Looking for a list of Get-ADUser examples and filters? Then look no further.
In this guide, I’ll show you how to use get-aduser PowerShell command to find user objects in Active Directory.
I’ll also show you how to use the get-aduser filter command to search AD for specific users or for all users in an organizational unit. By default the get-aduser command does not list all user attributes, to fix this you can use the -properties parameter to list all user attributes.
Let’s get started.
Video Tutorial
If you don’t like videos or need more instructions, then continue reading.
To view all Get-ADUser properties and syntax refer to the Microsoft Get-ADUser documentation.
Example 1: Get a Single User
To get a single user use the -identity parameter. You can identify a user by its distinguished name (DN), GUID, security identifier (SID), or Security Account Manager (SAM) account name.
In all the examples I’ll be using the SAM account name to identify user accounts.
In this example, I get the user robert.allen.
get-aduser -Identity robert.allen
Example screenshot below.
Example 2: Get a Single User and All User Properties
By default, the get-aduser command only returns a few user attributes. To get all the attributes that are set on the user, use -properties *.
get-aduser -Identity robert.allen -Properties *
Example 3: Get All Users in the Domain
To list all users in the domain use the -filter * parameter.
get-aduser -filter *
This will list all users and the default attributes.
Example 4: Get All Users and Format the Output
To make the previous example easier to read you can output the results in columns using the format-table option.
get-aduser -filter * | Format-Table
You can see below this format is much easier to read.
Example 5: Get All Users & The Department Attribute
In this example, I will get all users by their displayname and get the department attribute.
get-aduser -filter * -Properties * | select displayname, department
Example 6: Get All Users Email Addresses
In this example, I will get all user’s first and last names and email addresses.
get-aduser -filter * -Properties * | select givenname, sn, mail
Example 7. Get All Users from an OU
In this example, I’ll get all users from an organizational unit.
You first need to get the distinguishedName of the OU.
To do this, right click on the OU, and select properties. Then select the Attribute Editor Tab and find the distinguishedName value.
In the screenshot above the Accounting OU distinguishedName is OU=Accounting,OU=ADPRO Users,DC=ad,DC=activedirectorypro,DC=com.
See the below example for the complete command. This example will get all users from the Accounting OU.
get-aduser -filter * -SearchBase "OU=Accounting,OU=ADPRO Users,DC=ad,DC=activedirectorypro,DC=com"
Example 8: Find Users by First Name
To list all users with a specific first name, use the -eq filter. In this example, I’ll get all users with the first name “Mark”.
Get-ADUser -Filter "GivenName -eq 'mark'"
Example 9. Find Users by Last Name
To list all users with a specific last name use the -eq filter. In this example, I’ll get all users with the last name “smith”.
Get-ADUser -Filter "Surname -eq 'smith'"
Example 10: Get All Users with a Logon Script
In this example, I will list all users that have a logon script set.
Get-ADUser -Filter {Scriptpath -ne "$Null"} -Properties * | select name, scriptpath
Example 11: Users That Can Log On To All Computers
You can search accounts that have log on restrictions set on the Account tab. In this example, I’ll list all accounts that can log on to all computers.
Get-ADUser -LDAPFilter "(!LogonWorkstations=*)" -Properties * | select-object samaccountname,givenname,surname,logonworkstations
Example 12: Get All Phone Numbers for a User
This is a neat trick, you can use a wildcard with the select-object to get all properties. Instead of listing each phone attribute, you can use *phone* to get all associated phone numbers for a user.
Get-ADUser -Identity Alice.Mills -Properties * | select name, *phone*
Example 13. Search Users by City
In this example, I’ll find all users that have “Indianapolis” set for their City.
get-aduser -filter {City -like "Indianapolis"} -Properties * | select name, city
I hope you enjoyed this article, if you have questions leave a comment below. If you want to get Azure users then refer to my article PowerShell Get Azure AD Users.
Topics: Search Active Directory
Hi, the command below shows the user’s last login, I would like to list the first login and the last one that the user did in AD.
Get-ADUser -Identity “username” -Properties “LastLogonDate”
It is possible.
LastLogonDate only stores the most recent value. If you want to track logon history it’s better to use the event logs.