( AD ) Active Directory Powershell Commands

Get-ADUser -filter {enabled -eq $true} -Properties * | Select-Object Name, @{N='LastLogon'; E={[DateTime]::FromFileTime($_.LastLogon)}}|Sort-Object LastLogon -Descending

Get-ADUser -filter * -Properties "LastLogonDate" | select name, LastLogonDate

Get all users password expiration times

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed"  |Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}

Get one user by email

Get-ADUser -Identity "<username>" -Properties "LastLogonDate"

Better way to get all users and sort to make a file after properties add what you want to display also put after select object

Get-ADUser -filter {enabled -eq $true} -Properties emailaddress,lastlogondate | Select-Object 	Name,emailaddress,lastlogondate

Finding accounts that is locked, or disabled

Users on the domain is locked out

Search-ADAccount -Locked |Select Name, LockedOut, LastLogonDate

Users that has expired account

Search-ADAccount -AccountExpired

Users that has disabled account

Search-ADAccount -AccountDisabled

Users that has inactive account

Search-ADAccount -AccountInactive

All inactive accounts

Search-ADAccount -AccountInactive | Where-Object {$_.Enabled -match 'False'} | select Name, LastLogonDate,Enabled

$InactiveUsers = Get-ADUser -Filter {LastLogonDate -lt ((Get-Date).AddDays(-90))} -SearchBase "DC=$DomainName" -Property Name, LastLogonDate
Write-Host "The following user accounts have been inactive for more than 90 days:"
Foreach ($InactiveUser in $InactiveUsers)
{
    Write-Host $InactiveUser.Name
}

Users

Get when user is created

Get-ADUser Toms -Properties whenCreated | Select Name,whenCreated

Get user count in hole of Domain

(Get-ADUser -filter *).count

Get device count

(Get-ADComputer -filter *).count

Get count disabled users Count

(Get-ADUser -LDAPFilter '(userAccountControl:1.2.840.113556.1.4.803:=2)').count

Get count disabled user where not in a group

(Get-ADUser -Filter 'Enabled -eq $false' -Properties DistinguishedName | Where-Object { $_.DistinguishedName -notlike "*OU=change_me*" }).Count

Get count enabled users

a. (Get-ADUser -LDAPFilter '(!userAccountControl:1.2.840.113556.1.4.803:=2)').count

b. (Get-ADUser -filter "enabled -eq 'true'").count

Users that password that never expires count

(Search-ADAccount -PasswordNeverExpires | FT Name,ObjectCkass -A).count

What Users that password that never expires count

(Search-ADAccount -PasswordNeverExpires | FT Name,ObjectCkass -A)

Get user last time he changed his password

get-aduser -properties pwdlastset | select @{Name="PasswordLastSet";Expression={\[datetime\]::FromFileTimeUTC($_.pwdlastset)}}

Find when user changed their password last

get-aduser <username> -properties pwdlastset | select @{Name="PasswordLastSet";Expression={\[datetime\]::FromFileTimeUTC($_.pwdlastset)}}

get-aduser -identity <username> -properties passwordlastset | ft Name, passwordlastset

Users after a month of not logging in

(Get-ADUser -Filter * -Properties OperatingSystem, LastLogonDate | Where { $_.LastLogonDate -LT (Get-Date).AddDays(-30) }).count

Users who clocked in within a month

(Get-ADUser -Filter * -Properties OperatingSystem, LastLogonDate | Where { $_.LastLogonDate -GT (Get-Date).AddDays(-30) }).count

Get when user accounts was created

$When = ((Get-Date).AddDays(-30)).Date
Get-ADUser -Filter {whenCreated -ge $When} -Properties whenCreated

Groups

Finding users who have not changed their password recently

Get-ADGroup -filter * | Get-ADGroupMember -Recursive | Get-ADUser -Properties * | select Name, MemberOf

Get all groups

Get-ADGroup -Filter *

(Get-ADGroup -Filter * ).count

Get-ADGroup -filter * | select Name

Get groups that has no users

Get-ADGroup -Filter * -Properties Members | where {-not $_.members} | select Name

Find counts of members in all groups

Get-ADGroup -Filter * -Properties Member | Select Name,@{n="MemberCount";e={$_.Member.Count}}

Get-ADGroup -Filter * -Properties Member | Select Name,@{n="MemberCount";e={$_.Member.Count}} | Sort-Object MemberCount

Get when AD groups was created

$When = ((Get-Date).AddDays(-30)).Date
Get-ADGroup -Filter {whenChanged -ge $When} -Properties whenChanged

Get filtered group name

Get-ADGroup -Filter {Name -like '*legal*'} | Select-Object Name

Count users in a certain group

(Get-ADUser -SearchBase "OU=Disabled,OU=Users,DC=domain,DC=local" -Filter 'Enabled -eq $false').Count

Group members

Basic

Get-AdGroupMember

Get group members by group name and select properties

Get-ADGroupMember -Identity Administrators | Select-Object name, objectClass,distinguishedName

Get group members by group scope

Get-ADGroup -Filter {GroupScope -eq "DomainLocal"} | Get-ADGroupMember | Select-Object name, objectClass,distinguishedName

Get all group members

Get-ADGroupMember -Identity "2022 Legal Hold" | Select-Object Name, SamAccountName

Get-ADGroupMember -Identity 'Enterprise Admins' -Recursive

Get group members output grid


Get-ADGroupMember -Identity Administrators | Select-Object name, objectClass,distinguishedName | Out-GridView

Devices

Get count of what operating system is on the network

Get-ADComputer -Filter "name -like '*'" -Properties operatingSystem | group -Property operatingSystem | Select Name,Count

Get device names for operating system

Get-ADComputer -Filter 'operatingsystem -like "*server*" -and enabled -eq "true"' `
-Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address |
Sort-Object -Property Operatingsystem |
Select-Object -Property Name,Operatingsystem,OperatingSystemVersion,IPv4Address

Get count for computers in searched filter

(Get-ADComputer -Filter 'operatingsystem -like "*7*" -and enabled -eq "true"' 
 -Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address |
 Sort-Object -Property Operatingsystem |
 Select-Object -Property Name,Operatingsystem,OperatingSystemVersion,IPv4Address).count

Get count of exact name of computers no wild cards

(Get-ADComputer -Filter "OperatingSystem -eq 'Windows 10 Pro'" | ft).count

PreviousAzure Active Directory Powershell Commands NextAD command website

Last updated 24 days ago

hashtagGet all users by last login

hashtagGet all users password expiration times

hashtagGet one user by email

hashtagFinding accounts that is locked, or disabled

hashtagUsers

hashtagGroups

hashtagGroup members

hashtagDevices

Get all users by last login