PowerShell Get-ADUser cmdlet available in ActiveDirectory module more frequently used by Admin on their day to day task to get one or more active directory users information.
Get-ADUser is a powerful cmdlet to get active directory user information, ad user object attributes, quickly identifying users and their information in the active directory. You can perform a search to get multiple user objects, build reports.
Get-AdUser cmdlet provides multiple parameters like identity to get user based on distinguished name, GUID or Security Account Manager (SAM), Filter parameter specify query string to retrieve ad user account objects and many more. We will go through all the parameters with real word get-aduser examples.
Get-AdUser cmdlet
Synopsis
Get one or more Active Directory users
Name
Get-ADUser
Syntax
Get-ADUser [-AuthType <ADAuthType>] [-Credential <PSCredential>] -Filter <String> [-Properties <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [<CommonParameters>] Get-ADUser [-AuthType <ADAuthType>] [-Credential <PSCredential>] [-Identity] <ADUser> [-Partition <String>] [-Properties <String[]>] [-Server <String>] [<CommonParameters>] Get-ADUser [-AuthType <ADAuthType>] [-Credential <PSCredential>] -LDAPFilter <String> [-Properties <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [<CommonParameters>]
PowerShell Get-AdUser Examples
- Using
Get-ADUserIdentity parameter
To get Active Directory user object by using one of the following properties like
- Distinguished name
- GUID
- Security Account Manager (SAMAccountName)
- Security Identifier (objectSid)
To get-aduser all properties for user account
Get-ADUser -Identity GarySmith -Properties *
In the above get aduser example, command get aduser all properties identified by user name GarySmith
Get-AdUser -Identity to get specified property for user account
Get-ADUser -Identiy GarySmith -Properties DisplayName, SAMccountName,CanonicalName,Description
In the above Get-AdUser example, it gets Specified property like DisplayName, SAMAccountName, CanonicalName and Description for aduser GarySmith
Using Get-ADUser user account object to Select-Object
Get-ADUser Test.User -Properties * | Select-Object -ExpandProperty description
Get-ADUser -Identity GarySmith -Properties DisplayName,Description | ForEach-Object {
$_.Displayname
$_.Description
}
In the above get aduser example, Get-Aduser user object pass to another command to Select-Object and return single property.
If you want multiple properties, pipe Get-AdUser object to ForEach-Object.
- Using
Get-ADUserFilter Examples
Filter parameter specify a query string that retrieves active directory objects. Query string uses PowerShell Expression language syntax.
The syntax uses an in-order representation. You can use the below command to get more information about the filter parameter
Get-Help about_ActiveDirectory_Filter
To get a specified user from active directory
Get-ADUser -Filter "Name -eq 'GarySmith'" -SearchBase 'OU=Sales, DC=AppDC, DC=com' -Properties DisplayName
In the above get-aduser filter example, the command gets the user with the name equal to GarySmith using the get-aduser filter parameter in the given SearchBase.
Get-AdUser Filter to get all users sort by name
get-aduser –filter * | select name | sort-object –property name
In the above PowerShell get-aduser filter example, the command gets all the users using filter parameter with * and pass get aduser objects to another command to select only name attribute and perform sort over name attribute.
To get filtered list of users
Get-ADUser -Filter 'Name -like "*Smith"' | Format-Table Name, SamAccountName -A
PowerShell Get-ADUser Filter parameter returns all the users whose name ends with Smith and display results in table format
To get all users in a container
Get-ADUser -Filter * -SearchBase "OU=Sales, DC=AppDC, DC=com"
The above command will get -aduser all users in the container having OU = Sales, DC = AppDC and DC = com
To get users accounts from the specified location
Get-ADUser -Filter {City -like "Houston"} -Properties Name,SAMAccountName,Modified | ft Name,SAMAccountName,Modified
The above command will get the aduser account and properties where a city like Houston.
To export user account to csv file
Get-ADUser -Filter {City -like "Houston"} -Properties Name,SAMAccountName,Modified | ft Name,SAMAccountName,Modified | Export-CSV -path D:\PowerShell\AdUser_Houston.csv -NoTypeInformation
In the above Get-ADUser example, the command checks ad user object from a city like ‘Houston’ using the Filter parameter and passes the output to the second command.
The second command displays ad user properties and passes ad user object to the third command.
The third command uses the Export-CSV cmdlet to export aduser all properties to the CSV file on the path.
Cool Tip: Guide to active directory ports and authentication protocols!
Conclusion
Get-ADUser cmdlet is a very powerful cmdlet and comes as handy to get aduser account information from Active Directory. I hope the above topic information helps you to retrieve user information from ActiveDirectory.
We can make the use of Get-ADUser cmdlet to get user accounts email address and export to CSV, you can read more about how to get active directory email address using PowerShell.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.