Get-ADUser

Get-ADUser - Get an overview of the most powerful PowerShell command for Active Directory!

The Get-ADUser PowerShell CmdLet is a powerful command to query Active Directory user objects and generate reports.

This article provides examples of the most widely used parameters for Get-ADUser.

Pre-Requisites to Run Get-ADUser

The Get-ADUser CmdLet is found in the ActiveDirectory PowerShell module.

This module is part of RSAT, available by default on domain controllers. On Windows 10 version 1809 and later, you can install RSAT by running the following from an admin PowerShell console:

Get-WindowsCapability -Name RSAT.ActiveDirectory* -Online | Add-WindowsCapability -Online

(to install RSAT on any other OS, read this article).

With that taken care of, let’s look at the most popular parameters of the Get-ADUser PowerShell command.

Get-ADUser -Identity

The Identity parameter IDs your user account. The ID denotes a SamAccountName, GUID, DistinguishedName, or SID.

In most cases, you’ll probably use the SamAccountName.

This parameter is implicit, meaning you don’t have to type it out if you enter the user ID as the first parameter:

[PS] C:\>Get-ADUser amy.brown
DistinguishedName : CN=Amy Brown,OU=Iowa,OU=UnitedStates,OU=Users,OU=E365M,DC=easy365manager,DC=local
Enabled           : True
GivenName         : Amy
Name              : Amy Brown
ObjectClass       : user
ObjectGUID        : 63d77678-35b4-4704-9790-80479ee6a26e
SamAccountName    : amy.brown
SID               : S-1-5-21-3688220979-3330231506-4120471870-9973
Surname           : Brown
UserPrincipalName : amy.brown@azure.skrubbeltrang.com

The limited output seen in the above output brings us to the next very useful parameter.

Get-ADUser -Properties

The Properties parameter is a comma-separated list of additional user properties you want to retrieve (in addition to the standard properties seen in the previous output).

Here’s an example that lists the ProxyAddresses property:

[PS] C:\>Get-ADUser amanda.gray -Properties proxyAddresses,mailNickname
DistinguishedName : CN=Amanda Gray,OU=Alabama,OU=UnitedStates,OU=Users,OU=E365M,DC=easy365manager,DC=local
Enabled           : True
GivenName         : Amanda
mailNickname      : amanda.gray
Name              : Amanda Gray
ObjectClass       : user
ObjectGUID        : 035dde6d-ce0e-4b05-b161-bbf18df268e3
proxyAddresses    : {SMTP:amanda.gray@azure.skrubbeltrang.com, smtp:amanda.gray@e365m.onmicrosoft.com, smtp:amanda.gray@e365m.mail.onmicrosoft.com}
SamAccountName    : amanda.gray
SID               : S-1-5-21-3688220979-3330231506-4120471870-9056
Surname           : Gray
UserPrincipalName : amanda.gray@azure.skrubbeltrang.com

(Notice that properties are not case-sensitive in Active Directory.)

How to View Multivalue Properties

An easy way to display multivalue properties, like MemberOf or ProxyAddresses, is to use parenthesis before addressing the property:

PS C:\> (Get-ADUser alexander.ruiz -Properties *).proxyAddresses
SMTP:alexander.ruiz@azure.skrubbeltrang.com
smtp:alexander.ruiz@e365m.onmicrosoft.com
smtp:alexander.ruiz@e365m.mail.onmicrosoft.com

Also, if you can’t remember the exact name of the properties you want to retrieve, there is a neat trick.

E.g. to retrieve those oddly named Exchange-type properties, just run the following CmdLet:

PS C:\> Get-ADUser -Identity amanda.gray -Properties * | fl *exch*
msExchRecipientDisplayType : -2147483642
msExchRecipientTypeDetails : 2147483648
msExchRemoteRecipientType  : 4
msExchVersion              : 44220983382016

(Unless you frequently query thousands of objects, it’s usually more convenient to get all properties using a wildcard instead of explicitly typing them out.)

Get-ADUser -Filter and -LdapFilter

To search out users based on various criteria, you can use the Filter or the LdapFilter parameter.

