PowerShell: Get-ADUser to retrieve logon scripts and home directories – Part 2

PowerShellIn Part 1 we looked at the Get-ADUser command, and used it to create a list of all users and display their homedrive, homedirectory and scriptpath.

In this post we’ll look at refining the results a little.

We’ll look at sorting the results, only returning results for user accounts that have a login script, and export them to CSV, which is much more useful than exporting the results to a text file.

So, the final command we ended Part 1 with was the following and it returned a text file to us with a list of all users as seen in the image below (I’ve added a few more parameters to users in this example.

Try Get-ADUser -filter * -properties scriptpath, homedrive, homedirectory | ft Name, scriptpath, homedrive, homedirectory > C:\temp\users.txt

export to text from get-aduser

In this next example, I’ve added the where cmdlet to only return results that contain bat in the script path.

Try Get-ADUser -filter * -properties scriptpath, homedrive, homedirectory | where {$_.scriptpath -like “*bat*”} | ft Name, scriptpath, homedrive, homedirectory

get-aduser where scriptpath -like

Now for some reason we may want to sort the list by scriptpath, so we add in the sort-object cmdlet.

Try, Get-ADUser -filter * -properties scriptpath, homedrive, homedirectory | where {$_.scriptpath -like “*bat*”} | sort-object scriptpath | ft Name, scriptpath, homedrive, homedirectory

get-aduser sort-object

And finally, lets export the list to CSV so we can work on it in Excel. In this example we substitute, format table (ft) for select-object.

Try, Get-ADUser -filter * -properties scriptpath, homedrive, homedirectory | where {$_.scriptpath -like “*bat*”} | sort-object scriptpath | select-object Name, scriptpath, homedrive, homedirectory | Export-csv -path c:\temp\user-login-script-20130429.csv

get-aduser export to csv

export to csv from get-aduser

Below are some links to invaluable Microsoft Technet references.

Get-ADUser can be found here: http://technet.microsoft.com/en-us/library/ee617241.aspx

Where cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee177028.aspx

Sort-Object cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee176968.aspx

Select-Object cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee176955.aspx

Export-csv cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee176825.aspx

Related Posts:

1. PowerShell: Get-ADUser to retrieve logon scripts and home directories – Part 1

2. PowerShell: Get-ADUser to retrieve password last set and expiry information

3. PowerShell: How to add all users in an OU to a Security Group using Get-ADUser and Add-ADGroupMember

4. PowerShell: Get-ADUser to retrieve disabled user accounts

5. PowerShell: How to use Get-ADUser to list all recently created accounts (and recently changed accounts)

 

14 thoughts on “PowerShell: Get-ADUser to retrieve logon scripts and home directories – Part 2

  1. Mike

    awesome, thanks for the good tips.. One question; how can I make the column width wider for the homedirectory column? It is trucating the content since it seems to default to ~30 characters. Thanks!

    Reply
  2. Jordan

    Thank you! Just wanted to mention that there is a space in this line that will make a copy/paste fail:
    $_.scriptpath – like “*bat*”

    should be:
    $_.scriptpath –like “*bat*”

    🙂

    Reply
  3. Elbert

    Great Article! Any chance that it can also be filtered by an AD security group along with the $_.scriptpath –like “*bat*”?

    Reply
  4. Andrew

    Many thanks. This helped a lot.
    I’m within a AD forest, so perhaps those of you who are in the same situation can benefit from this (I don’t have the home drive in here):
    Get-ADUser -SearchBase “ou=Users,ou=myorg,dc=mydomain,dc=com” -Filter * -properties scriptpath, homedirectory | sort-object scriptpath | select-object Name, scriptpath, homedirectory | Export-csv -path c:\temp\UsersAndtheirScripts.csv

    Reply
  5. danijeljw

    Should be adding “-NoTypeInformation” to the end of the script like this:

    Get-ADUser -filter * -properties scriptpath, homedrive, homedirectory | where {$_.scriptpath -like “*bat*”} | sort-object scriptpath | select-object Name, scriptpath, homedrive, homedirectory | Export-csv -path c:\temp\user-login-script-20130429.csv -NoTypeInformation

    Reply
  6. Joe

    Good stuff! Thanks. The really useful thing would be to “run this against an input file” in a “ForEach” loop; something like: For each User in UserList…. In many cases, we may have a list of 120 users; and we need this info only for those users. All in all, this is great info, and good examples.

    danijeljw – I’m sure your comment is useful, but what is the purpose of the “-NoTypeInformation” ?

    Reply
  7. Joe

    One more excellent script would be not just “user password last set” – which I guess if it is “never”, then they’ve never used the account. Anyway, would be very good to find:
    All users who have never logged in – i.e., UserLastLogin is null or never or whatever; and then also Enabled attribute – so that way, we get list of both –
    1. Users who have never logged in, yet are still enabled (VERY bad! i.e. you’ve had an account for 2 years, but it’s never been logged into
    2. Users who clearly are inactive / disabled.
    For my purposes, I need both, bumped against a specific list of 30-100 users at each site, out of about 20,000 users.
    We have groups of “site-based” (remote site) employees at warehouses and we need to run those lists against some decent scripts, to find who is disabled, never logged in, etc.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.