PowerShell Tips Query AD user _powershell

If you log in to an ad you can easily query the ad directory. In the previous tip we explained a basic script. Here is a way to customize the root directory extension method (set your query point), which supports synchronous queries (instead of recursively to a container).

It also explains how to find results from an Active Directory and then convert it into a user object:

$SAMAccountName = ' Tobias '
$SearchRoot = ' ldap://ou=customer,dc=company,dc=com '
$SearchScope = ' OneLevel '
 
$ldap = "(& (Objectclass=user) (samaccountname=* $SAMAccountName *))"
$searcher = [Adsisearcher] $ldap
$searcher. SearchRoot = $SearchRoot
$searcher. PageSize = 999
$searcher. SearchScope = $SearchScope
 
$searcher. FindAll () |
 Foreach-object {$_. Getdirectoryentry ()} |
 Select-object-property *

Support for all PS versions

Want to know the use of the account in AD, such as when to create \ Last login is time \ Last modified password and other information, using PowerShell, these can be achieved.

PowerShell in the Get-aduser can query a lot of information can refer to the following article:

http://social.technet.microsoft.com/wiki/contents/articles/12037. Active-directory-get-aduser-default-and-extended-properties.aspx

The following describes using PowerShell queries to specify the creation time of all accounts in the OU \sid\ last modified password time \ Last logon time, cmdlet as follows:
Get-aduser-searchbase ' ou=user,ou=compay1,dc=domain,dc=com '-filter *-properties * | Select-object Name,sid, created,passwordlastset,@{n= "Lastlogondate"; E={[datetime]::fromfiletime ($_. lastLogonTimestamp)} | Export-csv accountlist.csv-notypeinformation-encoding UTF8
(Please modify OU and Domain information yourself)

Query out of the specified result generation. CSV file, open with Excel, do the required statistics and analysis, the effect is as follows:

If you want to query the entire ad in all accounts, cancel the middle of the-searchbase ' Ou=user, ou=compay1,dc=domain,dc=com ' can be.