Useful Powershell Commands

I’ll try to keep adding to this list.

Get info about a user or users:
Get-ADUser is powerful with a lot of great options.

Get-ADUser -Identity kcordero -Properties *
Get-ADUser -Identity kcordero -Properties "userPrincipalName"
Get-ADUser -Identity kcordero -Properties "objectGUID"
Get-ADUser -Identity kcordero -Properties "MemberOf"

Get-ADUser -Identity kcordero -Properties Enabled, CanonicalName, Displayname, Givenname, Surname, EmployeeNumber, EmailAddress, Department, StreetAddress, Title, MemberOf | select Enabled, CanonicalName, Displayname, GivenName, Surname, EmployeeNumber, EmailAddress, Department, Title, MemberOf

Get-ADUser -Identity kcordero -Properties Enabled, CanonicalName, Displayname, Givenname, Surname, EmployeeNumber, EmailAddress, Department, StreetAddress, Title, MemberOf | select Enabled, CanonicalName, Displayname, GivenName, Surname, EmployeeNumber, EmailAddress, Department, Title, MemberOf | Export-CSV "kcordero.csv" 

Get a list of users that have Password Never Expires:

get-aduser -filter * -properties Name, PasswordNeverExpires| where { $_.passwordNeverExpires -eq "true" } | where {$_.enabled -eq "true"} 

Get-ADUser -SearchBase "DC=cordero,DC=me" -filter {Enabled -eq $True -and PasswordNeverExpires -eq $True} -Properties "SamAccountName","msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property "SamAccountName", @{Name="Password Expiry Date"; Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | Format-Table

Search-ADAccount -PasswordNeverExpires | FT Name,ObjectClass -A

Search user for when the password was last set:

get-aduser -identity  kcordero -properties passwordlastset | ft Name, passwordlastset

Get a list of all domain admins:

Get-ADGroupMember "Domain Admins" | Get-AdUser -Property LastLogonDate | select name,distinguishedName,LastLogonDate
More Stories
Palo Alto – Source Ping