Searching and filtering is a big topic, and we have written dedicated articles on both the -Filter switch and the -LdapFilter switch.

It’s no secret that we prefer the LdapFilter as it is much more potent than the Filter parameter.

Once you master the basic rules of LDAP filtering, you can write up complex queries targeting any user properties your heart desire!

Here’s an LDAP query using wildcards and a logical ‘and’:

PS C:\> Get-ADUser -LDAPFilter "(&(proxyAddresses=*)(samAccountName=*man*))" | ft Name,GivenName,Surname
Name            GivenName Surname
----            --------- -------
Amanda Peterson Amanda    Peterson
Amanda Gray     Amanda    Gray
Amanda Mitchell Amanda    Mitchell
Amanda Scott    Amanda    Scott

(Check out this article for an overview of the LDAP query syntax.)

And here’s an example of a query using the Filter switch:

PS C:\> Get-ADUser -Filter "DisplayName -like '*tha lo*'" | ft Name,UserPrincipalName
Name           UserPrincipalName
----           -----------------
Samantha Lopez samantha.lopez@azure.skrubbeltrang.com
Samantha Long  samantha.long@azure.skrubbeltrang.com

(Check out this article for more examples of the Filter switch.)

Next, to limit your search to a particular OU, let’s look at the SearchBase parameter.

Get-ADUser -SearchBase

With the SearchBase switch, you can limit your search (Filter/LdapFilter) to a given OU (and any sub-OUs).

The SearchScope parameter has three options (“Base”, “OneLevel”, “SubTree”). SubTree is the default value, and you often leave out the SearchScope parameter.

This is a sample query that uses the SearchBase parameter:

PS C:\> Get-ADUser -LDAPFilter "(givenName=Dennis)" -SearchBase "OU=UnitedStates,OU=Users,OU=E365M,DC=easy365manager,DC=local" -SearchScope SubTree -ResultSetSize 5 | ft UserPrincipalName
UserPrincipalName
-----------------
dennis.smith@azure.skrubbeltrang.com
dennis.johnson@azure.skrubbeltrang.com
dennis.williams@azure.skrubbeltrang.com
dennis.brown@azure.skrubbeltrang.com
dennis.jones@azure.skrubbeltrang.com

(Use the ResultSetSize parameter to limit the number of results.)

How to Generate Reports Using Get-ADUser

Especially in larger organizations, people frequently come to the infrastructure guys for reporting.

You can earn a lot of cake by mastering the art of exporting AD information to Excel! 😉

Fortunately, this is not very complex.

The following script searches out all US users that are migrated to Office 365 and exports the result to a .csv file:

Get-ADUser -LDAPFilter "(&(c=US)(msExchRemoteRecipientType=4))" -properties * | Select-Object DisplayName,UserPrincipalName | Export-Csv ($Env:temp + "\US_Migrated_O365.csv") -NoTypeInformation

Next Level Active Directory and Office 365 Management

Would you like to:

  • Manage AD and Office 365 in a single interface (AD Users & Computers).
  • Offload complex tasks like calendar delegation to 1st-line support in seconds.
  • Remove your Exchange on-premises Server.

With Easy365Manager, you no longer have to log in to the Microsoft 365 Admin Center, the Exchange Online Admin Center, or the Azure Portal for daily user management.

Consider the following example where calendar delegation is configured in a few seconds without using complex PowerShell scripting:

Easy365Manager is a snap-in to AD Users & Computers that allows you to manage Office 365 mailboxes and licenses as part of your standard AD management.

Easy365Manager extends user properties with two new tabs, so you no longer have to switch between multiple tools to perform daily management:

Exchange Online Mailbox properties in AD Users & Computers
User properties, "Mailbox tab"

With Easy365Manager you can remove your on-premises Exchange server to avoid all future zero-day exploits.

Watch the extensive feature list here.

Easy365Manager does not make any changes to your infrastructure, and you can install it in less than one minute.

Try the 30-day trial. We guarantee you’ll be saving hours of work before the end of the week!