Retrieve users from a domain or OU container that match specified conditions.
Syntax
Get-QADUser [[-Identity] IdentityParameter] ADProperties
[-Disabled] [-Enabled] [-Locked] DateTimeOptions
[-AccountNeverExpires] [-PasswordNeverExpires]
[-IncludeAllProperties] [-SerializeValues] [-Tombstone]
Membership [-SizeLimit Int32] [-LdapFilter String]
Advanced_Options
Key
-identity The Distinguished Name (DN), Canonical Name, GUID or, where applicable,
the Domain\Name, UPN or SID of the object you wish to find.
-Disabled Find only disabled accounts
-Enabled Find only enabled accounts
ADProperties Retrieve objects that match one or more of the properties below:
[-Manager IdentityParameter] [-City String] [-Company String]
[-Department String] [-Fax String] [-FirstName String]
[-HomePhone String] [-Initials String] [-LastName String]
[-MobilePhone String] [-Notes String] [-Office String]
[-Pager String] [-PhoneNumber String] [-PostalCode String]
[-PostOfficeBox String] [-SamAccountName String] [-StateOrProvince String]
[-StreetAddress String] [-Title String] [-UserPrincipalName String]
[-WebPage String] [-HomeDirectory String] [-HomeDrive String]
[-ProfilePath String] [-LogonScript String] [-Email String]
[-Description String] [-DisplayName String] [-Name String]
DateTimeOptions
Only return items matching a date range:
[-AccountExpiresBefore DateTime] [-AccountExpiresAfter DateTime]
[-CreatedOn DateTime] [-CreatedAfter DateTime] [-CreatedBefore DateTime]
[-LastChangedOn DateTime] [-LastChangedAfter DateTime] [-LastChangedBefore DateTime]
Membership
Only return items that belong (or don't belong) to given groups:
[-MemberOf IdentityParameter[]] [-IndirectMemberOf IdentityParameter[]]
[-NotMemberOf IdentityParameter[]] [-NotIndirectMemberOf IdentityParameter[]]
-SizeLimit Maximum number of items to be returned (default=1000)
Advanced_Options:
[-LastKnownParent IdentityParameter] [-SecurityMask SecurityMasks]
[-SearchRoot IdentityParameter] [-SearchScope SearchScope]
[-AttributeScopeQuery String] [-PageSize Int32]
[-WildcardMode WildcardMode] [-ObjectAttributes Object] [-Anr String]
[-DontConvertValuesToFriendlyRepresentation]
[-ReturnPropertyNamesOnly] [-DontUseDefaultIncludedProperties]
[-UseDefaultExcludedProperties] [-ExcludedProperties String[]]
[-IncludedProperties String[]] [-UseGlobalCatalog]
[-Proxy] [-Service String]
[-ConnectionAccount String] [-ConnectionPass ArsConnection]
Notes:
By default Get-QADUser will connect to any available domain controller with the credentials of the locally logged on user, to connect to a specific domain controller using a specific account, either use the advanced options (-Proxy/-Service/-ConnectionAccount) or use the Connect-QADService cmdlet to make the connection.
Examples
Display the user description of JohnDoe
PS C:> (get-QADUser 'SS64Domain\JohnDoe').DirectoryEntry.description
List the values of all properties of the user account:
PS C:> Get-QADUser JDoe -IncludeAllProperties -SerializeValues | Format-List
Export a user account to a CSV file (so it can be used later to create new accounts with import-csv | New-QADUser)
PS C:> Get-QADuser JDoe -SerializeValues | export-csv user.csv
Retrieve user accounts that are direct or indirect members of a group:
PS C:> get-QADUser -SearchRoot 'CN=Users,DC=SS64,DC=com' -IndirectMemberOf 'SS64Domain\TestGrp'
Retrieve user accounts created since the start of the year
PS C:> Get-QADUser -CreatedAfter "January 1, 2009" -SearchRoot SS64Domain/employees
Export password expiry details to a spreadsheet:
PS C:> Get-QADUser * -sizelimit 0 | select -property name,accountexpires,pass*,accountisdisabled,lastlog*,canonicalname | export-csv -path d:\Passwords.csv
“Everybody, come on dance and sing, Everybody, get up and do your thing” ~ Madonna
Related:
PowerGui Wiki for New-QADUser
Get-QADComputer
Get-QADGroup
© Copyright SS64.com 1999-2013
Some rights reserved