Bird
Raised Fist0
PowerShellscripting~5 mins

Get-ADUser in PowerShell

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction

The Get-ADUser command helps you find and see information about users in your Active Directory. It makes it easy to get details about people in your network.

You want to check details of a specific user in your company network.
You need to list all users in a certain department or group.
You want to find users who have not logged in recently.
You need to export user information for reports or audits.
Syntax
PowerShell
Get-ADUser [-Identity] <User> [-Properties <String[]>] [-Filter <String>] [-SearchBase <String>] [-SearchScope <String>] [-Server <String>] [-Credential <PSCredential>] [-ResultSetSize <Int>] [-SortBy <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

-Identity is used to specify a single user by name, username, or distinguished name.

-Filter lets you search for users matching conditions, like all users in a city.

Examples
Gets the user with username 'jdoe'.
PowerShell
Get-ADUser -Identity "jdoe"
Finds all users whose name contains 'Smith'.
PowerShell
Get-ADUser -Filter "Name -like '*Smith*'"
Gets all users and shows their email addresses.
PowerShell
Get-ADUser -Filter * -Properties EmailAddress
Sample Program

This script loads the Active Directory module, gets the user named 'alice', and prints her name, email, and department.

PowerShell
Import-Module ActiveDirectory

# Get user with username 'alice'
$user = Get-ADUser -Identity alice -Properties EmailAddress, Department

Write-Output "User: $($user.Name)"
Write-Output "Email: $($user.EmailAddress)"
Write-Output "Department: $($user.Department)"
OutputSuccess
Important Notes

You need to run this command on a computer joined to the Active Directory domain.

Make sure you have permission to read user information in Active Directory.

Use -Properties to get extra details, otherwise only basic info is returned.

Summary

Get-ADUser helps you find and view user info in Active Directory.

Use -Identity for one user or -Filter to search many users.

Remember to add -Properties to see more details about users.

Practice

(1/5)
1. What does the Get-ADUser cmdlet do in PowerShell?
easy
A. Creates a new Active Directory user
B. Retrieves information about Active Directory users
C. Deletes an Active Directory user
D. Modifies an Active Directory user's password

Solution

  1. Step 1: Understand the purpose of Get-ADUser

    The cmdlet is designed to fetch or retrieve user information from Active Directory.

  2. Step 2: Compare with other cmdlets

    Creating, deleting, or modifying users are done by other cmdlets like New-ADUser or Set-ADUser, not Get-ADUser.

  3. Final Answer:

    Retrieves information about Active Directory users -> Option B

  4. Quick Check:

    Get-ADUser = Retrieve user info [OK]
Hint: Get-ADUser always fetches user info, not changes [OK]
Common Mistakes:
  • Confusing Get-ADUser with New-ADUser
  • Thinking it modifies user data
  • Assuming it deletes users
2. Which of the following is the correct syntax to get a user by their username using Get-ADUser?
easy
A. Get-ADUser -Identity "jdoe"
B. Get-ADUser -Name "jdoe"
C. Get-ADUser -UserName "jdoe"
D. Get-ADUser -User "jdoe"

Solution

  1. Step 1: Identify the correct parameter for a single user

    The -Identity parameter is used to specify a single user by username or distinguished name.

  2. Step 2: Check other parameters

    Parameters like -Name, -UserName, or -User are not valid for Get-ADUser to specify a single user.

  3. Final Answer:

    Get-ADUser -Identity "jdoe" -> Option A

  4. Quick Check:

    -Identity = single user [OK]
Hint: Use -Identity to specify one user by username [OK]
Common Mistakes:
  • Using -Name instead of -Identity
  • Trying -UserName which is invalid
  • Confusing parameter names
3. What will this command output?
Get-ADUser -Filter 'Enabled -eq $true' -Properties EmailAddress | Select-Object Name, EmailAddress
medium
A. List of disabled users with their names and email addresses
B. List of all users with only their names
C. List of enabled users with their names and email addresses
D. Error because EmailAddress is not a valid property

Solution

  1. Step 1: Understand the filter condition

    The filter Enabled -eq $true selects only users who are enabled (active).

  2. Step 2: Check properties and output

    The command requests the EmailAddress property and selects to display Name and EmailAddress for each user.

  3. Final Answer:

    List of enabled users with their names and email addresses -> Option C

  4. Quick Check:

    Filter enabled + EmailAddress shown = List of enabled users with their names and email addresses [OK]
Hint: Filter enabled users and add -Properties for extra fields [OK]
Common Mistakes:
  • Forgetting to add -Properties EmailAddress
  • Assuming it lists disabled users
  • Thinking EmailAddress is invalid property
4. You run this command but get an error:
Get-ADUser -Filter "Name -like '*Smith'" -Properties Email

What is the likely cause?
medium
A. The property 'Email' does not exist; it should be 'EmailAddress'
B. The filter syntax is incorrect; should use single quotes inside double quotes
C. Get-ADUser cannot filter by Name
D. Missing -Identity parameter

Solution

  1. Step 1: Check the property name

    The correct property for user email is EmailAddress, not Email.

  2. Step 2: Validate filter and parameters

    The filter syntax is valid and filtering by Name is allowed. The -Identity parameter is not required when using -Filter.

  3. Final Answer:

    The property 'Email' does not exist; it should be 'EmailAddress' -> Option A

  4. Quick Check:

    Wrong property name causes error [OK]
Hint: Use correct property names like EmailAddress, not Email [OK]
Common Mistakes:
  • Using wrong property names
  • Misunderstanding filter syntax
  • Thinking -Identity is mandatory with -Filter
5. You want to list all users in the 'Sales' department with their names and phone numbers. Which command will do this correctly?
hard
A. Get-ADUser -Filter 'Department -like Sales' | Select Name, PhoneNumber
B. Get-ADUser -Identity 'Sales' -Properties Phone | Select Name, Phone
C. Get-ADUser -Filter 'Department = Sales' -Properties PhoneNumber | Select-Object Name, PhoneNumber
D. Get-ADUser -Filter 'Department -eq "Sales"' -Properties TelephoneNumber | Select-Object Name, TelephoneNumber

Solution

  1. Step 1: Use correct filter syntax for department

    The filter Department -eq "Sales" correctly matches users in Sales department.

  2. Step 2: Include correct property and select output

    Use -Properties TelephoneNumber to get phone numbers, then select Name and TelephoneNumber for output.

  3. Step 3: Check other options for errors

    Get-ADUser -Identity 'Sales' -Properties Phone | Select Name, Phone uses -Identity incorrectly and wrong property names. Get-ADUser -Filter 'Department -like Sales' | Select Name, PhoneNumber has wrong filter syntax and property names. Get-ADUser -Filter 'Department = Sales' -Properties PhoneNumber | Select-Object Name, PhoneNumber uses '=' instead of '-eq' and wrong property names.

  4. Final Answer:

    Get-ADUser -Filter 'Department -eq "Sales"' -Properties TelephoneNumber | Select-Object Name, TelephoneNumber -> Option D

  5. Quick Check:

    Filter with -eq + correct property = Get-ADUser -Filter 'Department -eq "Sales"' -Properties TelephoneNumber | Select-Object Name, TelephoneNumber [OK]
Hint: Use -Filter with -eq and add -Properties for extra fields [OK]
Common Mistakes:
  • Using wrong filter operators like '='
  • Wrong property names like Phone instead of TelephoneNumber
  • Misusing -Identity for filtering