The secret of getting the Get-AdUser cmdlet working is to master the -filter
parameter.
Classic jobs are finding out details about one user, or retreiving the bare
facts of lots of users.
If you are new to PowerShell's AdUser cmdlets you may like to save
frustration and check the basics of
Get-AdUser.
a)
Logon: At a Domain Controller b) Find: Active Directory Module for Windows PowerShell
c) Launch: The PowerShell
executable d) Run: Import-Module activedirectory
Note 1: Optionally, you can install the ISE version, and
Set-ExecutionPolicy -remotelySigned. It is also possible, but fiddly
to install the Active Directory Module on a member server.
# PowerShell Check for Active Directory Services Get-Service ad*
Get-Module
Technically, this Ad family of cmlets use syntax from PowerShell's
expression language. My explaination is you need an LDAP property for
example, Name, a comparator such as -like, and finally a value.
# PowerShell AdUser example to find test users Get-AdUser -filter 'name -like
"Test*" '
These three components (LDAP property, comparator and value) make for
complex syntax, and this is why we need particular brackets and speech
marks. Indeed, if you focus on the job of the syntactic elements then
you will soon master Get-AdUser -filter.
Note 2: Get-AdUser can take alternative parameters
to -filter, for example, -identity, -searchbase or
-LDAPFilter.
Note 3: As a conservative estimate there are 10
possible LDAP values, 6 comparators, and say, 10 values, that makes 600
different uses of Get-AdUser -filter.
I suggest that you compare and contrast examples 1 and 2. Firstly,
see how the 'single' speech marks are replaced with {curly} brackets.
My point is you can use either, but you must have one. Secondly,
observe how you can combine two conditions to build complex queries.
(Name starts with Ben, and Surname is Thomas)
# PowerShell AdUser -filter example to find Ben* Thomas Get-ADUser -filter
{(Name -like "Ben*") -and (Surname -eq "Thomas")}
Guy Recommends: SolarWinds' Free Bulk Import Tool
Import users from a spreadsheet. Just provide a list of the
users with their fields in the
top row, and save as .csv file. Then launch this FREE utility and match
your fields with AD's
attributes, click to import the users. Optionally, you can
provide the name of the OU where the new accounts will be born.
There are also two bonus tools in this free download, and all 3 have been approved by Microsoft:
This is how I discovered about the -LDAPfilter and other parameters.
Clear-Host Get-Help Get-ADUser -full
Similar Active Directory Cmdlets
Once you have mastered Get-AdUser, you may wish to know more about
Set-AdUser or Get-AdComputer. To obtain a comprehensive list of the AD
cmdlets try this command:
Clear-Host Get-Command -noun ad*
Amongst the results you should see:
Add-AdGroupmember
Enable-AdAccount
Get-AdComputer
Move-AdComputer
New-AdUser
Set-AdUser
Remove-AdGroup
UnLock-AdAccount
Note 7: Naturally, you will also see these verbs and nouns in
other combinations.
Troubleshooting PowerShell's Get-AdUser
Firstly make sure that you are using Active Directory Module for Windows
PowerShell. Check with Get-Module.
Secondly, to research Get-AdUser call for Get-Help and examine syntax and
study the examples.
# PowerShell Active Directory Syntax Clear-Host Get-Help Get-AdUser
-full
»
Summary of PowerShell Get-AdUser
On its own Get-AdUser is impotent; it needs the -filter parameter.
The more you learn about this query language, the more precise your
results from this and similar Active Directory cmdlets.
If you like this page then please share it with your friends
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.
Windows Management Instrumentation (WMI) is one of the hidden
treasures of Microsoft operating systems.
Fortunately, SolarWinds
have created the
Free WMI Monitor so that you can actually see and understand these gems of
performance information. Take the guess work out of which
WMI counters to use for applications like Microsoft Active Directory,
SQL or Exchange Server.
