Get-AdUser - Get Active Directory Users using PowerShell - ShellGeek (2023)

The Get-AdUser cmdlet in PowerShell is used to get one or more active directory users. An Active Directory Get-AdUser retrieves a default set of user properties. Using the Identity parameter, you can specify the active directory user to get its properties.

Get-AdUser is a powerful cmdlet to get-aduser all properties, get user using samaccountname and use the get-aduser filter parameter to get specific user object.

Using the Get-AdUser Identity parameter, you can perform a search to get specific ad users.

Get-AdUser - Get Active Directory Users using PowerShell - ShellGeek (1)

In this article, I will explain the Get-ADUser cmdlet to get active directory user objects with different examples.

Note: To use PowerShell Get-ADUser cmdlet, requires the Active Directory add-on module to be installed.

Let’s understand the PowerShell Get-AdUser cmdlet with syntax and examples.

Let’s practice!

Table of Contents hide

1Get-AdUser Syntax

2Get-AdUser Examples

3Get-AdUser All Properties

4Get AdUser Default and Extended Properties

5Get-AdUser using SAMAccountName

6Get-AdUser in Specific OU (Organizational Unit)

(Video) Get-ADUser Examples: How to Find AD Users with PowerShell

7Export Ad users to CSV file

8Get-AdUser Password Last Set Older than X Days

9Get AdUser Manager Name

10Get-Aduser AccountExpirationDate

11Get AdUser BadPwdCount

12Get AdUser Manager SamAccountName


14Recommended Content

Get-AdUser Syntax

Active Directory Get-AdUser syntax

Get-ADUser [-AuthType <ADAuthType>] [-Credential <PSCredential>] -Filter <String> [-Properties <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [<CommonParameters>]Get-ADUser [-AuthType <ADAuthType>] [-Credential <PSCredential>] [-Identity] <ADUser> [-Partition <String>] [-Properties <String[]>] [-Server <String>] [<CommonParameters>]Get-ADUser [-AuthType <ADAuthType>] [-Credential <PSCredential>] -LDAPFilter <String> [-Properties <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [<CommonParameters>]


Get-AdUser is used to get one or more active directory objects or perform a search to get specific users.

AuthType– authentication method to use based on either Basic (or 1) or Negotiate (or 0).

SSL (Secure Socket Layer) connection is required to use the Basic Authentication method.

CredentialPSCredential – It specifies user credentials required to perform the get-aduser cmdlet. It default accepts the credentials of logged-on users.

To use the Credential parameter, use username as User1 or domain\User1 or you can create and usePSCredentialobject by usingGet-Credentialcmdlet.

-Identity– It specifies ad user by using property value

  • Distinguished Name
  • SAMAccountName
  • Security Identifier
  • GUID

The identifier specified in parenthesis is the LDAP display name.

(Video) Get All Active Directory Users Details - Using PowerShell

-Partition– It specifies the distinguished name of an active directory partition.

Filter– It specifies a query string (PowerShell Expression Language Syntax) to retrieve Active Directory objects. PowerShell wildcards other than * are not supported byfiltersyntax.

-LDAPFilter– LDAPFilter query string is used to filter Active Directory objects.

Get-AdUser cmdlet returns the default set of properties. However, if you want to get all properties, use the Properties parameter.

Let’s understand using the PowerShell Get-AdUser with different examples.

Get-AdUser Examples

Get-AdUser cmdlet gets active directory user information. This cmdlet is used to get aduser all properties, get-aduser using userprincipalname, get active directory login details report, and so on.

Get-AdUser All Properties

Using the Properties parameter, you can get all properties.

Get-ADUser -Identity Toms -Properties *

In the above get aduser example, Get-AdUser gets all properties of SAMAccountName user specified by the Identity parameter.

It prints user properties on the console.

Get-AdUser - Get Active Directory Users using PowerShell - ShellGeek (2)

Get AdUser Default and Extended Properties

Get-AdUser cmdlet retrieves a default set of user account properties.

Using the Get-Member cmdlet, you can get a list of the default sets of properties for a Get-AdUser object.

Get-AdUser <user> | Get-Member

Get-Member cmdlet gets the members, properties, and methods of an ad user account object.

