -prop logonworkstations | select name, logonworkstations |
export-csv C:\Scripts\Output\Shared-Service-Accounts.csv -NoTypeInformation
- get all user accounts that start with SH*
- select name and logonworkstations fields
- dump to CSV