Get Active Directory User Information in PowerShell

Posted on

One feature that PowerShell will likely be missing when it first ships is solid support for ADSI and working with Active Directory. You can use .NET DirectoryEntry objects but it feels more like programming and less like scripting. Another option for working with Active Directory in PowerShell is to use WMI. PowerShell does have a great Get-Wmiobject cmdlet. We can use it connect to the LDAP WMI namespace on a domain controller and get information.

Manage and Report Active Directory, Exchange and Microsoft 365 with
ManageEngine ADManager Plus - Download Free Trial

Exclusive offer on ADManager Plus for US and UK regions. Claim now!

This script will prompt you, using the Read-Host cmdlet, for user credentials, domain controller and the sAMAccountname of a user object in Active Directory. With this information we use Get-Wmiobject and connect to the root\directory\ldap namespace. The output is filtered using Where to only return the user we're seeking. The script will then display all all the WMI properties and their values for this object. This is a handy way of learning the attribute names so you can create more refined scripts. The script will prompt you for a filename. If you specify one, then the output will also be saved to the file as well as displayed on the screen.

#GetUserProperties.ps1

$user=read-host "What user credentials do you want to use for" `
"authentication to the "`n"domain controller? Use format domain\username"
$cred=get-credential $user
$server=read-host "What domain controller do you want to connect to?"
$account=Read-Host "What is the sAMAccountname you want to find?"

$rc=read-host "Do you also want to save output to a text file? Enter Y to save"
if ($rc -eq "Y") {
$file=read-host "Enter the filename and path"
write-host "Connecting to" $server "as" $user
get-wmiobject -class ds_user -namespace root\directory\ldap `
-computername $server -credential $cred `
|where {$_.DS_sAMAccountName -eq $account} | tee-object -file $file
}
else {
write-host "Connecting to" $server "as" $user
get-wmiobject -class ds_user -namespace root\directory\ldap `
-computername $server -credential $cred `
|where {$_.DS_sAMAccountName -eq $account}
}

Technorati Tags:




Behind the PowerShell Pipeline

2 thoughts on “Get Active Directory User Information in PowerShell

  1. Hi Jeff, I get the following error:

    Get-WmiObject : Invalid parameter
    At C:\_Sysadmin\Code\PowerShell\GetUserProperties.ps1:19 char:14
    + get-wmiobject <<<< -class ds_user -namespace root\directory\ldap ` Can you tell me which parameter is invalid? Is it class or namespace? If it’s namespace, where do I find it, and what format should it be?

  2. I had to go back and do some digging to find this. What I originally posted works for me. I’m assuming you are you specifying a domain controller you can reach. What version of Windows is it running? My other thought is that you simply have a formatting issue. I had used the ` line continuation character to break lines up but see if this one long line command works any better:
    get-wmiobject -class ds_user -namespace root\directory\ldap -computername $server -credential $cred |where {$_.DS_sAMAccountName -eq $account}

Comments are closed.