Reputation: 452
How do I select the extended properties of an [Active Directory] object?
I'm looking to pull a report of all our Active Directory accounts, include certain attributes/properties on each, and pipe it into a .csv file, so I can add formatting and filters (and so on like to) for management.
I've got a list of attributes that they want included (DisplayName, SamAccountName, Enabled, Created, AccountExpirationDate, LastLogonDate, PasswordLastSet, EmailAddress), most of which are extended properties of the Get-ADUser cmdlet. I first tried to grab them like the default attributes, as below:
Get-ADUser -Filter * -SearchBase "dc=somedomain,dc=tld" `
| select DisplayName, SamAccountName, Enabled, Created, AccountExpirationDate, LastLogonDate, PasswordLastSet, EmailAddress `
| export-csv c:\DominAccountsPasswordInfoDump.csv -NoTypeInformation
...but that didn't work, as extended properties "are only retrieved if they are specified in the -Properties parameter of the cmdlet", so I got a .csv with a bunch of blank columns.
Now my problem is that I don't know how to specify the -Properties parameter within my select statement, (I seem to get the below error message every way I try)
Select-Object : A parameter cannot be found that matches parameter name 'Parameters'.
And on thinking about the select-object part of that, I'm starting to wonder if I need to define each user object I read in (assign it a to $user variable, or something), at which point I figured I should probably ask for help before mucking around any further. Since searching Google and StackExchange didn't help, I'm asking here.
How do I select the extended properties of an AD user? (Ideally, using the one-line script/PowerShell command I've got above.)
Upvotes: 1
Views: 38555
Answers (1)
Reputation: 68341
You do that in the Get-ADUser cmdlet.
Example:'
$Properties =
@(
'DisplayName',
'SamAccountName',
'Enabled',
'Created',
'AccountExpirationDate',
'LastLogonDate',
'PasswordLastSet',
' EmailAddress'
)
Get-ADUser -Filter * -SearchBase "dc=somedomain,dc=tld" -Properties $Properties |
select $Properties |
export-csv c:\DominAccountsPasswordInfoDump.csv -NoTypeInformation
The select will then exclude the default properties you don't want to export.
Upvotes: 8
Related Questions
- Effective Access Active Directory Object Using PowerShell
- How do I get specific properties with Get-AdUser
- Pulling Properties from AD with Powershell
- Select-Object -Property returning empty values for certain most properties Powershell
- How do I reference an object's property in a Powershell Active Directory cmdlet?
- How to view all properties of an AD User object?
- Extract extensionAttribute from Computer properties in Active Directory
- Select AD member properties + extra column
- How to get object type/identifier?
- Powershell active directory properties