Working with Active Directory using Get-ADUsers

Working with Active Directory using Get-ADUsers

When working with Active Directory Users sometimes its a lot easier using PowerShell to obtain all the information you require from your environment. As a Consultant I have lost count how many times I’ve used PowerShell to get information out of Active Directory and its essential to your skill set.

The most simple and effective way by running the following command, as it will dump all Active Directory Users and their properties to a CSV file located on your desktop

# Command
Get-ADUser -Filter * -Properties * | Export-CSV $env:userprofile\desktop\ADExport.csv

or

# Command
Get-ADUser -Filter * | Export-CSV $env:userprofile\desktop\ADExport.csv

What if you only require bits of information? The command only targets the Name and SamAccountName Field. Simple right?

# Command
Get-ADUSer -Filter * -Properties Name,SamAccountName | Export-CSV $env:userprofile\desktop\ADExport.csv

or

# Command
Get-ADUSer -Filter * -Properties * | Select-Object -Property Name,SamAccountName | Export-CSV $env:userprofile\desktop\ADExport.csv

The possibilities are endless, you can call all everything from the below table because it exists on the AD object by default. If you have used ExtensionAttributes or CustomAttributes you can also call these as well by adding them to your filter.

PropertySyntaxR/RWlDAPDisplayName
AccountExpirationDateDateTimeRWaccountExpires, converted to local time
AccountLockoutTimeDateTimeRWlockoutTime, converted to local time
AccountNotDelegatedBooleanRWuserAccountControl (bit mask 1048576)
AllowReversiblePasswordEncryptionBooleanRWuserAccountControl (bit mask 128)
BadLogonCountInt32RbadPwdCount
CannotChangePasswordBooleanRWnTSecurityDescriptor
CanonicalNameStringRcanonicalName
CertificatesADCollectionRWuserCertificate
ChangePasswordAtLogonBooleanWIf pwdLastSet = 0
CityStringRWl
CNStringRcn
CompanyStringRWcompany
CountryStringRWc (2 character abbreviation)
CreatedDateTimeRwhenCreated
DeletedBooleanRisDeleted
DepartmentStringRWdepartment
DescriptionStringRWdescription
DisplayNameStringRWdisplayName
DistinguishedNameString (DN)RdistinguishedName
DivisionStringRWdivision
DoesNotRequirePreAuthBooleanRWuserAccountControl (bit mask 4194304)
EmailAddressStringRWmail
EmployeeIDStringRWemployeeID
EmployeeNumberStringRWemployeeNumber
EnabledBooleanRWuserAccountControl (bit mask not 2)
FaxStringRWfacsimileTelephoneNumber
GivenNameStringRWgivenName
HomeDirectoryStringRWhomeDirectory
HomedirRequiredBooleanRWuserAccountControl (bit mask 8)
HomeDriveStringRWhomeDrive
HomePageStringRWwWWHomePage
HomePhoneStringRWhomePhone
InitialsStringRWinitials
LastBadPasswordAttemptDateTimeRbadPasswordTime, converted to local time
LastKnownParentString (DN)RlastKnownParent
LastLogonDateDateTimeRlastLogonTimeStamp, converted to local time
LockedOutBooleanRWmsDS-User-Account-Control-Computed (bit mask 16)
LogonWorkstationsStringRWuserWorkstations
ManagerString (DN)RWmanager
MemberOfADCollectionRmemberOf
MNSLogonAccountBooleanRWuserAccountControl (bit mask 131072)
MobilePhoneStringRWmobile
ModifiedDateTimeRwhenChanged
NameStringRcn (Relative Distinguished Name)
ObjectCategoryStringRobjectCategory
ObjectClassStringRobjectClass, most specific value
ObjectGUIDGuidRobjectGUID converted to string
OfficeStringRWphysicalDeliveryOfficeName
OfficePhoneStringRWtelephoneNumber
OrganizationStringRWo
OtherNameStringRWmiddleName
PasswordExpiredBooleanRWmsDS-User-Account-Control-Computed (bit mask 8388608) (see Note 1)
PasswordLastSetDateTimeRWpwdLastSet, local time
PasswordNeverExpiresBooleanRWuserAccountControl (bit mask 65536)
PasswordNotRequiredBooleanRWuserAccountControl (bit mask 32)
POBoxStringRWpostOfficeBox
PostalCodeStringRWpostalCode
PrimaryGroupStringRGroup with primaryGroupToken
ProfilePathStringRWprofilePath
ProtectedFromAccidentalDeletionBooleanRWnTSecurityDescriptor
SamAccountNameStringRWsAMAccountName
ScriptPathStringRWscriptPath
ServicePrincipalNamesADCollectionRWservicePrincipalName
SIDSidRobjectSID converted to string
SIDHistoryADCollectionRsIDHistory
SmartcardLogonRequiredBooleanRWuserAccountControl (bit mask 262144)
StateStringRWst
StreetAddressStringRWstreetAddress
SurnameStringRWsn
TitleStringRWtitle
TrustedForDelegationBooleanRWuserAccountControl (bit mask 524288)
TrustedToAuthForDelegationBooleanRWuserAccountControl (bit mask 16777216)
UseDESKeyOnlyBooleanRWuserAccountControl (bit mask 2097152)
UserPrincipalNameStringRWuserPrincipalName

Regards
The Author – Blogabout.Cloud

QuickTips: Install-CsDatabase failed

QuickTips: Install-CsDatabase failed

Deploying Skype for Business and ran into the following error? Well here’s a quick tip to resolve the error.

Error(s)

Install-CsDatabase failed.

System.Management.Automation.CmdletInvocationException: Command execution failed: Requested registry access is not allowed.

Resolution(s)

Remove-CsConfigurationStoreLocation to ensure no corrupt legacy information

Run Skype for Business Topology Builder as Administrator

Once this command has been executed, you will be able to successfully publish the Skype for Business Topology.

Regards

The Author – Blogabout.Cloud