Look up AD user properties using powershell

,

You will need powershell active directory module installed on the computer where you are running this script from.

If you are using a Windows 10 machine like I am right now, here is a good resource to get the AD module installed.

https://gallery.technet.microsoft.com/Install-the-Active-fd32e541

You would need a normal AD account to be able to search AD. However, you don't need to be a domain admin or need any special permission in the AD.

try
{

		Import-Module Activedirectory 

		# we will grab current domainuser if no specific user or domain is specified

		$domain_name = ""
		$username = ""

		if ($username -eq "") {$username = $env:UserName}

		"User Name: " + $username  

		""

		if ($domain_name -eq "") {$domain_name = (Get-ADDomain).Name}

		"Domain: " + $domain_name

		$domain_controller = (Get-ADDomainController -Discover -DomainName $domain_name).HostName

		"Domain Controller: " + $domain_controller

		$domain_FQDN = (Get-ADDomain $domain_name).DNSRoot 
		"Domain FQDN: " + $domain_FQDN

		$domain_DN = (Get-ADDomain $domain_name).DistinguishedName

		"Domain Distinguished Name: " + $domain_DN

		""
		# lets look up the user in the AD         
		$get_aduser = Get-ADUser -Server $domain_FQDN -Properties * -Filter {sAMAccountName -eq $username} 
		If ($get_aduser -eq $Null)  

		{

				"Attention: User $username not found in AD domain $domain_FQDN"
				return

		}
		Else  {"SUCCESS: User $username exists in AD domain $domain_FQDN"}

		"Is password expired? " + $get_aduser.PasswordExpired
		"Is user enabled? " + $get_aduser.Enabled
		"Is user Locked Out? " + $get_aduser.LockedOut

		$group_membership = Get-ADPrincipalGroupMembership $username

		""
		"Group Membership:"
		"----------------"
		$group_membership.Name

		# now display all user properties
		$get_aduser
}

catch
{
		$_
}

Rate

Share

Share

Rate