You can get the most commonly used Get-AdUser properties.

Get-AdUser <user> -Properties Extended | Get-Member

Using the Extended parameter, you can get aduser extended properties.

You can get a list of all aduser object properties.

Get-AdUser <user> -Properties * | Get-Member

Get-AdUser using SAMAccountName

Using the Get-Aduser Filter parameter, you can get ad user using SAMAccountName.

Get-ADUser -Filter "samaccountname -like 'Toms'"

In the above PowerShell get aduser script, Get-AdUser cmdlet gets aduser samaccountname like Toms using the filter parameter

It returns the user properties like Name, SID, and UserPrincipalName.

DistinguishedName : CN=Tom Smith,OU=SALES,DC=SHELLPRO,DC=LOCALEnabled : TrueGivenName : TomName : Tom SmithObjectClass : userObjectGUID : 1f3a2572-2621-4e47-9bdf-81d1f8172f69SamAccountName : tomsSID : S-1-5-21-1326752099-4012446882-462961959-1103Surname : SmithUserPrincipalName : [emailprotected]

Get-AdUser in Specific OU (Organizational Unit)

You can get a list all adusers in specific OU (OrganizationalUnit) using the PowerShell Get-AdUser SearchBase parameter.

 Get-ADUser -SearchBase "OU=HR,DC=SHELLPRO,DC=LOCAL" -Filter * -Properties Name

In the above PowerShell get-aduser searchbase script, it gets a list of all users in specific OU specified by the Get-AdUser SearchBase parameter and filter parameter.

The output of the above adusers in specific OU.

DistinguishedName : CN=Erick Jones,OU=HR,DC=SHELLPRO,DC=LOCALEnabled : TrueGivenName : ErickName : Erick JonesObjectClass : userObjectGUID : 43551543-0214-4656-bd18-9f2dec5f8076SamAccountName : ErickJSID : S-1-5-21-1326752099-4012446882-462961959-1105Surname : JonesUserPrincipalName : [emailprotected]DistinguishedName : CN=Gary Willy,OU=HR,DC=SHELLPRO,DC=LOCALEnabled : TrueGivenName : GaryName : Gary WillyObjectClass : userObjectGUID : a65bc140-d8dc-43b9-988d-2c0afa163be1SamAccountName : garywSID : S-1-5-21-1326752099-4012446882-462961959-2601Surname : WillyUserPrincipalName : [emailprotected]

Export Ad users to CSV file

To export ad users to a CSV file, use Get-AdUser to list all user properties, and use the Export-CSV cmdlet to export ad users to a CSV file on the path specified.

 Get-ADUser -SearchBase "OU=HR,DC=SHELLPRO,DC=LOCAL" -Filter * -Properties Name | Select-Object Name, DistinguishedName,Enabled,UserPrincipalName,SamAccountName| Export-Csv -Path C:\get-adusers.csv -NoTypeInformation

In the above PowerShell get ad user script,

Get-AdUser gets list of all users in specified OU using the Get-AdUser SearchBase parameter and passes the output to the second command.

(Video) Get ADUser information using PowerShell

The second command use Select-Object to get name, distinguishedname, enabled, userprincipalname, and samaccountname and pass output to the third command.

The third command uses PowerShell Export-Csv cmdlet to export a list of adusers to a CSV file on the path specified.

the output of export ad users to CSV file as below in CSV

"Name","DistinguishedName","Enabled","UserPrincipalName","SamAccountName""Erick Jones","CN=Erick Jones,OU=HR,DC=SHELLPRO,DC=LOCAL","True","[emailprotected]","ErickJ""Gary Willy","CN=Gary Willy,OU=HR,DC=SHELLPRO,DC=LOCAL","True","[emailprotected]","garyw"

Get-AdUser Password Last Set Older than X Days

You can get list of adusers passwords last set older than specified days.

Get-ADUser -Filter 'Enabled -eq $True' -Properties PasswordLastSet | Where-Object {$_.PasswordLastSet -lt (Get-Date).adddays(-90)} | select Name,SamAccountName,PasswordLastSet

In the above PowerShell script, the Get-AdUser cmdlet gets a list of ad users who are active using Enabled Property.

