How to Script the Export/Modify of Active Directory Objects Attributes

How to Script the Export/Modify of Active Directory Objects Attributes

Dsquery * -limit 0 -filter "&(objectClass=User)(objectCategory=Person)" -attr * >>AllUsers.txt


Get-ADUser -Filter * -property *

Get-ADUser -F * -PR *

Quest Powershell Script

Get-QADUser -Name * -sizelimit 0 | select givenName,sn,name,PasswordExpires | Export-CSV c:\pass_exp.csv

Find some specific attributes for a OU users using powershell

PS C:\> get-aduser -f * -Searchbase "ou=powershell,dc=contoso,dc=com" -pr SamAccountName,PasswordExpired,whenChanged,UserPrincipalName
Find users attributes (Users input from a Text file)

PS C:\> get-content c:\users.txt | get-aduser -pr SamAccountName,PasswordExpired,whenChanged,UserPrincipalName

DistinguishedName : CN=rock,CN=Users,DC=contoso,DC=com
Enabled           : True
GivenName         : rock
Name              : rock
ObjectClass       : user
ObjectGUID        : 57bcbc28-c46a-4ba3-8cad-db4eada9230e
PasswordExpired   : True
SamAccountName    : rock
SID               : S-1-5-21-359348832-1345755819-277917231-1109
Surname           :
UserPrincipalName :
whenChanged       : 9/19/2013 7:51:09 AM
DistinguishedName : CN=Administrator,CN=Users,DC=contoso,DC=com
Enabled           : True
GivenName         :
Name              : Administrator
ObjectClass       : user
ObjectGUID        : d7d91e0a-e25d-4adc-8c70-8197afd698e4
PasswordExpired   : False
SamAccountName    : Administrator
SID               : S-1-5-21-359348832-1345755819-277917231-500
Surname           :
UserPrincipalName :
whenChanged       : 9/10/2013 7:37:38 AM
DistinguishedName : CN=copy,CN=Users,DC=contoso,DC=com
Enabled           : True
GivenName         : copy
Name              : copy
ObjectClass       : user
ObjectGUID        : e3867e09-2f04-4238-aa36-aa1c83323d08
PasswordExpired   : True
SamAccountName    : copy
SID               : S-1-5-21-359348832-1345755819-277917231-1106
Surname           :
UserPrincipalName :
whenChanged       : 9/3/2013 4:19:17 PM

