PowerShell: Get-ADUser to retrieve logon scripts and home directories – Part 2

PowerShellIn Part 1 we looked at the Get-ADUser command, and used it to create a list of all users and display their homedrive, homedirectory and scriptpath.

In this post we’ll look at refining the results a little.

We’ll look at sorting the results, only returning results for user accounts that have a login script, and export them to CSV, which is much more useful than exporting the results to a text file.

So, the final command we ended Part 1 with was the following and it returned a text file to us with a list of all users as seen in the image below (I’ve added a few more parameters to users in this example.

Try Get-ADUser -filter * -properties scriptpath, homedrive, homedirectory | ft Name, scriptpath, homedrive, homedirectory > C:\temp\users.txt

export to text from get-aduser

In this next example, I’ve added the where cmdlet to only return results that contain bat in the script path.

Try Get-ADUser -filter * -properties scriptpath, homedrive, homedirectory | where {$_.scriptpath -like “*bat*”} | ft Name, scriptpath, homedrive, homedirectory

get-aduser where scriptpath -like

Now for some reason we may want to sort the list by scriptpath, so we add in the sort-object cmdlet.

Try, Get-ADUser -filter * -properties scriptpath, homedrive, homedirectory | where {$_.scriptpath -like “*bat*”} | sort-object scriptpath | ft Name, scriptpath, homedrive, homedirectory

get-aduser sort-object

And finally, lets export the list to CSV so we can work on it in Excel. In this example we substitute, format table (ft) for select-object.

Try, Get-ADUser -filter * -properties scriptpath, homedrive, homedirectory | where {$_.scriptpath -like “*bat*”} | sort-object scriptpath | select-object Name, scriptpath, homedrive, homedirectory | Export-csv -path c:\temp\user-login-script-20130429.csv

get-aduser export to csv

export to csv from get-aduser

Below are some links to invaluable Microsoft Technet references.

Get-ADUser can be found here: http://technet.microsoft.com/en-us/library/ee617241.aspx

Where cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee177028.aspx

Sort-Object cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee176968.aspx

Select-Object cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee176955.aspx

Export-csv cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee176825.aspx

Related Posts:

1. PowerShell: Get-ADUser to retrieve logon scripts and home directories – Part 1

2. PowerShell: Get-ADUser to retrieve password last set and expiry information

3. PowerShell: How to add all users in an OU to a Security Group using Get-ADUser and Add-ADGroupMember

4. PowerShell: Get-ADUser to retrieve disabled user accounts

5. PowerShell: How to use Get-ADUser to list all recently created accounts (and recently changed accounts)

 

14 thoughts on “PowerShell: Get-ADUser to retrieve logon scripts and home directories – Part 2

  1. Mike

    awesome, thanks for the good tips.. One question; how can I make the column width wider for the homedirectory column? It is trucating the content since it seems to default to ~30 characters. Thanks!

  2. Jordan

    Thank you! Just wanted to mention that there is a space in this line that will make a copy/paste fail:
    $_.scriptpath – like “*bat*”

    should be:
    $_.scriptpath –like “*bat*”

    🙂

    1. OxfordSBSguy.com Post author

      You should be able to use the property “enabled”, I’ve not tested it though.
      Carl

  3. Elbert

    Great Article! Any chance that it can also be filtered by an AD security group along with the $_.scriptpath –like “*bat*”?

  4. Andrew

    Many thanks. This helped a lot.
    I’m within a AD forest, so perhaps those of you who are in the same situation can benefit from this (I don’t have the home drive in here):
    Get-ADUser -SearchBase “ou=Users,ou=myorg,dc=mydomain,dc=com” -Filter * -properties scriptpath, homedirectory | sort-object scriptpath | select-object Name, scriptpath, homedirectory | Export-csv -path c:\temp\UsersAndtheirScripts.csv

  5. danijeljw

    Should be adding “-NoTypeInformation” to the end of the script like this:

    Get-ADUser -filter * -properties scriptpath, homedrive, homedirectory | where {$_.scriptpath -like “*bat*”} | sort-object scriptpath | select-object Name, scriptpath, homedrive, homedirectory | Export-csv -path c:\temp\user-login-script-20130429.csv -NoTypeInformation

  6. Joe

    Good stuff! Thanks. The really useful thing would be to “run this against an input file” in a “ForEach” loop; something like: For each User in UserList…. In many cases, we may have a list of 120 users; and we need this info only for those users. All in all, this is great info, and good examples.

    danijeljw – I’m sure your comment is useful, but what is the purpose of the “-NoTypeInformation” ?

  7. Joe

    One more excellent script would be not just “user password last set” – which I guess if it is “never”, then they’ve never used the account. Anyway, would be very good to find:
    All users who have never logged in – i.e., UserLastLogin is null or never or whatever; and then also Enabled attribute – so that way, we get list of both –
    1. Users who have never logged in, yet are still enabled (VERY bad! i.e. you’ve had an account for 2 years, but it’s never been logged into
    2. Users who clearly are inactive / disabled.
    For my purposes, I need both, bumped against a specific list of 30-100 users at each site, out of about 20,000 users.
    We have groups of “site-based” (remote site) employees at warehouses and we need to run those lists against some decent scripts, to find who is disabled, never logged in, etc.

Comments are closed.