The secret of getting the Get-AdUser cmdlet working is to master the -Filter
parameter.
Classic jobs are finding out details about one user, or retreiving the bare
facts of lots of users.
If you are new to PowerShell's AdUser cmdlets you may like to save
frustration and check the basics of
Get-AdUser.
a)
Logon: At a Domain Controller b) Find: Active Directory Module for Windows PowerShell
c) Launch: The PowerShell
executable d) Run: Import-Module activedirectory
Note 1: Optionally, you can install the ISE version, and
Set-ExecutionPolicy -remotelySigned. It is also possible, but fiddly
to install the Active Directory Module on a member server.
# PowerShell Check for Active Directory Services Get-Service ad*
Get-Module
Technically, this Ad family of cmlets use syntax from PowerShell's
expression language. My explaination is you need an LDAP property for
example, Name, a comparator such as -Like, and finally a value.
# PowerShell AdUser example to find test users Get-AdUser -Filter 'name -Like
"Test*" '
These three components (LDAP property, comparator and value) make for
complex syntax, and this is why we need particular brackets and speech
marks. Indeed, if you focus on the job of the syntactic elements then
you will soon master Get-AdUser -Filter.
Note 2: Get-AdUser can take alternative parameters
to -Filter, for example, -identity, -searchbase or
-LDAPFilter.
Note 3: As a conservative estimate there are 10
possible LDAP values, 6 comparators, and say, 10 values, that makes 600
different uses of Get-AdUser -Filter.
Guy Recommends: SolarWinds' Free Bulk Import Tool
Import users from a spreadsheet. Just provide a list of the
users with their fields in the top row, and save as .csv file.
Then launch this FREE utility and match your fields with AD's
attributes, click and import the users.
I suggest that you compare and contrast examples 1 and 2. Firstly,
see how the 'single' speech marks are replaced with {curly} brackets.
My point is you can use either, but you must have one. Secondly,
observe how you can combine two conditions to build complex queries.
(Name starts with Ben, and Surname is Thomas)
# PowerShell AdUser -Filter example to find Ben* Thomas Get-ADUser
-Filter
{(Name -Like "Ben*") -And (Surname -eq "Thomas")}
Here is an example to list all the users in an organizational unit called
'Raglan'. This script uses the -LDAPfilter parameter.
# Get-AdUser cmdlet Clear-host Get-ADUser -LDAPfilter '(name=*)' ` -searchBase
{OU=Raglan,DC=burrium,DC=usk} | Ft Name, Surname -a
Note 4: Observe how LDAPfilter uses the form 'Name=*' and not
'Name -eq*.
Note 5: It's -searchBase that filters the Active Directory
container, in this case an OU object called 'Raglan'.
Note 6: Ft (Format-Table) just controls the output, you could
add other properties such as EmailAddress.
Guy Recommends: A Free Trial of the Network Performance Monitor
(NPM)
SolarWinds'
Network Performance Monitor
will help you discover what's happening on your network. This
utility will also guide you through troubleshooting; the dashboard will
indicate whether the root cause is a broken link, faulty equipment or
resource overload.
What I like best is the way NPM suggests solutions to network
problems. Its also has the ability to monitor the health of individual VMware
virtual machines. If you are interested in troubleshooting, and creating
network maps, then I recommend that you try NPM now.
This is how I discovered about the -LDAPfilter and other parameters.
Clear-Host Get-Help Get-ADUser -full
Similar Active Directory Cmdlets
Once you have mastered Get-AdUser, you may wish to know more about
Set-AdUser or Get-AdComputer. To obtain a comprehensive list of the AD
cmdlets try this command:
Clear-Host Get-Command -Noun ad*
Amongst the results you should see:
Add-AdGroupmember
Enable-AdAccount
Get-AdComputer
Move-AdComputer
New-AdUser
Set-AdUser
Remove-AdGroup
UnLock-AdAccount
Note 7: Naturally, you will also see these verbs and nouns in
other combinations.
Guy Recommends: SolarWinds Engineer's Toolset v10
This
Engineer's Toolset v10 provides a comprehensive console of 50 utilities
for troubleshooting computer problems. Guy says it helps me
monitor what's occurring on the network, and each tool teaches me more about how the
underlying system operates.
There are so many good gadgets; it's like having free rein of a
sweetshop. Thankfully the utilities are displayed logically: monitoring,
network discovery, diagnostic, and Cisco tools. Try the SolarWinds Engineer's Toolset now!
On its own Get-AdUser is impotent; it needs the -Filter parameter.
The more you learn about this query language, the more precise your
results from this and similar Active Directory cmdlets.
If you like this page then please share it with your friends
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.
Windows Management Instrumentation (WMI) is
most useful for PowerShell scripting.
SolarWinds
have produced this
Free WMI Monitor to take the guess work out of which
WMI counters to use for applications like Microsoft Active Directory,
SQL or Exchange Server.
