Get-aduser | Easy ways to get your user details



Get-aduser? what’s the use of it? One day, one of the clients came to us to ask for the user details like all the users in the domain, user’s properties, and users from particular OU, with their samaccountname, and user’s member of some of the groups.

And get aduser powershell cmdlet does the rest of the work, we only have to twik it to achieve our tasks.

In this article we would see how to get all the active directory users, their properties, group members and some of the error messages while achieving these tasks. And you could take them as get-aduser examples.

Requirements to use Get-aduser cmdlets

To use, Active Directory cmdlets in the powershell, we have to import module into the powershell and its called as Active Directory Module for Windows Powershell. It works pretty well with Powershell 2.0 and above.

Open the Powershell Window with Administrator Privileges, with Run As and import module with below command.

Import-Module Activedirectory

How to use "Filter" to retrieve user information

Our first requirement is to get all the users from Active Directory and get aduser will be useful for this.

Get-aduser –filter *

If you master -Filter parameter, you can retrieve all the objects properties flawlessly.

Be cautious to run this command in the Production environment having multiple objects. Or you will end up having bad performance issue on the domain controller. Use Ctrl+C on your keyboard to break the command if you do this in production.

Powershell command to getaduser with samaccountname

Get-ADUser –Identity “Samaccountname”

If you don’t use correct name or if account does not exists in Active Directory then you will get below error

Get-ADUser : Cannot find an object with identity:samaccountname

The above command will retrieve only few properties of the user account. To retrieve all the aduser properties with get-aduser command then use below one liner.

Powershell to get all aduser properties with samaccountname

Get-ADUser samaccountname -Properties *

Powershell to get aduser with particular OU

Our next task to achieve is to get adusers which are in the specific OU.

Let’s consider we would like to retrieve users from Canada OU. Then we will have to use below powershell command.

Get-ADUser -Filter * -SearchBase "OU=Canada,OU=UserAccounts,DC=FABRIKAM,DC=COM"

Powershell to get aduser by using filter parameter

If you would like to get all the computer accounts in our Active Directory, you can use below command

Get-adcomputer –filter *

In case, you would like to get all the aduser accounts which are having email addresses, below command will be useful.

Get-ADUser -Filter {EmailAddress -like "*"}

Email address with surname or firstname.

Get-ADUser -filter {(EmailAddress -like "*") -and (Surname -eq "Kamble")}

To display adusers who has firstname as “Nilesh”

Get-ADUser -filter {name -like "Nilesh*"}

How to calculate all active directory accounts?

Get-ADUser -Filter {SamAccountName -like "*"} | Measure-Object

How to list all the user properties with get-aduser and using -Filter and get result for DisplayName and Office

$Users =gc”C:scriptsUsers.txt”
?{ $Users -contains $_.SamAccountName}|


Powershell to get aduser with proxyaddresses

Now we have to get aduser which are having proxyaddresses. I found one liner on GitHub and below is the command for the same. If you wish to get proxy addresses in CSV format, then check here

Get-ADUser-Filter *-Properties proxyaddresses|Select-Object Name,@{L ="ProxyAddresses"; E = { $_.ProxyAddresses-join";"}} |Export-Csv-Path c:tempproxyaddresses.csv –NoTypeInformation

Reference :- Github

How to get aduser "memberof" parameters with Powershell

If we would like to get users group membership, then we would go to Active Directory => Select User object properties and go to member of tab, and can find out users group membership.

But what in case we would like get adusers and of which group they are member of?

Powershell is the best choice to achieve this task.

We have to now find the groups of which user is a member. For example, how many groups are in the memberof tab of the user “Test001”

get-aduser -Identity "name" -Properties MemberOf | Select-Object MemberOf

With this command we will only get DN of the groups, but we would not be able to get their names properly.

So, we can use below command to fulfill our requirements.

GET-ADUser -Identity USRNAME –Properties MemberOf | Select-Object -ExpandProperty MemberOf | Get-ADGroup -Properties name | Select-Object name

We will add more juice into it now, Can we get only security groups? And answer is, Yes Ofcourse dude.

Below powershell would help into it.

GET-ADUser -Identity usrname –Properties MemberOf | Select-Object -ExpandProperty MemberOf | Get-ADGroup -Properties name | where { $_.GroupCategory -eq "Security" } | sort | Select-Object name,GroupCategory

So, now we have clear picture of, how to get adusers which are member of groups.


Get-ADuser is really an helpful command for System Administrators and would be beneficial by twiking some of the commands to get good results.