Author Posts

January 3, 2018 at 2:59 pm

I try to create a script with the follow field but i cant get a hold of what kind of names i need to fill in, so far i have:

Get-ADUser -SearchBase "OU=NL,DC=corp,DC=local" -filter * -Properties * | ? {$_.extensionAttribute6 -ne $null} | Select-Object CN, SamAccountName, extenstionAttribute6, Mail, Description, Info, AccountExpirationDate, PasswordNeverExpires, CannotChangePassword | Export-Csv –NoTypeInformation  C:\windows\temp\External_accounts.csv

I need to have the follow fields in it
Naam User
Datum Creation
Land User
Attr 6
Password never exp
CannotChange password
Password NOT required
Notes field
Email address

I cant figure out what for names i need to use for
– password never expires
– cannotchangepassword
– passwordnotrequired

January 3, 2018 at 3:38 pm

This http://edocs.mitel.com/UG/UCA_Web_Help/Admin_Web_Help/7.0/uca/common_ad_ldap_field_mappings.htm may help – it shows all the fields in the GUI, and then provides the underlying attribute name for each.

January 3, 2018 at 4:28 pm

well, i usually take 2 approaches when trying to figure out attribute names on ad objects, one, i just look at a single object with -prop *

if i can't easily figure out just reading through the list, i default to looking at the help for set-aduser.
https://technet.microsoft.com/en-us/library/ee617215.aspx
for these i see:
PasswordNeverExpires
CannotChangePassword
PasswordNotRequired

be aware, the notes field is a multi-value field so it requires more work/thought

January 3, 2018 at 11:55 pm

You can also just output all the properties and their values this way..

(Get-ADUser -Filter * -Properties *) | Select -First 1

January 4, 2018 at 10:16 am

So thank you for the support so far

my script is now working for i want.

Get-ADUser -SearchBase "OU=NL,DC=corp,DC=local" -filter * -Properties * | ? {$_.extensionAttribute6 -eq $null} | Select-Object CN, SamAccountName,extenstionAttribute6, Mail, Description, Info, AccountExpirationDate, PasswordNeverExpires, CannotChangePassword, PasswordNotRequired | Sort-Object {$_.PasswordNeverExpires -eq "True"}| Format-Table

But there will be the question i want to see only the users that passwordneverexpires is false,
Wich command do i need for that i tried serveral and tried google but no result

January 4, 2018 at 1:13 pm

just add the condition in your where-object:

Get-ADUser -SearchBase "OU=NL,DC=corp,DC=local" -filter * -Properties * | Where-Object {($_.extensionAttribute6 -eq $null) -and ($_.passwordneverexpires -eq $false)} 

(i changed your "?" to the proper command for easier readibility, Best practices is to not use aliases)

January 5, 2018 at 1:44 pm

Ah great thankn you for the information.

Euhm to build out my script i try te use the select object and then all objects of whencreated for like a specific month, is this possible.

I searching my ribs out on google and youtube but dont get further.

Get-ADUser -SearchBase "OU=NL,DC=corp,DC=local" -filter * -Properties * | 
Select-Object CN, SamAccountName,WhenCreated, Extensionattribute6, Mail, Description, Info, AccountExpirationDate, PasswordNeverExpires, CannotChangePassword, PasswordNotRequired | 
sort-object Whencreated | 
select-object -last 5 | format-table

January 5, 2018 at 1:50 pm

this is a scripting guy post that can show you how to deal with date objects (and specifically the whencreated attribute, just ignore the quest cmdlet references)
https://blogs.technet.microsoft.com/heyscriptingguy/2011/12/23/use-powershell-to-audit-active-directory-user-account-creation/

January 5, 2018 at 1:53 pm

can't seem to post urls this morning...

but if you google "use powershell to audit ad account creation"

you should find a scripting guy article from dec 2011 that will walk you through an option for comparint the datetime objects that are in whencreated

just ignore the quest cmdlet references... get-aduser should work fine with that approach as well

January 8, 2018 at 3:56 pm

First of all thank you for all the information and support.

I thought wy not share my final script with you guys.
at the end i have scripted that it will be outputted to html, for that i do a quick training to create fancy reports

If you have some tips just give them.

system.reflection.assembly]::loadwithpartialname('microsoft.visualbasic') | Out-Null
$Country = [microsoft.visualbasic.interaction]::inputbox('Fill in the Country name in the short OU version','Country')
$givendate = [microsoft.visualbasic.interaction]::inputbox('Fill in the begin date of the month','Given Date')
$Lastdate = [microsoft.visualbasic.interaction]::inputbox('Fill in the last date of the month','Last Date') 
$BeginDate = get-date $givendate
$EndDate = get-date $Lastdate

$OurUsers = Get-ADUser -SearchBase "OU=$country,DC=corp,DC=local" -filter * -Properties *
$OurUsers | Where-Object {$_.whencreated -gt $BeginDate} | Select-Object CN, SamAccountName,WhenCreated, Extensionattribute6, Mail, Description, Info, AccountExpirationDate, PasswordNeverExpires, CannotChangePassword, PasswordNotRequired| Sort-Object whencreated -Descending |convertto-HTML | Out-File C:\Scripts\HTML-Output\test.htm

January 9, 2018 at 10:34 am

You can try the below command:

get-aduser -Properties * | select-object SamAccountName,ProfilePath,HomeDirectory,homeDrive | Export-Csv c:\users.csv -NoTypeInformation

or

Get-ADUser -Properties Description -Filter {Description -like $Description} -SearchBase 'OU=contoso, DC=contoso, DC=local' | select Name, DistinguishedName, Description | Export-Csv -path C:\description2.csv -NoTypeInformation

For more information, please refer to the article.
https://gallery.technet.microsoft.com/scriptcenter/Getting-Users-ALL-7417b71d