It’s not uncommon to find poorly kept active directories. The more administrators there are and the more time that has elapsed it is common to find very poor active directory hygiene. One thing that a lot of administrators like to do is leave old accounts as disabled, scattered throughout the entire active directory. This makes auditing difficult.
Here we provide two easy to understand and modify scripts administrators can use to find all the details they need on their users.
Get-ADUser -Filter {Enabled -eq $true -and ObjectClass -eq "user"} -Properties Name, GivenName, Name, Mail, Title, LastLogonDate, WhenCreated, LogonCount |
Format-Table Name, GivenName, Name, Title, Mail, LastLogonDate, WhenCreated, LogonCount -AutoSize
Get-ADUser -Filter {Enabled -eq $false -and ObjectClass -eq "user"} -Properties Name, GivenName, Name, Mail, Title, LastLogonDate, WhenCreated, LogonCount |
Format-Table Name, GivenName, Name, Title, Mail, LastLogonDate, WhenCreated, LogonCount -AutoSize
It’s straightforward to remove columns from this script but a little more challenging to know what fields to add. In particular you probably don’t know the attribute names that you’re looking for. Fortunately they are is easily displayed:
The ATTRIBUTE column displays the name of all the attributes users have in Active Directory.
To make this easier to sort through you might want to click the FILTER button and select SHOW ONLY ATTRIBUTES THAT HAVE VALUES
This website uses cookies.