I’ll try to keep adding to this list.
Get info about a user or users:
Get-ADUser is powerful with a lot of great options.
Get-ADUser -Identity kcordero -Properties * Get-ADUser -Identity kcordero -Properties "userPrincipalName" Get-ADUser -Identity kcordero -Properties "objectGUID" Get-ADUser -Identity kcordero -Properties "MemberOf" Get-ADUser -Identity kcordero -Properties Enabled, CanonicalName, Displayname, Givenname, Surname, EmployeeNumber, EmailAddress, Department, StreetAddress, Title, MemberOf | select Enabled, CanonicalName, Displayname, GivenName, Surname, EmployeeNumber, EmailAddress, Department, Title, MemberOf Get-ADUser -Identity kcordero -Properties Enabled, CanonicalName, Displayname, Givenname, Surname, EmployeeNumber, EmailAddress, Department, StreetAddress, Title, MemberOf | select Enabled, CanonicalName, Displayname, GivenName, Surname, EmployeeNumber, EmailAddress, Department, Title, MemberOf | Export-CSV "kcordero.csv"
Get a list of users that have Password Never Expires:
get-aduser -filter * -properties Name, PasswordNeverExpires| where { $_.passwordNeverExpires -eq "true" } | where {$_.enabled -eq "true"}
Get-ADUser -SearchBase "DC=cordero,DC=me" -filter {Enabled -eq $True -and PasswordNeverExpires -eq $True} -Properties "SamAccountName","msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property "SamAccountName", @{Name="Password Expiry Date"; Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | Format-Table
Search-ADAccount -PasswordNeverExpires | FT Name,ObjectClass -A
Search user for when the password was last set:
get-aduser -identity kcordero -properties passwordlastset | ft Name, passwordlastset
Get a list of all domain admins:
Get-ADGroupMember "Domain Admins" | Get-AdUser -Property LastLogonDate | select name,distinguishedName,LastLogonDate