Learning powershell, how to get all properties of an AD user

Welcome Forums General PowerShell Q&A Learning powershell, how to get all properties of an AD user

Viewing 9 reply threads
  • Author
    Posts
    • #266117
      Participant
      Topics: 2
      Replies: 4
      Points: 34
      Rank: Member

      I have an assignment in my class that asks me to “Using Get-ADUser, obtain a list of the users added in the previous step.  Pipe the output to Export-CliXML.    Using the Import-CliXML, display the objects generated from the CliXML file that you just created.   In the display, look for the user that was added to multiple groups – you should see reference to this user’s groups.” I created a line that gets me the list of users, but I can’t seem to figure out how to add the groups to it and get it functioning.

      This is my current line

      Get-ADUser -Filter * -SearchBase “DC=cls,DC=com”|Select name |Export-Clixml -path C:\userlist.xml

      I tried adding groups, security groups, membersof, ect in the select category but they come out blank

       

      • This topic was modified 1 month ago by kvprasoon. Reason: Title correction
    • #266165
      Senior Moderator
      Topics: 9
      Replies: 1420
      Points: 5,280
      Helping Hand
      Rank: Community MVP

      You should be using -Properties parameter of Get-AdUser cmdlet to select them , as by default very few properties will be displayed and groups, security groups, membersof are not part of it.

      • This reply was modified 1 month ago by kvprasoon. Reason: post correction
    • #266270
      Participant
      Topics: 2
      Replies: 4
      Points: 34
      Rank: Member

      so would it be more like this?

      Get-ADUser -Filter * -SearchBase “DC=cls,DC=com” -Properties type |Export-Clixml -path C:\userlist.xml

      when I try it like that I get an error saying properties are invalid.

    • #266291
      Senior Moderator
      Topics: 9
      Replies: 1420
      Points: 5,280
      Helping Hand
      Rank: Community MVP

      what is “type” here ? you can see it once by using -Properties *, but using it in script will give all the properties and will be too much.
      So once select all using * will show you all the available properties then can be decided to select required prorpties.

    • #266564
      Participant
      Topics: 0
      Replies: 5
      Points: 9
      Rank: Member

      Looking at your script and requirement it should be as of and -searchbase is not required as you are querying the whole domain. Searchbase is used for a particular OU in domain.

      If you want to check scripts like this you are welcome to visit https://www.powershellguru.com/ad

    • #266594
      Participant
      Topics: 2
      Replies: 4
      Points: 34
      Rank: Member

      sorry for no responding, was working on another assignment. When I try the script above I get the following error

      PS C:\> Get-ADUser -Filter * -properties *|select Name,groups, security groups, membersof|Export-Clixml -path C:\userlist.xml

      Select-Object : A positional parameter cannot be found that accepts argument ‘System.Object[]’.
      At line:1 char:36
      + … -properties *|select Name,groups, security groups, membersof|Export- …
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : InvalidArgument: (:) [Select-Object], ParameterBindingException
      + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.SelectObjectCommand

    • #266651
      Senior Moderator
      Topics: 9
      Replies: 1420
      Points: 5,280
      Helping Hand
      Rank: Community MVP

      When using properties with space, it should be wrapped in quotes ‘security groups’.

      But AFAIK, ‘security groups’ and groups are not properties of a AD user object.

    • #266909
      Participant
      Topics: 9
      Replies: 676
      Points: 2,674
      Helping Hand
      Rank: Community Hero

      But AFAIK, ‘security groups’ and groups are not properties of a AD user object.

      They are not. To see all the properties he can run

      These are the names of all the properties on an AD user. of course I’d limit this to one user if you could using -Filter

    • #267710
      Participant
      Topics: 25
      Replies: 206
      Points: 772
      Helping Hand
      Rank: Major Contributor

      i’d make it even simpler, if you have the details of a user, no reason to user -filter

      get-aduser samaccountname_of_user_here -prop *

      you can then either select name, or look at the properties with a value included, I find that much easier to parse than just the list of names

    • #267716
      Participant
      Topics: 9
      Replies: 676
      Points: 2,674
      Helping Hand
      Rank: Community Hero

      If they have the samaccountname, sure. Otherwise filter.

Viewing 9 reply threads
  • You must be logged in to reply to this topic.