Below example for user attributes
001.AccountExpirationDate                :
002.accountExpires                       : 9223372036854775807
003.AccountLockoutTime                   :
004.AccountNotDelegated                  : False
005.AllowReversiblePasswordEncryption    : False
006.BadLogonCount                        : 0
007.badPasswordTime                      : 0
008.badPwdCount                          : 0
009.CannotChangePassword                 : False
010.CanonicalName                        : Seth
011.Certificates                         : {}
012.City                                 :
013.CN                                   : Ankur Seth
014.codePage                             : 0
015.Company                              :
016.CompoundIdentitySupported            : {}
017.Country                              :
018.countryCode                          : 0
019.Created                              : 5/24/2013 11:50:43 PM
020.createTimeStamp                      : 5/24/2013 11:50:43 PM
021.Deleted                              :
022.Department                           :
023.Description                          : ADMIN
024.DisplayName                          : Ankur Seth
025.DistinguishedName                    : CN=Ankur Seth,OU=Powershell,DC=contoso,DC=com
026.Division                             :
027.DoesNotRequirePreAuth                : False
028.dSCorePropagationData                : {12/31/1600 4:00:00 PM}
029.EmailAddress                         :
030.EmployeeID                           :
031.EmployeeNumber                       :
032.Enabled                              : True
033.Fax                                  :
034.GivenName                            : Ankur
035.HomeDirectory                        :
036.HomedirRequired                      : False
037.HomeDrive                            :
038.HomePage                             :
039.HomePhone                            :
040.Initials                             :
041.instanceType                         : 4
042.isDeleted                            :
043.KerberosEncryptionType               : {}
044.LastBadPasswordAttempt               :
045.LastKnownParent                      :
046.lastLogoff                           : 0
047.lastLogon                            : 0
048.LastLogonDate                        :
049.LockedOut                            : False
050.logonCount                           : 0
051.LogonWorkstations                    :
052.Manager                              :
053.MemberOf                             : {}
054.MNSLogonAccount                      : False
055.MobilePhone                          :
056.Modified                             : 5/24/2013 11:56:24 PM
057.modifyTimeStamp                      : 5/24/2013 11:56:24 PM
058.msDS-User-Account-Control-Computed   : 8388608
059.Name                                 : Ankur Seth
060.nTSecurityDescriptor                 : System.DirectoryServices.ActiveDirectorySecurity
061.ObjectCategory                       : CN=Person,CN=Schema,CN=Configuration,DC=contoso,DC=com
062.ObjectClass                          : user
063.ObjectGUID                           : cd1f097f-8c54-4988-9bcd-ced6cb954e9c
064.objectSid                            : S-1-5-21-3894563728-440662116-3668880775-1105
065.Office                               :
066.OfficePhone                          :
067.Organization                         :
068.OtherName                            :
069.PasswordExpired                      : True
070.PasswordLastSet                      :
071.PasswordNeverExpires                 : False
072.PasswordNotRequired                  : False
073.POBox                                :
074.PostalCode                           :
075.PrimaryGroup                         : CN=Domain Users,CN=Users,DC=contoso,DC=com
076.primaryGroupID                       : 513
077.PrincipalsAllowedToDelegateToAccount : {}
078.ProfilePath                          :
079.ProtectedFromAccidentalDeletion      : False
080.pwdLastSet                           : 0
081.SamAccountName                       : ASeth
082.sAMAccountType                       : 805306368
083.ScriptPath                           :
084.sDRightsEffective                    : 15
085.ServicePrincipalNames                : {}
086.SID                                  : S-1-5-21-3894563728-440662116-3668880775-1105
087.SIDHistory                           : {}
088.SmartcardLogonRequired               : False                                   : Seth
090.State                                :
091.StreetAddress                        :
092.Surname                              : Seth
093.Title                                :
094.TrustedForDelegation                 : False
095.TrustedToAuthForDelegation           : False
096.UseDESKeyOnly                        : False
097.userAccountControl                   : 512
098.userCertificate                      : {}
099.UserPrincipalName                    :
100.uSNChanged                           : 28712
101.uSNCreated                           : 28705
102.whenChanged                          : 5/24/2013 11:56:24 PM
103.whenCreated                          : 5/24/2013 11:50:43 PM
How to reset the passwords for some specific users
get-content c:\users.txt | get-aduser | Set-ADAccountPassword -NewPassword (ConvertTo-SecureString -AsPlainText monster@me123 -Force)

How to update the manager field for bulk users.
get-content c:\users.txt | get-aduser | Set-ADUser -Manager "Biswajit"

