Technical Article

Look up AD user properties using powershell

,

You will need powershell active directory module installed on the computer where you are running this script from.

If you are using a Windows 10 machine like I am right now, here is a good resource to get the AD module installed.

https://gallery.technet.microsoft.com/Install-the-Active-fd32e541

You would need a normal AD account to be able to search AD. However, you don't need to be a domain admin or need any special permission in the AD.

try
{

Import-Module Activedirectory 

# we will grab current domainuser if no specific user or domain is specified

$domain_name = ""
$username = ""

if ($username -eq "") {$username = $env:UserName}

"User Name: " + $username  

""

if ($domain_name -eq "") {$domain_name = (Get-ADDomain).Name}

"Domain: " + $domain_name

$domain_controller = (Get-ADDomainController -Discover -DomainName $domain_name).HostName

"Domain Controller: " + $domain_controller

$domain_FQDN = (Get-ADDomain $domain_name).DNSRoot 
"Domain FQDN: " + $domain_FQDN

$domain_DN = (Get-ADDomain $domain_name).DistinguishedName

"Domain Distinguished Name: " + $domain_DN

""
# lets look up the user in the AD         
$get_aduser = Get-ADUser -Server $domain_FQDN -Properties * -Filter {sAMAccountName -eq $username} 
If ($get_aduser -eq $Null)  

{

"Attention: User $username not found in AD domain $domain_FQDN"
return

}
Else  {"SUCCESS: User $username exists in AD domain $domain_FQDN"}

"Is password expired? " + $get_aduser.PasswordExpired
"Is user enabled? " + $get_aduser.Enabled
"Is user Locked Out? " + $get_aduser.LockedOut

$group_membership = Get-ADPrincipalGroupMembership $username

""
"Group Membership:"
"----------------"
$group_membership.Name

# now display all user properties
$get_aduser
}

catch
{
$_
}

Rate

You rated this post out of 5. Change rating

Share

Join the discussion and add your comment

Share

Rate

You rated this post out of 5. Change rating

Related content