In Part 1 we looked at the Get-ADUser command, and used it to create a list of all users and display their homedrive, homedirectory and scriptpath.
In this post we’ll look at refining the results a little.
We’ll look at sorting the results, only returning results for user accounts that have a login script, and export them to CSV, which is much more useful than exporting the results to a text file.
So, the final command we ended Part 1 with was the following and it returned a text file to us with a list of all users as seen in the image below (I’ve added a few more parameters to users in this example.
Try Get-ADUser -filter * -properties scriptpath, homedrive, homedirectory | ft Name, scriptpath, homedrive, homedirectory > C:\temp\users.txt
In this next example, I’ve added the where cmdlet to only return results that contain bat in the script path.
Try Get-ADUser -filter * -properties scriptpath, homedrive, homedirectory | where {$_.scriptpath -like “*bat*”} | ft Name, scriptpath, homedrive, homedirectory
Now for some reason we may want to sort the list by scriptpath, so we add in the sort-object cmdlet.
Try, Get-ADUser -filter * -properties scriptpath, homedrive, homedirectory | where {$_.scriptpath -like “*bat*”} | sort-object scriptpath | ft Name, scriptpath, homedrive, homedirectory
And finally, lets export the list to CSV so we can work on it in Excel. In this example we substitute, format table (ft) for select-object.
Try, Get-ADUser -filter * -properties scriptpath, homedrive, homedirectory | where {$_.scriptpath -like “*bat*”} | sort-object scriptpath | select-object Name, scriptpath, homedrive, homedirectory | Export-csv -path c:\temp\user-login-script-20130429.csv
Below are some links to invaluable Microsoft Technet references.
Get-ADUser can be found here: http://technet.microsoft.com/en-us/library/ee617241.aspx
Where cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee177028.aspx
Sort-Object cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee176968.aspx
Select-Object cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee176955.aspx
Export-csv cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee176825.aspx
Related Posts:
1. PowerShell: Get-ADUser to retrieve logon scripts and home directories – Part 1
2. PowerShell: Get-ADUser to retrieve password last set and expiry information
3. PowerShell: How to add all users in an OU to a Security Group using Get-ADUser and Add-ADGroupMember
4. PowerShell: Get-ADUser to retrieve disabled user accounts
This really helped me out, thanks – found this when searching which may also help others:
http://social.technet.microsoft.com/wiki/contents/articles/12037.active-directory-get-aduser-default-and-extended-properties.aspx
awesome, thanks for the good tips.. One question; how can I make the column width wider for the homedirectory column? It is trucating the content since it seems to default to ~30 characters. Thanks!
Hi Mike, if you use | ft it will truncate, i think if you use export-csv it won’t although I don’t have a home drive over 30 characters to test with at the moment.
Awesome, works great. Thanks Again
very helpful! thx for posting this
Thank you! Just wanted to mention that there is a space in this line that will make a copy/paste fail:
$_.scriptpath – like “*bat*”
should be:
$_.scriptpath –like “*bat*”
🙂
Thanks Jordan, it’s now been corrected.
Cheers,
Carl
How would I get this to filter only enabled users and not show disabled users?
You should be able to use the property “enabled”, I’ve not tested it though.
Carl
Great Article! Any chance that it can also be filtered by an AD security group along with the $_.scriptpath –like “*bat*”?
Many thanks. This helped a lot.
I’m within a AD forest, so perhaps those of you who are in the same situation can benefit from this (I don’t have the home drive in here):
Get-ADUser -SearchBase “ou=Users,ou=myorg,dc=mydomain,dc=com” -Filter * -properties scriptpath, homedirectory | sort-object scriptpath | select-object Name, scriptpath, homedirectory | Export-csv -path c:\temp\UsersAndtheirScripts.csv
Should be adding “-NoTypeInformation” to the end of the script like this:
Get-ADUser -filter * -properties scriptpath, homedrive, homedirectory | where {$_.scriptpath -like “*bat*”} | sort-object scriptpath | select-object Name, scriptpath, homedrive, homedirectory | Export-csv -path c:\temp\user-login-script-20130429.csv -NoTypeInformation
Good stuff! Thanks. The really useful thing would be to “run this against an input file” in a “ForEach” loop; something like: For each User in UserList…. In many cases, we may have a list of 120 users; and we need this info only for those users. All in all, this is great info, and good examples.
danijeljw – I’m sure your comment is useful, but what is the purpose of the “-NoTypeInformation” ?
One more excellent script would be not just “user password last set” – which I guess if it is “never”, then they’ve never used the account. Anyway, would be very good to find:
All users who have never logged in – i.e., UserLastLogin is null or never or whatever; and then also Enabled attribute – so that way, we get list of both –
1. Users who have never logged in, yet are still enabled (VERY bad! i.e. you’ve had an account for 2 years, but it’s never been logged into
2. Users who clearly are inactive / disabled.
For my purposes, I need both, bumped against a specific list of 30-100 users at each site, out of about 20,000 users.
We have groups of “site-based” (remote site) employees at warehouses and we need to run those lists against some decent scripts, to find who is disabled, never logged in, etc.