Enabled property used to get aduser is active or disabled in active directory.

The second command use Where-Object to check the PassWordLastSet attribute less than 90 days using the Get-Date cmdlet and passes the output to the third command.

Third command select name, samaccountname, and passwordlastset properties to console.

The output of the above PowerShell script to get aduser password last set older than 90 days are as below

Name SamAccountName PasswordLastSet---- -------------- ---------------Gary Willy garyw 4/25/2021 6:55:50 PMJohn Smith johns 4/20/2021 1:08:57 PM

Get AdUser Manager Name

To get aduser manager name in an active directory, run the following command

 get-aduser -Identity chrisd -Properties * | select SAMAccountname, @{Name='Manager';Expression={(Get-ADUser ($_.Manager)).SAMAccountname}}

In the above PowerShell script, Get-AdUser gets user properties for the user using the identity parameter and passes the output to the second command.

Second command select SAMAccountName of given active directory user and use the expression to get manager name using Manager attribute.

The output of the above Get-AdUser Manager name as below

SAMAccountname Manager-------------- -------chrisd toms

Get-Aduser AccountExpirationDate

You can use AccountExpirationDate to get aduser account expiration date.

Get-ADUser -filter * -properties AccountExpirationDate | sort Name | ft Name,AccountExpirationDate

In the above PowerShell script, Get-AdUser gets a list of all users.

It retrieves the AccountExpirationDate property and passes the output to the second command.

Second command sort user by Name and print it on the console.

Name AccountExpirationDate---- ---------------------Chris Dore 8/1/2021 12:00:00 AMErick JonesGary Willy

Other aduser doesn’t have an account expiration set hence they have an empty value.

Cool Tip: How to use remove-aduser to delete aduser in PowerShell!

Get AdUser BadPwdCount

Often aduser tried login into the system using the old password, which results in the account being locked out.

Active Directory user account has badpwdcount attribute which stores bad password attempts count.

By default, it has a 0 value. badpwdcount attribute increment value when a user attempts a bad password.

badpwdcount value reset to 0 on successful login.

To get aduser badpwdcount, use PowerShell script

 Get-ADUser -Identity Toms -Properties * | Select-Object badpwdcount

It gets the user specified using the identity parameter and returns the user account badpwdcount

(Video) PowerShell - Get all Active Directory Users with Powershell and export to CSV-File

Get AdUser Manager SamAccountName

Using the Get-AdUser, you can get aduser manager samaccountname.

The user has a manager attribute which contains a manager distinguished name.

To get aduser manager samaccountname for the user, run the following script

$user = "garyw"$Manager = get-aduser $user -properties * | Select -ExpandProperty Managerget-aduser $Manager -properties * | Select SamAccountName,DisplayName

In the above PowerShell script to get aduser garyw manager samaccountname,

$user variable stores user name.

The second command uses the Get-AdUser command to get aduser all properties. It selects a manager and stores them in $Manager variable.

The third command again uses the Get-AdUser to get aduser manager samaccountname and manager display name.


I hope the above guide on PowerShell Get-ADUser cmdlet in an active directory is helpful to you while using it in your daily task to get active directory users, get-aduser all properties, and many more.

You can get the default set of aduser properties. To get additional properties, use the Property parameter.

You can use filter or Ldapfilter parameter to search for one or more ad users from the active directory using PowerShell expression language.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.

Recommended Content

Get AdUser All Properties – Get all of the properties for the aduser in PowerShell.

Get AdUsers Enabled – Get Adusers enabled in the Active Directory.

Get-AdUser Email Address

Get AdUser LDAP FIlter – Get active directory users using LDAP Filter

Get AdUsers Exclude OU – Get AdUsers and exclude specific OU.

Get AdUser Description – Get AdUser description from the active directory.

Get AdUser DistinguishedName – Get AdUser distinguished name from the active directory.

Convert SID to UserName – Get user name from SID using PowerShell and Command line

Get AdUser Multiple Users – Get Multiple User Properties in Active Directory

Get AdUser Format Table – Format the list of adusers in table output.

Get AdUser Filter with Multiple Attributes – Get a list of adusers filter with multiple attributes.

