Author Posts

May 12, 2014 at 1:19 am


I'm learning PowerShell and last week I ran a cmdlet that gave me the LDAP properties of the computer object, the output of which was:

TypeName: Microsoft.ActiveDirectory.Management.ADUser

Name MemberType Definition
—- ———- ———-
AccountExpirationDate Property System.DateTime AccountExpirationDate {get;set;}
accountExpires Property System.Int64 accountExpires {get;set;}
AccountLockoutTime Property System.DateTime AccountLockoutTime {get;set;}
AccountNotDelegated Property System.Boolean AccountNotDelegated {get;set;}
adminCount Property System.Int32 adminCount {get;set;}
AllowReversiblePasswordEncryption Property System.Boolean AllowReversiblePasswordEncryptio...
AuthenticationPolicy Property Microsoft.ActiveDirectory.Management.ADProperty...
AuthenticationPolicySilo Property Microsoft.ActiveDirectory.Management.ADProperty...
BadLogonCount Property System.Int32 BadLogonCount {get;}
badPasswordTime Property System.Int64 badPasswordTime {get;set;}
badPwdCount Property System.Int32 badPwdCount {get;set;}
CannotChangePassword Property System.Boolean CannotChangePassword {get;set;}
CanonicalName Property System.String CanonicalName {get;}
Certificates Property Microsoft.ActiveDirectory.Management.ADProperty...
City Property System.String City {get;set;}

however I can't remember what cmdlet I ran. I want to do something similar with the user object as I found the computer list to be very useful

May 12, 2014 at 1:28 am

Looks like you're using the Microsoft ActiveDirectory module.

For computers you probably ran Get-ADComputer

For users you need Get-AdUser.

You will need to use the -Properties parameter if you want properties not included in the default display. See example 3 on the link above

May 12, 2014 at 1:39 am

Hi Richard,

I am using the AD module, although I think I may have used a Get-WMIObject for this. Example 3 shows a list of values for a given identity. The computers list I ran just showed the list of properties as shown here.


May 12, 2014 at 1:48 am

You can't have used get-WmiObject and got that return object.

Your returned object was of type:
TypeName: Microsoft.ActiveDirectory.Management.ADUser

which if you look at the second link I gave you is the return type for Get-ADUser

Anything from Get-WmiObject will be of type:
TypeName: System.Management.ManagementObject#root\cimv2\Win32_BIOS

where the wmi namespace and class are shown after the # sign.

May 12, 2014 at 2:37 am

Hi Richard,

Sorry, I can't remember what command I was using – I've been using Get-ADComputer, Get-ADUserr & Get-WmiObject a lot over the last week or so and maybe mistaken.

Both the Get-ADComputer and Get-ADUser require a mandatory parameter of some sort and return values based on this parameter. The output got last week just shows the Name (of the LDAP field such as DisplayName) the Member Type (all of which are Property) and the Definition (such as System.String DisplayName {get;set;}). I have been looking to recreate this list for both Users and Computer objects.


May 12, 2014 at 2:51 am

Your output appears to be from get-member which shows the properties and methods of an object. You would have got to that display by running something like

get-AdUser -identity Richard -properties * | get-member

May 12, 2014 at 2:54 am

That's the one – thanks. I'll document it now.