Пользователи

Get-ADUser -filter *
 
Get-ADUser –Identity a.ivanov
Get-ADUser –Identity "CN=Andrey A. Ivanov,OU=Users,OU=SPB,OU=RU,DC=winitpro,DC=loc"
Get-ADUser –Identity "Andrey A. Ivanov"
 
Get-ADUSer –Server DC01.winitpro.loc –Identity tstuser

get-aduser -filter * -SearchBase ou=ou1,ou=ou2,dc=domain,dc=ru" -Properties cn,canonicalname |
 select name,userprincipalname,@{Name="OU";expression={$_.Canonicalname.substring(0,$_.canonicalname.length-$_.cn.length)}}

Add-Type -AssemblyName System.DirectoryServices.Protocols -ErrorAction Stop
Add-Type -AssemblyName System.Net -ErrorAction Stop
 
$Credential = Get-Credential # В виде: mydomain\myuser
$ldapIdentifier = New-Object -TypeName System.DirectoryServices.Protocols.LdapDirectoryIdentifier -ArgumentList "ldap.mydomain.ru", "636"
$ldap = New-Object -TypeName System.DirectoryServices.Protocols.LdapConnection -ArgumentList $ldapIdentifier, ($Credential.GetNetworkCredential())
$ldap.AuthType = [System.DirectoryServices.Protocols.AuthType]::Basic
$ldap.SessionOptions.SecureSocketLayer = $true
$ldap.SessionOptions.VerifyServerCertificate = { $true }
 
$attributes = ,"*"
$rootSerach = "DC=mydomain,dc=ru"
$LDAP_filter = "(&(objectCategory=user)(objectClass=user)(SamAccountName=myuser))"
$SearchScope = 2 # SearchScope Enum, 2 = Subtree
$request = New-Object -TypeName System.DirectoryServices.Protocols.SearchRequest($rootSerach,$LDAP_filter,$SearchScope,$attributes);
$result = $ldap.SendRequest($request)
$result.Entries[0]

Get-ADUser -identity tuser -Properties *
 
Get-ADUser -Properties * - вывести список всех атрибутов и значения доменного пользователя
 
Get-ADUser tuser -properties PasswordExpired, PasswordLastSet, PasswordNeverExpires, lastlogontimestamp
 
Get-ADUser -filter * -properties PasswordExpired, PasswordLastSet, PasswordNeverExpires | ft Name, PasswordExpired, PasswordLastSet, PasswordNeverExpires
 
Get-ADUser -SearchBase ‘OU=Moscow,DC=winitpro,DC=loc’ -filter * -properties PasswordExpired, PasswordLastSet, PasswordNeverExpires | ft Name, PasswordExpired, PasswordLastSet, PasswordNeverExpires

Получить информацию о смене пароля пользователем за последние 15 минут. Можно настроить отправку письма пользователями и запускать скрипт ниже каждые 15 минут.

$PasswordOlderThan = (get-date).AddMinutes(-15)
 
Get-ADUser -Properties PasswordLastSet -Filter 'PasswordLastSet -gt $PasswordOlderThan' | Select-Object Name,PasswordLastSet

$TestAccounts="test01","test02"
#Узнать состояние учётных записей
$TestAccounts | get-aduser | ft name,samaccountname,enabled 
 
#Заблокировать 
$TestAccounts | Disable-ADAccount
 
#Разблокировать
$TestAccounts | enable-ADAccount

$cred = Get-Credential
Get-ADUSer tstuser -Server DC01.newdomain.ru -Credential $Cred
 
$OUs = "OU=Moscow,DC=winitpro,DC=local","OU=SPB,DC=winitpro,DC=loc"
$OUs | foreach {Get-ADUser -SearchBase $_ -Filter * |select Name, Enabled}

Get-ADUser -filter * -properties EmailAddress -SearchBase ‘OU=MSK,DC=winitpro,DC=loc’| select-object Name, EmailAddress
 
 
Get-ADUser -Filter {(mail -ne "null") -and (Enabled -eq "true")} -Properties Surname,GivenName,mail | Select-Object Name,Surname,GivenName,mail | Format-Table
 
Get-ADUser -Filter * -Properties EmailAddress | where -Property EmailAddress -eq $null
 