Get AdUser Sort by SAMAccountname

Get AdUser pipe to Add-AdGroupMember – Get aduser and add a user to ad group as member.

Get AdUser Count – Get active directory user count, active user count, enabled user count

(Video) Automate Active Directory with PowerShell Tutorial 3 : Getting AD Users


How to get list of users in Active Directory using PowerShell? ›

To get the domain user list, you can use the Get-ADUser command. To run this command you need to make sure that you have the RSAT (Remote Server Administration Tools) installed on the computer. The above command will get all users from the active directory domain.

How can I get a list of active users in AD? ›

Searching for Active Directory user accounts in ADUC

Click Find Now and then sort the 'Type' column until 'User' is displayed. You will then see all your true user accounts.

How do I download AD user details in PowerShell? ›

Here are the steps to export Active Directory users to CSV.
  1. Step 1: Get-ADUser PowerShell Command. To export users with PowerShell, the Get-ADUser cmdlet is used. ...
  2. Step 2: Export to CSV command. ...
  3. Step 3: Export specific user attributes. ...
  4. Step 4: How to export all users. ...
  5. Step 5: Export Users from a specific OU.
Jan 19, 2023

How to query Active Directory using PowerShell? ›

If the Active Directory Management module is installed in Windows 10/11 or Windows Server 2019/2022, you can also access specific Active Directory (AD) information in PowerShell. The "Get-Command Get-Ad*" command already shows numerous cmdlets that can display information from Active Directory.

How can I get a list of all users? ›

Open Computer Management, and go to “Local Users and Groups -> Users.” On the right side, you get to see all the user accounts, their names as used by Windows behind the scenes, their full names (or the display names), and, in some cases, also a description.

How do I get a list of members of a distribution list in PowerShell? ›

Use the Get-DistributionGroupMember cmdlet to view the members of distribution groups and mail-enabled security groups.

How do I find Active Directory users and groups? ›

To access the People page, click Directory > People.
  1. In the Admin Console, go to Directory > Directory Integrations.
  2. Click Active Directory and then click the Assignments tab.
  3. Optional. To view only the people or groups associated with an Active Directory (AD) instance, click People or Groups in the Filters list.

What is the command to get user details in ADDS? ›


This command allows us to get the information from a specific user identity in AD or a collection of users with either an array or the wildcard (*) character to get the information of all the users in Active Directory.

How can I check aad user? ›

To download a list of users
  1. Sign in to your Azure AD organization.
  2. Navigate to Azure Active Directory > Users.
  3. In Azure AD, select Users > Download users. By default, all user profiles are exported.
  4. On the Download users page, select Start to receive a CSV file listing user profile properties.
Aug 18, 2022

How do I export AD user details? ›

' All you need to do is open ADUC, navigate to your desired OU, and click the Export List button. This will export all of the accounts in the OU to a tab delimited text file. If you want to view the data in CSV form just change the extension from .

How do I get a list of all domain controllers in PowerShell? ›

To list all domain controllers the Get-ADDomainController PowerShell cmdlet is used. The Get-ADDomainController cmdlet can get all domain controllers or list specific ones with the various search parameters.

How do I find inactive computers and users in Active Directory with PowerShell? ›

You can use the Get-ADUser, Get-ADComputer, or Get-ADObject cmdlets to find inactive objects in AD. However, creating the correct filter for these commands can be tricky. The ActiveDirectory PowerShell module has a more convenient cmdlet for performing these tasks – Search-ADAccount.

How to find disabled users in Active Directory using PowerShell? ›

Using the Search-ADAccount cmdlet:

Run Netwrix Auditor → Navigate to “Reports” → Expand the “Active Directory” section → Go to “Active Directory – State-in-Time” → Select “User Accounts” → Click “View” → Set the “Status” parameter to “Disabled” → Click “View Report”.

Which command can list all users? ›

List Users with cat Command. The cat command provides a straightforward way to list the contents of the /etc/passwd file. The system outputs the entire file with all the users on the system.

How do I see all users on my domain? ›

List all Users and Groups in Domain
Jan 8, 2009

How to check domain user details in cmd? ›

Open the Start menu, then type cmd in the Search box and press Enter. In the command line window that appears, type set user and press Enter. Look at the USERDOMAIN: entry. If the user domain contains your computer's name, you're logged in to the computer.

