Created
December 18, 2019 11:20
-
-
Save dade80vr/335a26da7d6819cf4b7c399b92bb345f to your computer and use it in GitHub Desktop.
Usefull Powershell command for query Windows AD Users
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#ACCOUNT BLOCCATI | |
get-aduser -Properties * -filter *| Where-Object {$_.LockedOut -eq $true} | select displayname,samaccountname | sort-object displayname | export-csv -Path e:\Test\users_Locked.csv -NoTypeInformation | |
#ACCOUNT DISABILITATI | |
get-aduser -Properties * -filter *| Where-Object {$_.Enabled -eq $false} | select displayname,samaccountname | sort-object displayname | export-csv -Path e:\Test\users_Disabled.csv -NoTypeInformation | |
#ACCOUNT ABILITATI | |
get-aduser -Properties * -filter *| Where-Object {$_.Enabled -eq $true} | select displayname,samaccountname | sort-object displayname | export-csv -Path e:\Test\users_Enabled.csv -NoTypeInformation | |
#ACCOUNT ATTIVI CON PSW SENZA SCADENZA | |
get-aduser -Properties * -filter *| Where-Object {($_.passwordneverexpires -eq $true) -and ($_.Enabled -eq $true)} | select displayname,samaccountname | sort-object displayname | export-csv -Path e:\test\users_PswNoExpires.csv -NoTypeInformation | |
#ACCOUNT SENZA PSW (rif. https://4sysops.com/archives/find-ad-users-with-empty-password-passwd_notreqd-flag-using-powershell/) | |
get-aduser -Properties * -LDAPFilter "(&(userAccountControl:1.2.840.113556.1.4.803:=32)(!(IsCriticalSystemObject=TRUE)))" | select displayname,SamAccountName | sort-object displayname | export-csv e:\test\users_PswNotReq.csv -NoTypeInformation | |
#ACCOUNT CON SCADENZA PSW | |
Get-ADUser -filter {(Enabled -eq $True) -and (PasswordNeverExpires -eq $False)} –Properties DisplayName,samaccountname,"msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property "Displayname","SamAccountName",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | sort-object expirydate | export-csv e:\test\users_DatePsw.csv -NoTypeInformation | |
#ACCOUNT ATTIVI CON DATA ULTIMO LOGON | |
Get-ADUser -filter {Enabled -eq $True} –Properties * | Select-Object -Property "Displayname","SamAccountName",@{Name="LastLogonDate";Expression={[datetime]::FromFileTime($_.LastLogon)}} | sort-object samaccountname | export-csv e:\test\users_LastLogon.csv -NoTypeInformation |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment