Exchangemaster GmbH company logo

Exchangemaster GmbH - A Swiss IT Consultancy
Services
References
Partners
Contact
Getting Started
FAQs
Presentations
Articles
Community
Search
Popular
Tell-a-Friend
Follow Me

Follow exchangemaster on Twitter

Who's Online
We have 46 guests online
Syndicate
FAQ 000132 - How to use PowerShell to collect information about user objects in Active Directory PDF Print E-mail
User Rating: / 17
PoorBest 
Written by Dejan Foro   
Oct 15, 2014 at 04:44 AM

This article applies to:
Windows Server 2008 R2

In this article I will showcase how to use PowerShell to gather information about User objects in Active Directory.


Collecting information about Active Directory objects like Forest, Domains, Sites and Domain controllers is is given in a separate article FAQ 000127 - How to use PowerShell to collect information about your Active Directory infrastructure

In order to be able to work with Active Directory PowerShell commands you will need the Active Directory PowerShell module which comes as a part of Active Directory management tools installation.


To check if PowerShell module for Active Directory is installed on the local machine use (comes with Active Directory management tools):
     Get-Module -ListAvailable
If the ActiveDirectory module is listed you can load it by using the following command:
     Import-Module ActiveDirectory

 

he following examples asume that you have an Active Directory Forest with multiple subdomains and that you are executing commands with an account that is member of the Enteprise Admins group.


To get a list of users in the current domain:

     Get-ADUser -Filter *

 

To get a count of users in the current domain:

     (Get-ADUser -Filter *).count

 

To get a list of enabled users in the current domain:

     Get-ADUser -filter * | where {$_.Enabled -eq "True"}

 

To get a count of enabled users in the current domain:

     (Get-ADUser -filter * | where {$_.Enabled -eq "True"}).count

 

To get a list of disabled users in the current domain:

     Get-Aduser -filter * | where {$_.Enabled -ne "True"}

 

To get a count of disabled users in the current domain:

     (Get-ADUser -filter * | where {$_.Enabled -ne "True"}).count

 

To get a list of users in a specific Organizational Unit (for example OU Test in domain exchangemasterslab.net):

     Get-ADUser -SearchBase "OU=test,DC=exchangemasterslab,DC=net" -Filter *

 

To get a count of users in a specific Organizational Unit (for example OU Test in domain exchangemasterslab.net):

    (Get-ADUser -SearchBase "OU=test,DC=exchangemasterslab,DC=net" -Filter *).count


To get a list of users in a specific Organizational Unit (for example OU Test in domain exchangemasterslab.net) and all its subordinate OU:

    Get-ADUser -SearchBase "OU=test,DC=exchangemasterslab,DC=net" -SearchScope Subtree -Filter *

 

To get a count of users in a specific Organizational Unit (for example OU Test in domain exchangemasterslab.net) and all its subordinate OUs:

    (Get-ADUser -SearchBase "OU=test,DC=exchangemasterslab,DC=net" -SearchScope Subtree -Filter *).count

To get a list of all users in a forest, grouped by domain:

$domains = Get-ADForest | Select-Object -ExpandProperty Domains | Sort-Object Domains
Foreach ($domain in $domains){
     Write-Host "Domain: " $domain
     Write-Host ----------------------------------
     $domainparam = Get-ADDomain -Identity $domain | Select-Object DNSRoot,DistinguishedName,PDCEmulator
     Get-ADUser -SearchBase $domainparam.DistinguishedName -Filter * -Server $domainparam.PDCEmulator | Select-Object Name,Surname,Givenname,SamAccountName | Sort-Object Surname | Format-Table -AutoSize
     }

 

To get a count of all users in a forest (per domain and forest total) :

$counter = $null
$total = $null
$domains = Get-ADForest | Select-Object -ExpandProperty Domains | Sort-Object Domains
Foreach ($domain in $domains){
Write-Host "Domain: " $domain
Write-Host ----------------------------------
$domainparam = Get-ADDomain -Identity $domain | Select-Object DistinguishedName,PDCEmulator
$counter=(Get-ADUser -SearchBase $domainparam.DistinguishedName -Filter * -Server $domainparam.PDCEmulator | Select-Object Name).count
$counter
Write-Host
$total += $counter
}
Write-Host "==================================="
Write-Host "Total Number of users in the Forest" $total


In the following examples it is assumed that you are executing them in a local domain as a Domain Administrator

 

Get a list of users who do not have a manager defined in AD

Get-ADUser -Filter * -Property DisplayName,Manager | select-Object DisplayName,Manager | where {$_.manager -eq $null}


Create a phonebook like export of user data from AD (Name, Manager, E-mail Address, Title, Departmenet, Phone nummber)  and exports it to a .CSV file named userexport.csv

Get-ADUser -Filter * -Properties DisplayName,Manager,EmailAddress,Title, Department, TelephoneNumber | Sort-object DisplayName | Select-Object Name, @{n="ManagerName";e={(Get-ADUser -Identity $_.Manager -Properties displayName).DisplayName}}, EmailAddress, Title, Department, TelephoneNumber | export-csv userexport.csv -Delimiter ";"

 

Same as above, but additionally filters out user accounts that begin with underscore

Get-ADUser -Filter {DisplayName -notlike "_*"} -Properties DisplayName,Manager,EmailAddress,Title, Department, TelephoneNumber | Sort-object DisplayName | Select-Object Name, @{n="ManagerName";e={(Get-ADUser -Identity $_.Manager -Properties displayName).DisplayName}}, EmailAddress, Title, Department, TelephoneNumber | export-csv userexport.csv -Delimiter ";"


Managers and their Subordinates. This command creates a phonebook like export of user data from AD (Name, Manager, E-mail Address, Title, Departmenet, Phone nummber)  with manager / subordinates grouping and exports it to a .TXT file named managers-subordinates.txt

Get-ADUser -Filter * -Properties DisplayName,Manager,EmailAddress,Title,Department,TelephoneNumber | Sort-object Manager,DisplayName | Select-Object Name, @{n="ManagerName";e={(Get-ADUser -Identity $_.Manager -Properties displayName).DisplayName}}, EmailAddress, Title, Department, TelephoneNumber | Format-Table Name,EmailAddress,Title,Department,TelephoneNumber -GroupBy ManagerName | out-file managers-subordinates.txt


Same as above, but additionally filters out user accounts that begin with underscore

Get-ADUser -Filter {DisplayName -notlike "_*"} -Properties DisplayName,Manager,EmailAddress,Title,Department,TelephoneNumber | Sort-object Manager,DisplayName | Select-Object Name, @{n="ManagerName";e={(Get-ADUser -Identity $_.Manager -Properties displayName).DisplayName}}, EmailAddress, Title, Department, TelephoneNumber | Format-Table Name,EmailAddress,Title,Department,TelephoneNumber -GroupBy ManagerName | out-file managers-subordinates.txt

 

 

Last Updated ( Jul 25, 2016 at 04:04 AM )
<Previous   Next>