How can you find out what distribution lists or groups a user belongs to PowerShell? ›

Find All Office 365 Group Memberships of a User using PowerShell
  1. Under the “Users” tab, search and find the user you are interested in.
  2. Click on the user name to open user properties >> In the user properties pane, click on “Manage groups” under “Groups”.
  3. This gets you all Office 365 groups a user is a member of.
Jan 9, 2023

How do I export a list of members from ad group in PowerShell? ›

In this first example, I'll show you how to export Active Directory group members using the Get-ADGroupMember PowerShell cmdlet.
  1. Step 1: Load the Active Directory Module. ...
  2. Step 2: Find AD Group. ...
  3. Step 3: Use Get-AdGroupMember to list group members. ...
  4. Step 4: Export group members to CSV file.
Jan 15, 2023

How do I print a list of members in a distribution list? ›

How to Print a Distribution List in Microsoft Outlook
  1. Click the "Contacts" option in Outlook to see your list of contacts.
  2. Scroll to the distribution list you want to print and right-click the name of the group.
  3. Click "Quick Print" to print the list.

How to get AD group members list using CMD? ›

To List All the Users in a Particular Group: Run Netwrix Auditor → Navigate to “Reports” → Click “Predefined” → Expand the “Active Directory” section → Go to “Active Directory – State-in-Time” → Select “Group Members” → Click “View”.

How to find Active Directory Users and computers in Windows 10? ›

Go ahead and click the Start button, scroll down in the list towards the bottom where you'll find 'Windows Administrative Tools'. Click that folder and you'll see 'Active Directory Users and Computers. ' Select it and you're in!

How do I find members of an LDAP group? ›

To list the members of a group on your directory server, specify the user/member attributes in your search filter. For example, to find all the members of the "Administrators" group: ldap. DN = "CN=Administrators,CN=Builtin,DC=DOMAIN"; ldap.

How do I get all Azure AD user properties in PowerShell? ›

The cmdlet you need for that is Get-AzureADUserManager. OfficeLocation is exposed via PowerShell as PhysicalDeliveryOfficeName.

How do I get Azure AD group members in powershell? ›

To get a group, specify the Id parameter. Specify the SearchString or Filter parameter to find particular groups. If you specify no parameters, this cmdlet gets all groups. The Get-AzureADGroupMember cmdlet gets a member of a group in Azure Active Directory (AD).

How do I get a list of directories in PowerShell? ›

To get a list of directories, use the Directory parameter or the Attributes parameter with the Directory property. You can use the Recurse parameter with Directory.

What PowerShell command lists all of the contents of a directory? ›

Like the Windows command line, Windows PowerShell can use the dir command to list files in the current directory. PowerShell can also use the ls and gci commands to list files in a different format.

How do I get a list of local administrators in PowerShell? ›

To find local administrators with PowerShell you can use the Get-LocalGroupMember command. The above example is running the command on the local computer. To run on a remote computer you can use the invoke-command. For this command to work you will need to have PowerShell Remoting enabled.

How do I enable Active Directory users and Computers in PowerShell? ›

Enabling ADUC on Windows 10 version 1803 or below
  1. Open the Control Panel from the Start menu (or press Win-X).
  2. Go to Programs > Programs and Features > Turn Windows features on or off.
  3. Go to Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools.
  4. Check the AD DS Tools box and click OK.
Jan 30, 2017

How do I know if a user is active or not in Active Directory? ›

Run Netwrix Auditor → Navigate to "Reports" → Expand the "Active Directory" section → Go to "Active Directory – State-in-Time" → Select "User Accounts" → Click "View" → Type the user's logon name in the “Logon Name” filter → Click "View Report".

How can I see active users? ›

See Active Users data
  1. Sign in to Google Analytics.
  2. Navigate to your view.
  3. Open Reports.
  4. Select Audience > Active Users.

How do I export a list from Active Directory? ›

All you need to do is open ADUC, navigate to your desired OU, and click the Export List button. This will export all of the accounts in the OU to a tab delimited text file.

