Link to home
Start Free TrialLog in
Avatar of vmich
vmichFlag for United States of America

asked on

Need powershell commands to dispaly users infromation from active directory

I have been trying via powershell to get a list of all users in AD but cant seem to get one to show all the information we are looking for..
We need to find information like active accounts, disabled accounts, password last change, passwords expire or don't expire..
Please let me know which commands I should be using?
Thanks
ASKER CERTIFIED SOLUTION
Avatar of Hayes Jupe
Hayes Jupe
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of vmich
vmich
Flag of United States of America image

ASKER

Well we need to get a list for all users not for just one.
What command do I run for that?
Avatar of Hayes Jupe
Hayes Jupe
Flag of Australia image
get-aduser -filter * -properties Name, PasswordNeverExpires, BadLogonCount

that's what the * is mate - all user objects
Avatar of vmich
vmich
Flag of United States of America image

ASKER

Oh ok sorry about that
Avatar of Sam Jacobs
Sam Jacobs
Flag of United States of America image
This should help get you started:
$ADGroups = Get-ADGroup -Filter * -Properties Member | Sort Name
ForEach ($group in $ADGroups) {
    if ($group.Member.Count -gt 0 -and $group.GroupCategory -eq "Security") {
        Write-Host "$($group.Name) ($($group.Member.Count) members)"
        ForEach ($user in $group.Member) {
            Get-ADUser $user -Properties UserAccountControl, PasswordNeverExpires, PasswordLastSet | 
                    Sort Name | 
                    Select Name, 
                    @{n='Status'; e={if($_.UserAccountControl -band 2) {"Disabled"} else {"Active"}}},
                    @{n='PW Expires'; e={if($_.PasswordNeverExpires) {"No"} else {"Yes"}}}, 
                    PasswordLastSet | ft -AutoSize
        }
    }
}

Open in new window

Avatar of Sam Jacobs
Sam Jacobs
Flag of United States of America image
If you would like to generate a user list by OU and export the list to a CSV file, sorted by user within OU (change the path in line 8):
$ADUsers = get-aduser -filter * -Properties UserAccountControl, PasswordLastSet, PasswordNeverExpires |
    Select  *, @{n='OU'; e={($_.DistinguishedName -split “,”, 2)[1]}}

$ADUsers | Select OU, Name, 
                    @{n='Status'; e={if($_.UserAccountControl -band 2) {"Disabled"} else {"Active"}}},
                    @{n='PW Expires'; e={if($_.PasswordNeverExpires) {"No"} else {"Yes"}}}, 
                    PasswordLastSet | Sort OU,Name | 
                    Export-Csv "c:\PSOutput\ADUsers.csv"

Open in new window