Get-ADUser Examples With Screenshots

by Robert Allen

Looking for a list of Get-ADUser examples and filters? Then look no further.

In this guide, I’ll show you how to use get-aduser PowerShell command to find user objects in Active Directory.

I’ll also show you how to use the get-aduser filter command to search AD for specific users or for all users in an organizational unit. By default the get-aduser command does not list all user attributes, to fix this you can use the -properties parameter to list all user attributes.

Let’s get started.

Video Tutorial

If you don’t like videos or need more instructions, then continue reading.

To view all Get-ADUser properties and syntax refer to the Microsoft Get-ADUser documentation.

Example 1: Get a Single User

To get a single user use the -identity parameter. You can identify a user by its distinguished name (DN), GUID, security identifier (SID), or Security Account Manager (SAM) account name.

In all the examples I’ll be using the SAM account name to identify user accounts.

In this example, I get the user robert.allen.

get-aduser -Identity robert.allen

Example screenshot below.

get-aduser single user

Example 2: Get a Single User and All User Properties

By default, the get-aduser command only returns a few user attributes. To get all the attributes that are set on the user, use -properties *.

get-aduser -Identity robert.allen -Properties *
get-aduser all user properties

Example 3: Get All Users in the Domain

To list all users in the domain use the -filter * parameter.

get-aduser -filter *

This will list all users and the default attributes.

get-aduser all domain users

Example 4: Get All Users and Format the Output

To make the previous example easier to read you can output the results in columns using the format-table option.

get-aduser -filter * | Format-Table

You can see below this format is much easier to read.

format the output

Example 5: Get All Users & The Department Attribute

In this example, I will get all users by their displayname and get the department attribute.

get-aduser -filter * -Properties * | select displayname, department
get all users and department attribute

Example 6: Get All Users Email Addresses

In this example, I will get all user’s first and last names and email addresses.

get-aduser -filter * -Properties * | select givenname, sn, mail
get-aduser all email addresses

Example 7. Get All Users from an OU

In this example, I’ll get all users from an organizational unit.

You first need to get the distinguishedName of the OU.

To do this, right click on the OU, and select properties. Then select the Attribute Editor Tab and find the distinguishedName value.

get distinguishedName value

In the screenshot above the Accounting OU distinguishedName is OU=Accounting,OU=ADPRO Users,DC=ad,DC=activedirectorypro,DC=com.

See the below example for the complete command. This example will get all users from the Accounting OU.

get-aduser -filter * -SearchBase "OU=Accounting,OU=ADPRO Users,DC=ad,DC=activedirectorypro,DC=com"
get all users from an OU

Example 8: Find Users by First Name

To list all users with a specific first name, use the -eq filter. In this example, I’ll get all users with the first name “Mark”.

Get-ADUser -Filter "GivenName -eq 'mark'"
find users by first name

Example 9. Find Users by Last Name

To list all users with a specific last name use the -eq filter. In this example, I’ll get all users with the last name “smith”.

Get-ADUser -Filter "Surname -eq 'smith'"
find users by last name

Example 10: Get All Users with a Logon Script

In this example, I will list all users that have a logon script set.

Get-ADUser -Filter {Scriptpath -ne "$Null"} -Properties * | select name, scriptpath
get all users with a logon script

Example 11: Users That Can Log On To All Computers

You can search accounts that have log on restrictions set on the Account tab. In this example, I’ll list all accounts that can log on to all computers.

Get-ADUser -LDAPFilter "(!LogonWorkstations=*)" -Properties * | select-object samaccountname,givenname,surname,logonworkstations

Example 12: Get All Phone Numbers for a User

This is a neat trick, you can use a wildcard with the select-object to get all properties. Instead of listing each phone attribute, you can use *phone* to get all associated phone numbers for a user.

Get-ADUser -Identity Alice.Mills -Properties * | select name, *phone*

Example 13. Search Users by City

In this example, I’ll find all users that have “Indianapolis” set for their City.

 get-aduser -filter {City -like "Indianapolis"} -Properties * | select name, city
get-aduser search by city property

I hope you enjoyed this article, if you have questions leave a comment below. If you want to get Azure users then refer to my article PowerShell Get Azure AD Users.

Topics: Search Active Directory

Recommended Tools

  • AD Cleanup Tool - Find stale and inactive user and computer accounts in Active Directory. Export, disable, move or delete the stale accounts to increase security.
  • AD User Creation Tool - Bulk import or update Active Directory user accounts. Add users to groups, import into OUs, set multiple attributes and more.
  • NTFS Permissions Tool - Scan and audit NTFS folder permissions. See which users and groups have access to what.
  • AD Reporting Tool - Over 200 reports on users, computers, groups, OUs and more. Customize reports or create your own reports with the report builder.

2 thoughts on “Get-ADUser Examples With Screenshots”

  1. Hi, the command below shows the user’s last login, I would like to list the first login and the last one that the user did in AD.
    Get-ADUser -Identity “username” -Properties “LastLogonDate”

    It is possible.

    Reply
    • LastLogonDate only stores the most recent value. If you want to track logon history it’s better to use the event logs.

      Reply

Leave a Comment