How do you display all active users in your system? ›

who command – Display information about users who are currently logged in. users command – See the login names of the users currently on the system, in sorted order, space separated, on a single line. It reads all information from /var/run/utmp file.

How do I track daily active users? ›

DAU, or Daily Active Users, is calculated by counting the unique number of daily users who are tagged as "active" in your product. You can also calculate the average DAU by dividing the total DAU for the month by the number of days in the month.

How to check active users in cmd? ›

Method 1: See Currently Logged in Users Using Query Command

Press the Windows logo key + R simultaneously to open the Run box. Type cmd and press Enter. When the Command Prompt window opens, type query user and press Enter. It will list all users that are currently logged on your computer.

How to get user name in cmd? ›

In the box, type cmd and press Enter. The command prompt window will appear. Type whoami and press Enter. Your current user name will be displayed.

How do I get a list of active users in Office 365? ›

How to get to the Active Users report
  1. In the admin center, go to the Reports > Usage page.
  2. From the dashboard homepage, click on the View more button on the Active users - Microsoft 365 Services card.
Oct 25, 2022

How to export all user attributes from Active Directory PowerShell? ›

Let's go through the steps and export Active Directory users to CSV file with PowerShell.
  1. Step 1: Prepare export AD users PowerShell script. Download and place Export-ADUsers. ...
  2. Step 2: Run export AD users PowerShell script. Run PowerShell as administrator. ...
  3. Step 3: Open AD users report CSV file.
6 days ago

Can you export Active Directory users? ›

To export user information from Active Directory to a CSV file, you will need access to run the CSVDE tool on a Windows Server running Active Directory in your domain. If you want to export only a single organizational unit (OU), type the following command in the command prompt, instead of the one shown above.

How do I export and import users in Active Directory? ›

Import users and groups from Microsoft Active Directory
  1. In the C2 Identity Admin Portal, go to the User page.
  2. Click Add > Import users/groups > From Active Directory.
  3. Click Download and move the export tool to your desired location.
  4. Launch the export tool. ...
  5. Open the CSV file and check its format:
Apr 7, 2022

Which command is used to get all users? ›

Users command is used to print the user name who are all currently logged in the current host.

How do you display all active users in your system in SAP? ›

tcode AL08 will give all logged in users in SAP (includes all application severs).

Can you track user activity? ›

Ways to Track User Activity on a Website

Some of the most common ways to track user activity include: Tools like Google Analytics and Search Console. Click tracking (recording which elements on a page users click) Scroll tracking (recording where users scroll on a page)

What is the difference between users and active users? ›

The term “Active Users” can be a little misleading. Some people think it's the same thing as a real-time user - someone who is on your site at this moment. But actually, your active users are different from your real-time users. Active users are those who have engaged in your website over a certain time period.

What's a good Dau Mau? ›

What is a good score? If you're looking to engage users, below 10% DAU/MAU is generally considered poor. As this would mean that users are viewing in on average 3 times a month (10% of ~30 days in a month = 3 days). Anything above 40% is very good, 60%+ is excellent.


1. PowerShell - How to find Disabled users in Active Directory using PowerShell | Powershell Scripting
2. 12. Get members of all Active Directory Groups with PowerShell
3. How to get Users & Group Membership from AD with PowerShell
(Ravi Kiran TECHLOGS)
4. Importing users to Active Directory with Excel and PowerShell
(Jorel DeGuzman)
5. Displaying AD user properties in PowerShell
(David Dalton)
6. How To Reset A User's Password In Active Directory With PowerShell
(TechSnips by ATA Learning)
Top Articles
Latest Posts
Article information

Author: Dong Thiel

Last Updated: 04/08/2023

Views: 6050

Rating: 4.9 / 5 (79 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Dong Thiel

Birthday: 2001-07-14

Address: 2865 Kasha Unions, West Corrinne, AK 05708-1071

Phone: +3512198379449

Job: Design Planner

Hobby: Graffiti, Foreign language learning, Gambling, Metalworking, Rowing, Sculling, Sewing

Introduction: My name is Dong Thiel, I am a brainy, happy, tasty, lively, splendid, talented, cooperative person who loves writing and wants to share my knowledge and understanding with you.