Powershell command to get information about Active Directory domain users and their properties

search cancel

Powershell command to get information about Active Directory domain users and their properties

book

Article ID: 174027

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Prevent for Microsoft Office 365 Endpoint Encryption VIP Service

Issue/Introduction

View an AD user's attributes during troubleshooting.

Scenarios: Permission Denied or doesn't have access to AD.

Environment

OS: 2008, 2008R2, 2012, 2012R2, 2016, windows 10, etc.

Psversion: 4.0

Pscomaptible versions: {1.0, 2.0, 3.0, 4.0}

Cause

Normal Domain users don't have Full access to AD due to security reasons.

Resolution

From Windows 10 or Windows 7, in order to use the Get-AdUser cmdlet, install the appropriate version of RSAT and enable the Active Directory Module for Windows PowerShell component from Control Panel (Programs > Turn Windows features on or off > Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools > AD DS Tools).

Steps:

1. Launch Powershell ISE as an administrator.

2. Type Get-aduser "user1" -Properties *

(This command returns a full list of AD attributes and their values associated with the user account)

3. To see the properties PasswordExpired, PasswordLastSet, or PasswordNeverExpires, open the formatting of Get-ADUser output and allow the necessary fields to be displayed.

Get-aduser "user1" -Properties PasswordExpired, PasswordLastSet, PasswordNeverExpires

Additional Information

180239 - HOW TO: Enable Directory Synchronization - Symantec Encryption Management Server

180156 - How to obtain the Base DN or Bind DN Attributes for LDAP Directory Synchronization for PGP Encryption Server

174027 - Powershell command to get information about Active Directory domain users and their properties

Feedback

thumb_up Yes

thumb_down No