A great many users are confused about the Get-ADUser cmdlet in PowerShell. What is it? How to get AD User using the PowerShell Get-ADUser cmdlet? Now, let’s explore the answers together with MiniTool.
As it’s well known to us all, PowerShell is a great Windows built-in command-line shell and script-running tool. Users can make full use of specific PowerShell cmdlets to deal with various works such as change directory in PowerShell, get user group membership PowerShell, get disk space PowerShell, run exe PowerShell, install SSH PowerShell, and more.
However, lots of users and even professionals are unclear about these PowerShell cmdlets. This post will explain the PowerShell Get-ADUser cmdlet and show you how to get AD User PowerShell on Windows 10/11. Let’s keep reading.
What is gpupdate force? How to force Group Policy update in Command Prompt and PowerShell? This post will explain the force Group Policy update in detail.
What Is PowerShell Get-ADUser
First of all, it’s necessary to figure out what the PowerShell Get ADUser cmdlet is used for. This cmdlet is used to find a specified user object or multiple user accounts in the Active Directory and extract information from them.
The PowerShell Get ADUser command comes with different parameters to get the AD user accounts. Here we will explain the definition of these PowerShell parameters as follows:
- Identity: It’s mainly used to find an AD User account based on its identity and return only a single user account.
- Properties: It can be used to retrieve a default set of user object properties.
- Filter: It’s used to find multiple user accounts based on a query.
- LDAPFilter: It can filter the user accounts using an LDAP query string.
- SearchBase: It can specify the Active Directory path (OU) to search in.
- SearchScope: It’s used to specify the depth you want to search, including base level, one level, or complete subtree.
How to Get AD Users PowerShell in Windows 10/11
Now, you should have an overall understanding of the Get-ADUser cmdlet. How to get and export the user account of Active Directory with PowerShell Windows 10/11? Here we summarize several common examples based on different PowerShell Get ADUser parameters.
Before You Do
Before you use the PowerShell Get-ADUser cmdlet on Windows 10/11, you need to have the Active Directory Module installed in PowerShell. It’s very simple to operate by the following guide.
Step 1. Press the Win + R keys to open the Run box, and then type powershell in it and press Ctrl + Shift + Enter keys. Then click on Yes to open the elevated PowerShell window.
Step 2. In the pop-up window, type the following command and hit Enter to let PowerShell install Active Directory Module on Windows 10/11.
Add-WindowsCapability –online –Name “Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0”
All the following examples are performed on the false AD user names. In reality, you need to replace the name with your actual name.
# Example 1. Find a Specific AD User via the Identity/Properties
If you know the user’s account name or login name, you can view the properties of the Account using the “-identity” parameter. To do this work, you just need to type the following command in PowerShell and hit Enter.
Get-ADUser -identity ariel
To get some basic information about the user account, you can run the “Get-ADUser properties” parameter as follows:
Get-ADUser -identity ariel -Properties *
# Example 2. Get AD Users via the Filter
The Filter parameter can help you filter the result of the AD users you find in PowerShell. Here are the most commonly used Get-ADUser filter examples. For that.
- Get-ADUser -Filter "GivenName -eq 'Ariel'" (filter the AD user by the first name like Ariel)
- Get-ADUser -Filter "Surname -eq 'Baker'" (filter the AD user by the last name like Baker)
PowerShell Get-ADUserIf you have known a part of the AD user name, you can use the “-like” parameter in combination with a wild card “*”.
Get-ADUser -Filter "name -like '*Cici*'"
If you want to find all AD user accounts based on their failed login attempts, you can run the following command.
Get-ADUser -Filter "badpwdcount -ge 3"
If you want to search for all AD users that don’t have any data in the email field, you can try the following command.
Get-ADUser -Filter "Email -notlike '*'" | ft
# Example 3. Get AD Users via the SearchBase
The SearchBase parameter can help you narrow down the search results especially when you have a lot of AD user accounts. To do so, you need to check the Active Directory structure first and run specific commands. Here is an example of how to get all AD users from the Marketing OU.
Get-ADUser -Filter * -SearchBase "OU=Marketing,OU=MiniTool,OU=Sites,DC=Partition,DC=NL" | ft
# Example 4. Get AD Users via the SearchScope
This parameter can help you get all AD users from a specified OU and nested OU’s. For example, if you want to get all users from the MiniTool OU but not from the nested OU, you can run the following command.
Get-ADUser -Filter * -SearchBase "OU=MiniTool,OU=Sites,DC=Partition,DC=NL" | ft
If you just want to get the users from the MiniTool OU, you can limit the SearchBase to the current level by the following command.
Get-ADUser -Filter * -SearchBase "OU=Marketing,OU=MiniTool,OU=Sites,DC=Partition,DC=NL" -SearchScope OneLevel | ft
How to rename file CMD on Windows 10/11? Now, you come to the right place. This post will explain the CMD rename file operation in detail.
Further reading: If you enter some issues like file system corruption and low disk space on Windows 10/11, don’t worry. MiniTool Partition Wizard can help you fix them easily by checking file system errors, extending/resizing partitions, analyzing disk space, upgrading to a larger hard disk, etc.