Which commands are in the Active Directory module
001.PS C:\> get-command -module ActiveDirectory
003.CommandType     Name                                               ModuleName
004.-----------     ----                                               ----------
005.Cmdlet          Add-ADCentralAccessPolicyMember                    ActiveDirectory
006.Cmdlet          Add-ADComputerServiceAccount                       ActiveDirectory
007.Cmdlet          Add-ADDomainControllerPasswordReplicationPolicy    ActiveDirectory
008.Cmdlet          Add-ADFineGrainedPasswordPolicySubject             ActiveDirectory
009.Cmdlet          Add-ADGroupMember                                  ActiveDirectory
010.Cmdlet          Add-ADPrincipalGroupMembership                     ActiveDirectory
011.Cmdlet          Add-ADResourcePropertyListMember                   ActiveDirectory
012.Cmdlet          Clear-ADAccountExpiration                          ActiveDirectory
013.Cmdlet          Clear-ADClaimTransformLink                         ActiveDirectory
014.Cmdlet          Disable-ADAccount                                  ActiveDirectory
015.Cmdlet          Disable-ADOptionalFeature                          ActiveDirectory
016.Cmdlet          Enable-ADAccount                                   ActiveDirectory
017.Cmdlet          Enable-ADOptionalFeature                           ActiveDirectory
018.Cmdlet          Get-ADAccountAuthorizationGroup                    ActiveDirectory
019.Cmdlet          Get-ADAccountResultantPasswordReplicationPolicy    ActiveDirectory
020.Cmdlet          Get-ADCentralAccessPolicy                          ActiveDirectory
021.Cmdlet          Get-ADCentralAccessRule                            ActiveDirectory
022.Cmdlet          Get-ADClaimTransformPolicy                         ActiveDirectory
023.Cmdlet          Get-ADClaimType                                    ActiveDirectory
024.Cmdlet          Get-ADComputer                                     ActiveDirectory
025.Cmdlet          Get-ADComputerServiceAccount                       ActiveDirectory
026.Cmdlet          Get-ADDCCloningExcludedApplicationList             ActiveDirectory
027.Cmdlet          Get-ADDefaultDomainPasswordPolicy                  ActiveDirectory
028.Cmdlet          Get-ADDomain                                       ActiveDirectory
029.Cmdlet          Get-ADDomainController                             ActiveDirectory
030.Cmdlet          Get-ADDomainControllerPasswordReplicationPolicy    ActiveDirectory
031.Cmdlet          Get-ADDomainControllerPasswordReplicationPolicy... ActiveDirectory
032.Cmdlet          Get-ADFineGrainedPasswordPolicy                    ActiveDirectory
033.Cmdlet          Get-ADFineGrainedPasswordPolicySubject             ActiveDirectory
034.Cmdlet          Get-ADForest                                       ActiveDirectory
035.Cmdlet          Get-ADGroup                                        ActiveDirectory
036.Cmdlet          Get-ADGroupMember                                  ActiveDirectory
037.Cmdlet          Get-ADObject                                       ActiveDirectory
038.Cmdlet          Get-ADOptionalFeature                              ActiveDirectory
039.Cmdlet          Get-ADOrganizationalUnit                           ActiveDirectory
040.Cmdlet          Get-ADPrincipalGroupMembership                     ActiveDirectory
041.Cmdlet          Get-ADReplicationAttributeMetadata                 ActiveDirectory
042.Cmdlet          Get-ADReplicationConnection                        ActiveDirectory
043.Cmdlet          Get-ADReplicationFailure                           ActiveDirectory
044.Cmdlet          Get-ADReplicationPartnerMetadata                   ActiveDirectory
045.Cmdlet          Get-ADReplicationQueueOperation                    ActiveDirectory
046.Cmdlet          Get-ADReplicationSite                              ActiveDirectory
047.Cmdlet          Get-ADReplicationSiteLink                          ActiveDirectory
048.Cmdlet          Get-ADReplicationSiteLinkBridge                    ActiveDirectory
049.Cmdlet          Get-ADReplicationSubnet                            ActiveDirectory
050.Cmdlet          Get-ADReplicationUpToDatenessVectorTable           ActiveDirectory
051.Cmdlet          Get-ADResourceProperty                             ActiveDirectory
052.Cmdlet          Get-ADResourcePropertyList                         ActiveDirectory
053.Cmdlet          Get-ADResourcePropertyValueType                    ActiveDirectory
054.Cmdlet          Get-ADRootDSE                                      ActiveDirectory
055.Cmdlet          Get-ADServiceAccount                               ActiveDirectory
056.Cmdlet          Get-ADTrust                                        ActiveDirectory
057.Cmdlet          Get-ADUser                                         ActiveDirectory
058.Cmdlet          Get-ADUserResultantPasswordPolicy                  ActiveDirectory
059.Cmdlet          Install-ADServiceAccount                           ActiveDirectory
060.Cmdlet          Move-ADDirectoryServer                             ActiveDirectory
061.Cmdlet          Move-ADDirectoryServerOperationMasterRole          ActiveDirectory
062.Cmdlet          Move-ADObject                                      ActiveDirectory
063.Cmdlet          New-ADCentralAccessPolicy                          ActiveDirectory
064.Cmdlet          New-ADCentralAccessRule                            ActiveDirectory
065.Cmdlet          New-ADClaimTransformPolicy                         ActiveDirectory
066.Cmdlet          New-ADClaimType                                    ActiveDirectory
067.Cmdlet          New-ADComputer                                     ActiveDirectory
068.Cmdlet          New-ADDCCloneConfigFile                            ActiveDirectory
069.Cmdlet          New-ADFineGrainedPasswordPolicy                    ActiveDirectory
070.Cmdlet          New-ADGroup                                        ActiveDirectory