Get-ADUser -Filter {(mail -ne "null") -and (Enabled -eq "true")} -Properties Surname,GivenName,mail | Select-Object Name,Surname,GivenName,mail | Export-Csv -NoTypeInformation -Encoding utf8 -delimiter "," $env:temp\mail_list.csv
 
Get-ADUser -filter * -properties PasswordExpired, PasswordLastSet, PasswordNeverExpires | ft Name, PasswordExpired, PasswordLastSet, PasswordNeverExpires > C:\temp\users.txt
 
Get-ADUser -filter * -properties PasswordExpired, PasswordLastSet, PasswordNeverExpires | select Name, PasswordExpired, PasswordLastSet, PasswordNeverExpires | Export-csv -path c:\temp\user-password-expires-2019.csv -Append -Encoding UTF8
 
Get-AdUser -Filter "(Name -like '*Dmitry*') -and (Enabled -eq 'True')" -Properties * |select name,enabled
 
Get-ADUser -filter * -properties PasswordExpired, PasswordLastSet, PasswordNeverExpires -SearchBase ‘OU=Moscow,DC=winitpro,DC=loc’| where {$_.name –like “*Dmitry*” -and $_.Enabled -eq $true} | sort-object PasswordLastSet | select-object Name, PasswordExpired, PasswordLastSet, PasswordNeverExpires
 
Get-ADUser -Filter {anr -eq ‘Oleg’} | select Name
 
Get-ADUser -LDAPFilter '(&(department=it)(title=devops))'
 
Get-ADUser -filter {name -like "Roman*"}
 
Get-ADUser -Filter {SamAccountName -like "*"} | Measure-Object
 
Get-ADUser -Filter {Enabled -eq "True"} | Select-Object SamAccountName,Name,Surname,GivenName | Format-Table
 
get-aduser -Filter * -Properties Name, WhenCreated | Select name, whenCreated
 
$lastday = ((Get-Date).AddDays(-1))
Get-ADUser -filter {(whencreated -ge $lastday)}
 
Get-ADUser -filter {Enabled -eq $True} -properties name,passwordExpired | where {$_.PasswordExpired}|select name,passwordexpired
 
Import-Csv c:\ps\usernsme_list.csv | ForEach {
Get-ADUser -identity $_.user -Properties Name, telephoneNumber |
Select Name, telephoneNumber |
Export-CSV c:\ps\export_ad_list.csv -Append -Encoding UTF8
}
 
$90_Days = (Get-Date).adddays(-90)
Get-ADUser -filter {(passwordlastset -le $90_days)}
 
 
$LastLogonDate= (Get-Date).AddDays(-180)
Get-ADUser -Properties LastLogonTimeStamp -Filter {LastLogonTimeStamp -lt $LastLogonDate } | ?{$_.Enabled –eq $True} |  Sort LastLogonTimeStamp| FT Name, @{N='lastlogontimestamp'; E={[DateTime]::FromFileTime($_.lastlogontimestamp)}} -AutoSize
 
 
$user = Get-ADUser winadmin -Properties thumbnailPhoto
$user.thumbnailPhoto | Set-Content winadmin.jpg -Encoding byte
 
Get-AdUser winadmin -Properties memberof | Select memberof -expandproperty memberof
 
Get-ADUser -SearchBase ‘OU=Moscow,DC=winitpro,DC=loc’ -Filter * -properties memberof | Where-Object {($_.memberof -like “*WKS admins*”)}
 
$Users = Get-ADUser -filter * -SearchBase ‘OU=Moscow,DC=winitpro,DC=loc’ -properties memberOf
ForEach ($User In $Users)
{
$Groups = -join @($User.memberOf)
If ($Groups -notlike '*Domain Admins*')
{
$User.Name
}
}
 
get-aduser -filter * -Properties cn,canonicalname | select name,userprincipalname,@{Name="OU";expression={$_.Canonicalname.substring(0,$_.canonicalname.length-$_.cn.length)}}| Out-GridView
 
get-aduser экспорт списка пользоватетелей Active Directoryв таблицу out-gridview
 
$SamAccountName='a.ivanov2'
if (@(Get-ADUser -Filter { SamAccountName -eq $SamAccountName }).Count -eq 0)
{  Write-Host "Пользователь $SamAccountName не существует"}
 
Get-ADUser AIvanov -Properties LogonWorkstations | Format-List Name, LogonWorkstations