PowerShell Get-ADUser cmdlet available in ActiveDirectory module is more frequently used by Admin on their day-to-day task to get one or more active directory users’ information.
Get-ADUser is a powerful cmdlet to get active directory user information, ad user object attributes, and quickly identify users and their information in the active directory. You can perform a search to get multiple user objects, and build reports.
Get-AdUser cmdlet provides multiple parameters like identity to get a user based on distinguished name, GUID or Security Account Manager (SAM).
Get-AdUser uses Filter parameter specify query string to retrieve ad user account objects, and many more. We will discuss all the parameters with real word get-aduser examples.
Get-AdUser cmdlet
Synopsis
Get one or more Active Directory users
Name
Get-ADUser
Syntax
Get-ADUser [-AuthType <ADAuthType>] [-Credential <PSCredential>] -Filter <String> [-Properties <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [<CommonParameters>] Get-ADUser [-AuthType <ADAuthType>] [-Credential <PSCredential>] [-Identity] <ADUser> [-Partition <String>] [-Properties <String[]>] [-Server <String>] [<CommonParameters>] Get-ADUser [-AuthType <ADAuthType>] [-Credential <PSCredential>] -LDAPFilter <String> [-Properties <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [<CommonParameters>]
PowerShell Get-AdUser Examples
- Using
Get-ADUserIdentity parameter
To get an Active Directory user object by using one of the following properties like
- Distinguished name
- GUID
- Security Account Manager (SAMAccountName)
- Security Identifier (objectSid)
To get-aduser all properties for user account
Get-ADUser -Identity GarySmith -Properties *
In the above get aduser example, command get aduser all properties identified by user name GarySmith
Get-AdUser -Identity to get specified property for user account
Get-ADUser -Identiy GarySmith -Properties DisplayName, SAMccountName,CanonicalName,Description
In the above Get-AdUser example, it gets Specified properties like DisplayName, SAMAccountName, CanonicalName, and Description for aduser GarySmith
Using Get-ADUser user account object to Select-Object
Get-ADUser Test.User -Properties * | Select-Object -ExpandProperty description
Get-ADUser -Identity GarySmith -Properties DisplayName,Description | ForEach-Object {
$_.Displayname
$_.Description
}
In the above get aduser example, Get-Aduser user object pass to another command to Select-Object and return single property.
If you want multiple properties, pipe Get-AdUser object to ForEach-Object.
- Using
Get-ADUserFilter Examples
Filter parameter specify a query string that retrieves active directory objects. Query string uses PowerShell Expression language syntax.
The syntax uses an in-order representation. You can use the below command to get more information about the filter parameter
Get-Help about_ActiveDirectory_Filter
To get a specified user from the active directory
Get-ADUser -Filter "Name -eq 'GarySmith'" -SearchBase 'OU=Sales, DC=AppDC, DC=com' -Properties DisplayName
In the above get-aduser filter example, the command gets the user with the name equal to GarySmith using the get-aduser filter parameter in the given SearchBase.
Get-AdUser Filter to get all users sort by name
get-aduser –filter * | select name | sort-object –property name
In the above PowerShell get-aduser filter example, the command gets all the users using filter parameter with * and passes get-aduser objects to another command to select only name attribute and perform sort over name attribute.
To get a filtered list of users
Get-ADUser -Filter 'Name -like "*Smith"' | Format-Table Name, SamAccountName -A
PowerShell Get-ADUser Filter parameter returns all the users whose name ends with Smith and displays results in table format
To get all users in a container
Get-ADUser -Filter * -SearchBase "OU=Sales, DC=AppDC, DC=com"
The above command will get -aduser all users in the container having OU = Sales, DC = AppDC and DC = com
To get users accounts from the specified location
Get-ADUser -Filter {City -like "Houston"} -Properties Name,SAMAccountName,Modified | ft Name,SAMAccountName,Modified
The above command will get the aduser account and properties where a city like Houston.
To export user account to csv file
Get-ADUser -Filter {City -like "Houston"} -Properties Name,SAMAccountName,Modified | ft Name,SAMAccountName,Modified | Export-CSV -path D:\PowerShell\AdUser_Houston.csv -NoTypeInformation
In the above Get-ADUser example, the command checks ad user object from a city like ‘Houston’ using the Filter parameter and passes the output to the second command.
The second command displays ad user properties and passes ad user object to the third command.
The third command uses the Export-CSV cmdlet to export aduser all properties to the CSV file on the path.
Cool Tip: Guide to active directory ports and authentication protocols!
Conclusion
Get-ADUser cmdlet is a very powerful cmdlet and comes as handy to get aduser account information from Active Directory. I hope the above topic information helps you to retrieve user information from ActiveDirectory.
We can make use of the Get-ADUser cmdlet to get user accounts email address and export them to CSV, you can read more about how to get active directory email address using PowerShell.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.
Recommended Content
PowerShell List Ad Users – Get the List of Users from the Active Directory.
Get AdUser GUID – Get AdUser Object GUID in PowerShell.