071.Cmdlet          New-ADObject                                       ActiveDirectory
072.Cmdlet          New-ADOrganizationalUnit                           ActiveDirectory
073.Cmdlet          New-ADReplicationSite                              ActiveDirectory
074.Cmdlet          New-ADReplicationSiteLink                          ActiveDirectory
075.Cmdlet          New-ADReplicationSiteLinkBridge                    ActiveDirectory
076.Cmdlet          New-ADReplicationSubnet                            ActiveDirectory
077.Cmdlet          New-ADResourceProperty                             ActiveDirectory
078.Cmdlet          New-ADResourcePropertyList                         ActiveDirectory
079.Cmdlet          New-ADServiceAccount                               ActiveDirectory
080.Cmdlet          New-ADUser                                         ActiveDirectory
081.Cmdlet          Remove-ADCentralAccessPolicy                       ActiveDirectory
082.Cmdlet          Remove-ADCentralAccessPolicyMember                 ActiveDirectory
083.Cmdlet          Remove-ADCentralAccessRule                         ActiveDirectory
084.Cmdlet          Remove-ADClaimTransformPolicy                      ActiveDirectory
085.Cmdlet          Remove-ADClaimType                                 ActiveDirectory
086.Cmdlet          Remove-ADComputer                                  ActiveDirectory
087.Cmdlet          Remove-ADComputerServiceAccount                    ActiveDirectory
088.Cmdlet          Remove-ADDomainControllerPasswordReplicationPolicy ActiveDirectory
089.Cmdlet          Remove-ADFineGrainedPasswordPolicy                 ActiveDirectory
090.Cmdlet          Remove-ADFineGrainedPasswordPolicySubject          ActiveDirectory
091.Cmdlet          Remove-ADGroup                                     ActiveDirectory
092.Cmdlet          Remove-ADGroupMember                               ActiveDirectory
093.Cmdlet          Remove-ADObject                                    ActiveDirectory
094.Cmdlet          Remove-ADOrganizationalUnit                        ActiveDirectory
095.Cmdlet          Remove-ADPrincipalGroupMembership                  ActiveDirectory
096.Cmdlet          Remove-ADReplicationSite                           ActiveDirectory
097.Cmdlet          Remove-ADReplicationSiteLink                       ActiveDirectory
098.Cmdlet          Remove-ADReplicationSiteLinkBridge                 ActiveDirectory
099.Cmdlet          Remove-ADReplicationSubnet                         ActiveDirectory
100.Cmdlet          Remove-ADResourceProperty                          ActiveDirectory
101.Cmdlet          Remove-ADResourcePropertyList                      ActiveDirectory
102.Cmdlet          Remove-ADResourcePropertyListMember                ActiveDirectory
103.Cmdlet          Remove-ADServiceAccount                            ActiveDirectory
104.Cmdlet          Remove-ADUser                                      ActiveDirectory
105.Cmdlet          Rename-ADObject                                    ActiveDirectory
106.Cmdlet          Reset-ADServiceAccountPassword                     ActiveDirectory
107.Cmdlet          Restore-ADObject                                   ActiveDirectory
108.Cmdlet          Search-ADAccount                                   ActiveDirectory
109.Cmdlet          Set-ADAccountControl                               ActiveDirectory
110.Cmdlet          Set-ADAccountExpiration                            ActiveDirectory
111.Cmdlet          Set-ADAccountPassword                              ActiveDirectory
112.Cmdlet          Set-ADCentralAccessPolicy                          ActiveDirectory
113.Cmdlet          Set-ADCentralAccessRule                            ActiveDirectory
114.Cmdlet          Set-ADClaimTransformLink                           ActiveDirectory
115.Cmdlet          Set-ADClaimTransformPolicy                         ActiveDirectory
116.Cmdlet          Set-ADClaimType                                    ActiveDirectory
117.Cmdlet          Set-ADComputer                                     ActiveDirectory
118.Cmdlet          Set-ADDefaultDomainPasswordPolicy                  ActiveDirectory
119.Cmdlet          Set-ADDomain                                       ActiveDirectory
120.Cmdlet          Set-ADDomainMode                                   ActiveDirectory
121.Cmdlet          Set-ADFineGrainedPasswordPolicy                    ActiveDirectory
122.Cmdlet          Set-ADForest                                       ActiveDirectory
123.Cmdlet          Set-ADForestMode                                   ActiveDirectory
124.Cmdlet          Set-ADGroup                                        ActiveDirectory
125.Cmdlet          Set-ADObject                                       ActiveDirectory
126.Cmdlet          Set-ADOrganizationalUnit                           ActiveDirectory
127.Cmdlet          Set-ADReplicationConnection                        ActiveDirectory
128.Cmdlet          Set-ADReplicationSite                              ActiveDirectory
129.Cmdlet          Set-ADReplicationSiteLink                          ActiveDirectory
130.Cmdlet          Set-ADReplicationSiteLinkBridge                    ActiveDirectory
131.Cmdlet          Set-ADReplicationSubnet                            ActiveDirectory
132.Cmdlet          Set-ADResourceProperty                             ActiveDirectory
133.Cmdlet          Set-ADResourcePropertyList                         ActiveDirectory
134.Cmdlet          Set-ADServiceAccount                               ActiveDirectory
135.Cmdlet          Set-ADUser                                         ActiveDirectory
136.Cmdlet          Sync-ADObject                                      ActiveDirectory
137.Cmdlet          Test-ADServiceAccount                              ActiveDirectory
138.Cmdlet          Uninstall-ADServiceAccount                         ActiveDirectory
139.Cmdlet          Unlock-ADAccount                                   ActiveDirectory

