Active Directory Powershell

Hello All,

I ran the following Powershell command get-aduser -identity username -properties * to find why a password was not being reset by our local password reset page and i found that those fields as well as several others were not populated. Is there something that i have to turn on/configure to get it to start logging that information? I know that it was atleast reset once through active directory through me so i know that some information should be there for it.

The "important" feilds that are there are:

account lockouttime
last logondate
lastbadpasswordattempt

and may more.

Thanks,
Brad
LVL 2
Bradley BishopAssociate Product DeveloperAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pjamCommented:
Brad,
Do you have RSAT installed?  You need that to get AD commands.
I have a profile in My Documents\WindowsPowershell\Profile.ps1 that has:
Import-Module ActiveDirectory, so that when I open PowerShell it automatically brings in AD.
Bradley BishopAssociate Product DeveloperAuthor Commented:
No we do not have RSAT installed. i did the import that you suggested and it did not change any of the outputs.
Thomas GrassiSystems AdministratorCommented:
What version of Powershell you running?

run this $PSVersionTable

As PJAM said above must have RSAT installed on your windows 7 box


 I created a shortcut for this

%windir%\system32\WindowsPowerShell\v1.0\powershell.exe -noexit -command import-module ActiveDirectoy
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Bradley BishopAssociate Product DeveloperAuthor Commented:
sorry i should have been more clear, i am running this from the server itself
Thomas GrassiSystems AdministratorCommented:
Ok no problem

Have you checked other user accounts?

In default domain policy

Check account policies  and local policies settings

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pjamCommented:
By server itself, hopefully you mean Domain controller.
footechCommented:
I've seen this when running directly on a domain controller.
Make sure you are starting the command from an elevated prompt.  If some are still missing, then the only thing I've seen that helps is to query for the info from another machine (point your command at another DC with the -server parameter, or use RSAT to query this one).  To me it appears that the AD Web Services has trouble getting all information when the query comes from the same machine.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.