More than six years ago, I wrote a post, detailing how I could identify users’ Active Directory group memberships. While the method I detailed certainly works, it isn’t as simple as it might have been. Having recently found myself needing to perform that very same task again, I decided to revisit this topic, to show how I did it this time around.
Sometimes, you need a list of all groups whose name contain a specific string, whether that is in the beginning, middle, or end of the group name. As we’ve seen previously, looking up groups in PowerShell is done with the Get-ADGroup command. Adding the -filter parameter allows us to find groups that satisfy our needs. Using asterisks as wildcards, we can specify whether the string should be at the start, middle, or end:
Two weeks ago, I showed you how I got some specific properties for a specific user. Perhaps unsurprisingly, the next request from my customer was a similar dump from a specific OU. While the Identity parameter works well when you’re dealing with a specific user, it doesn’t help when you want all users.
I was asked to provide an overview of all available properties in an Active Directory user object for an upcoming project. As it turns out, that is very easily accomplished. Unsurprisingly, PowerShell has an applet for this. We use the
Get-ADUser applet, with the parameters
Identity to identify the user in question and
Properties with a wildcard to return all properties.
A few weeks ago, I showed you how to get a list of all enabled user accounts in PowerShell. Perhaps unsurprisingly, after having presented this to my customer, it transpired that what they really wanted, was to know how many enabled user accounts existed in Active Directory.
One of my customers asked for an overview of the UPNs of all users in a specific OU. Having become fairly familiar with the Get-ADUser command, I decided to see if I couldn’t make it do this, too.
Some time ago, I was asked to provide a list of all enabled user accounts in Active Directory. My thoughts immediately went to PowerShell, assuming that there would be tools available to achieve that task. I knew that the
Get-ADUser query, combined with a parameter, would likely be the ticket.
Some time ago, I was asked to provide a list of everyone with access to a specific system. After communicating with the client, it transpired that they were particularly interested in knowing who were the members of a set of Active Directory groups. While this can be done manually, I wanted to try my hand at building a PowerShell-script that returned the information the client was asking for, and which I could reuse at some later point, as such requests pop up with some regularity.