See Also

Active Directory: Get-ADUser Default and Extended Properties - Blogged by Richard Mueller

ADDS PowerShell (CMDLET , ADSI & .Net) to Expedite Your Tasks

Biswajit Biswas
My Blogs|TechnetWiki Ninja

Leave a Comment
  • Please add 6 and 2 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
  • Richard Mueller edited Revision 40. Comment: Replace RGB values with color names in HTML to restore colors

  • Richard Mueller edited Revision 39. Comment: Fix duplicate and blank headings in HTML to fix TOC

  • Richard Mueller edited Revision 31. Comment: Modified tags

  • Carsten Siemens edited Revision 25. Comment: Fixed misspelling

Page 1 of 1 (4 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
  • Get-ADUser –F * -Searchbase “OU=powershell,DC=Contoso,DC=Com“ | FT

  • Attributes of Users

    get-aduser -f * -pr lastlogontimestamp | ft samaccountname,lastlogontimestamp -auto

    Here's another example to get all the members of the Domain Admins group including the members of any child groups:

    get-adgroupmember "Domain Admins" -recursive

    Here's an example for creating a computer object:

    New-ADComputer -Name "SalesPC1" -SamAccountName "SalesPC1" -Path "OU=Computers,OU=Sales,DC=Contoso,DC=com" -Enabled $true -Location "Seattle,WA"

    To set the password for a user named Bill Gates, whose SAM account name is BillG, type this:

    Set-ADAccountPassword -Identity BillG

    If the full name of the user is Bill Gates and the samAccountName is BillG, this is what the output might look like:

    Set-ADAccountPassword -Identity BillG

    Please enter the current password for 'CN=Bill Gates,OU=Executives,DC=Contoso,DC=com'

    Password: ********

    Please enter the desired password for 'CN=Bill Gates,OU=Executives,DC=Contoso,DC=com'

    Password: ********

    Repeat Password: ********

    To unlock an account, I prefer to use the SAM account name rather than using the DN. For example, use this command:

    Unlock-ADAccount -Identity BillG

  • Revision: edited tags

  • This article has been highlighted in this week's Top Contributor Awards -

  • Thanks

  • Carsten Siemens edited Revision 25. Comment: Fixed misspelling

  • Help for a cmdlet

    Get-Command -Module TroubleshootingPack | Foreach-Object {get-help $ -Examples}

  • Richard Mueller edited Revision 31. Comment: Modified tags

  • Richard Mueller edited Revision 39. Comment: Fix duplicate and blank headings in HTML to fix TOC

  • Richard Mueller edited Revision 40. Comment: Replace RGB values with color names in HTML to restore colors

Page 1 of 1 (10 items)