The PowerShell Get-ADUser cmdlet available in the ActiveDirectory module is more frequently used by Admin on their day-to-day task to get one or more active directory users’ information.
Get-ADUser is a powerful cmdlet to get active directory user information, ad user object attributes, and quickly identify users and their information in the active directory. You can perform a search to get multiple user objects, and build reports.
Get-AdUser cmdlet provides multiple parameters like identity to get a user based on a distinguished name, GUID, or Security Account Manager (SAM).
Get-AdUser uses a Filter parameter to specify query string to retrieve ad user account objects and many more. We will discuss all the parameters with real-world get-aduser examples.
Get-AdUser cmdlet
Synopsis
Get one or more Active Directory users
Name
Get-ADUser
Syntax
Get-ADUser [-AuthType <ADAuthType>] [-Credential <PSCredential>] -Filter <String> [-Properties <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [<CommonParameters>] Get-ADUser [-AuthType <ADAuthType>] [-Credential <PSCredential>] [-Identity] <ADUser> [-Partition <String>] [-Properties <String[]>] [-Server <String>] [<CommonParameters>] Get-ADUser [-AuthType <ADAuthType>] [-Credential <PSCredential>] -LDAPFilter <String> [-Properties <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [<CommonParameters>]
PowerShell Get-AdUser Examples
- Using
Get-ADUserIdentity parameter
To get an Active Directory user object by using one of the following properties like
- Distinguished name
- GUID
- Security Account Manager (SAMAccountName)
- Security Identifier (objectSid)
Using Get-ADUser Filter Examples
Filter parameter specify a query string that retrieves active directory objects. Query string uses PowerShell Expression language syntax.
The syntax uses an in-order representation. You can use the below command to get more information about the filter parameter
Get-Help about_ActiveDirectory_Filter
To get-aduser all properties for user account
Get-ADUser -Identity GarySmith -Properties *
In the above get aduser example, the command gets aduser all properties identified by user name GarySmith
Get-AdUser Properties Examples
Get-ADUser -Identiy GarySmith -Properties DisplayName, SAMAccountName,CanonicalName,Description
In the above Get-AdUser example, it gets multiple properties like DisplayName, SAMAccountName, CanonicalName, and Description for aduser GarySmith
Get-ADUser Select-Object ExpandProperty Example
Get-ADUser Test.User -Properties * | Select-Object -ExpandProperty description
Get-ADUser -Identity GarySmith -Properties DisplayName,Description | ForEach-Object {
$_.Displayname
$_.Description
}
In the above get aduser example, Get-Aduser user object pass to another command to Select-Object that uses the ExpandProperty switch to expand details about the properties.
If you want multiple properties, pipe Get-AdUser object to ForEach-Object.
To get a specified user from the active directory
Get-ADUser -Filter "Name -eq 'GarySmith'" -SearchBase 'OU=Sales, DC=AppDC, DC=com' -Properties DisplayName
In the above get-aduser filter example, the command gets the user with the name equal to GarySmith using the get-aduser filter parameter in the given SearchBase.
Get-AdUser Filter to get all users sort by name
get-aduser –filter * | select name | sort-object –property name
In the above PowerShell get-aduser filter example, the command gets all the users using filter parameter with * and passes get-aduser objects to another command to select only the name attribute and perform sort over name attribute.
To get a filtered list of users
Get-ADUser -Filter 'Name -like "*Smith"' | Format-Table Name, SamAccountName -A
PowerShell Get-ADUser Filter parameter returns all the users whose name ends with Smith and displays results in table format
To get all users in a container
Get-ADUser -Filter * -SearchBase "OU=Sales, DC=AppDC, DC=com"
The above command will get -aduser all users in the container having OU = Sales, DC = AppDC and DC = com
To get users accounts from the specified location
Get-ADUser -Filter {City -like "Houston"} -Properties Name,SAMAccountName,Modified | ft Name,SAMAccountName,Modified
The above command will get the aduser account and properties where a city like Houston.
To export user account to CSV file
Get-ADUser -Filter {City -like "Houston"} -Properties Name,SAMAccountName,Modified | ft Name,SAMAccountName,Modified | Export-CSV -path D:\PowerShell\AdUser_Houston.csv -NoTypeInformation
In the above Get-ADUser example, the command checks ad user object from a city like ‘Houston’ using the Filter parameter and passes the output to the second command.
The second command displays ad user properties and passes ad user objects to the third command.
The third command uses the Export-CSV cmdlet to export aduser all properties to the CSV file on the path.
Cool Tip: Guide to active directory ports and authentication protocols!
Conclusion
The Get-ADUser cmdlet is a very powerful cmdlet and comes as handy to get aduser account information from Active Directory. I hope the above Get-AdUser examples help you to retrieve user information from ActiveDirectory.
Get-ADUser cmdlet can be used to get user account email addresses and export them to CSV, you can read more about how to get active directory email addresses using PowerShell.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.
Recommended Content
PowerShell List Ad Users – Get the List of Users from the Active Directory.
Get AdUser GUID – Get AdUser Object GUID in PowerShell.