( AD ) Active Directory Powershell Commands
Get all users by last login
Get-ADUser -filter {enabled -eq $true} -Properties * | Select-Object Name, @{N='LastLogon'; E={[DateTime]::FromFileTime($_.LastLogon)}}|Sort-Object LastLogon -DescendingGet-ADUser -filter * -Properties "LastLogonDate" | select name, LastLogonDateGet all users password expiration times
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}Get one user by email
Get-ADUser -Identity "<username>" -Properties "LastLogonDate"Better way to get all users and sort to make a file after propeties add what you want to display also put after select object
Get-ADUser -filter {enabled -eq $true} -Properties emailaddress,lastlogondate | Select-Object Name,emailaddress,lastlogondate Finding accounts that is locked, or disabled
Users on the domain is locked out
Search-ADAccount -Locked |Select Name, LockedOut, LastLogonDateUsers that has expired account
Search-ADAccount -AccountExpiredUsers that has disabled account
Search-ADAccount -AccountDisabledUsers that has inactive account
Search-ADAccount -AccountInactiveAll inactive accounts
Search-ADAccount -AccountInactive | Where-Object {$_.Enabled -match 'False'} | select Name, LastLogonDate,Enabled or
$InactiveUsers = Get-ADUser -Filter {LastLogonDate -lt ((Get-Date).AddDays(-90))} -SearchBase "DC=$DomainName" -Property Name, LastLogonDate
Write-Host "The following user accounts have been inactive for more than 90 days:"
Foreach ($InactiveUser in $InactiveUsers)
{
Write-Host $InactiveUser.Name
}Users
Get when user is created
Get-ADUser Toms -Properties whenCreated | Select Name,whenCreatedGet user count in hole of Domain
(Get-ADUser -filter *).countGet device count
(Get-ADComputer -filter *).countGet count disabled users Count
(Get-ADUser -LDAPFilter '(userAccountControl:1.2.840.113556.1.4.803:=2)').countGet count enabled users
a. (Get-ADUser -LDAPFilter '(!userAccountControl:1.2.840.113556.1.4.803:=2)').countb. (Get-ADUser -filter "enabled -eq 'true'").countUsers that password that never expires count
(Search-ADAccount -PasswordNeverExpires | FT Name,ObjectCkass -A).countWhat Users that password that never expires count
(Search-ADAccount -PasswordNeverExpires | FT Name,ObjectCkass -A)Get user last time he changed his password
get-aduser -properties pwdlastset | select @{Name="PasswordLastSet";Expression={\[datetime\]::FromFileTimeUTC($_.pwdlastset)}}Find when user changed their password last
get-aduser <username> -properties pwdlastset | select @{Name="PasswordLastSet";Expression={\[datetime\]::FromFileTimeUTC($_.pwdlastset)}}get-aduser -identity <username> -properties passwordlastset | ft Name, passwordlastsetUsers after a month of not logging in
(Get-ADUser -Filter * -Properties OperatingSystem, LastLogonDate | Where { $_.LastLogonDate -LT (Get-Date).AddDays(-30) }).countUsers who clocked in within a month
(Get-ADUser -Filter * -Properties OperatingSystem, LastLogonDate | Where { $_.LastLogonDate -GT (Get-Date).AddDays(-30) }).countGet when user accounts was created
$When = ((Get-Date).AddDays(-30)).Date
Get-ADUser -Filter {whenCreated -ge $When} -Properties whenCreatedGroups
Finding users who have not changed their password recently - Specops Software Get all users and their groups
Get-ADGroup -filter * | Get-ADGroupMember -Recursive | Get-ADUser -Properties * | select Name, MemberOfGet all groups
Get-ADGroup -Filter *(Get-ADGroup -Filter * ).countGet-ADGroup -filter * | select NameGet groups that has no users
Get-ADGroup -Filter * -Properties Members | where {-not $_.members} | select NameFind counts of members in all groups
Get-ADGroup -Filter * -Properties Member | Select Name,@{n="MemberCount";e={$_.Member.Count}}Get-ADGroup -Filter * -Properties Member | Select Name,@{n="MemberCount";e={$_.Member.Count}} | Sort-Object MemberCountGet when AD groups was created
$When = ((Get-Date).AddDays(-30)).Date
Get-ADGroup -Filter {whenChanged -ge $When} -Properties whenChangedGet filtered group name
Get-ADGroup -Filter {Name -like '*legal*'} | Select-Object NameGroup members
Basic
Get-AdGroupMemberGet group members by group name and select properties
Get-ADGroupMember -Identity Administrators | Select-Object name, objectClass,distinguishedNameGet group members by group scope
Get-ADGroup -Filter {GroupScope -eq "DomainLocal"} | Get-ADGroupMember | Select-Object name, objectClass,distinguishedNameGet all group members
Get-ADGroupMember -Identity "2022 Legal Hold" | Select-Object Name, SamAccountNameGet-ADGroupMember -Identity 'Enterprise Admins' -RecursiveGet group members output grid
Get-ADGroupMember -Identity Administrators | Select-Object name, objectClass,distinguishedName | Out-GridViewDevices
Get count of what operating system is on the network
Get-ADComputer -Filter "name -like '*'" -Properties operatingSystem | group -Property operatingSystem | Select Name,CountGet device names for operating system
Get-ADComputer -Filter 'operatingsystem -like "*server*" -and enabled -eq "true"' `
-Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address |
Sort-Object -Property Operatingsystem |
Select-Object -Property Name,Operatingsystem,OperatingSystemVersion,IPv4AddressGet count for computers in searched filter
(Get-ADComputer -Filter 'operatingsystem -like "*7*" -and enabled -eq "true"'
-Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address |
Sort-Object -Property Operatingsystem |
Select-Object -Property Name,Operatingsystem,OperatingSystemVersion,IPv4Address).countGet count of exact name of computers no wild cards
(Get-ADComputer -Filter "OperatingSystem -eq 'Windows 10 Pro'" | ft).countLast updated