Bird
Raised Fist0
PowerShellscripting~20 mins

Get-ADUser in PowerShell - Mini Project: Build & Apply

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Using Get-ADUser to List Active Directory Users
📖 Scenario: You are an IT administrator who needs to get a list of users from Active Directory to check their details.
🎯 Goal: Learn how to use the Get-ADUser cmdlet to retrieve user information from Active Directory and display it.
📋 What You'll Learn
Use the Get-ADUser cmdlet to get user data
Filter users by a specific property
Select specific properties to display
Display the results in the console
💡 Why This Matters
🌍 Real World
IT administrators often need to list and manage Active Directory users to maintain security and organization.
💼 Career
Knowing how to use Get-ADUser is essential for system administrators and IT support professionals working with Windows Server environments.
Progress0 / 4 steps
1
Create a variable with a list of all Active Directory users
Write a line of PowerShell code to create a variable called allUsers that stores all users from Active Directory using Get-ADUser -Filter *.
PowerShell
Hint

Use Get-ADUser -Filter * to get all users and assign it to allUsers.

2
Add a filter to get only enabled users
Add a line of code to create a variable called enabledUsers that stores only users from allUsers where the Enabled property is $true.
PowerShell
Hint

Use Where-Object to filter allUsers by Enabled -eq $true.

3
Select specific properties to display
Write a line of code to create a variable called userDetails that selects the Name, SamAccountName, and EmailAddress properties from enabledUsers.
PowerShell
Hint

Use Select-Object to pick the properties you want from enabledUsers.

4
Display the user details
Write a line of code to print the userDetails variable to the console.
PowerShell
Hint

Simply output the userDetails variable to show the data.

Practice

(1/5)
1. What does the Get-ADUser cmdlet do in PowerShell?
easy
A. Creates a new Active Directory user
B. Retrieves information about Active Directory users
C. Deletes an Active Directory user
D. Modifies an Active Directory user's password

Solution

  1. Step 1: Understand the purpose of Get-ADUser

    The cmdlet is designed to fetch or retrieve user information from Active Directory.

  2. Step 2: Compare with other cmdlets

    Creating, deleting, or modifying users are done by other cmdlets like New-ADUser or Set-ADUser, not Get-ADUser.

  3. Final Answer:

    Retrieves information about Active Directory users -> Option B

  4. Quick Check:

    Get-ADUser = Retrieve user info [OK]
Hint: Get-ADUser always fetches user info, not changes [OK]
Common Mistakes:
  • Confusing Get-ADUser with New-ADUser
  • Thinking it modifies user data
  • Assuming it deletes users
2. Which of the following is the correct syntax to get a user by their username using Get-ADUser?
easy
A. Get-ADUser -Identity "jdoe"
B. Get-ADUser -Name "jdoe"
C. Get-ADUser -UserName "jdoe"
D. Get-ADUser -User "jdoe"

Solution

  1. Step 1: Identify the correct parameter for a single user

    The -Identity parameter is used to specify a single user by username or distinguished name.

  2. Step 2: Check other parameters

    Parameters like -Name, -UserName, or -User are not valid for Get-ADUser to specify a single user.

  3. Final Answer:

    Get-ADUser -Identity "jdoe" -> Option A

  4. Quick Check:

    -Identity = single user [OK]
Hint: Use -Identity to specify one user by username [OK]
Common Mistakes:
  • Using -Name instead of -Identity
  • Trying -UserName which is invalid
  • Confusing parameter names
3. What will this command output?
Get-ADUser -Filter 'Enabled -eq $true' -Properties EmailAddress | Select-Object Name, EmailAddress
medium
A. List of disabled users with their names and email addresses
B. List of all users with only their names
C. List of enabled users with their names and email addresses
D. Error because EmailAddress is not a valid property

Solution

  1. Step 1: Understand the filter condition

    The filter Enabled -eq $true selects only users who are enabled (active).

  2. Step 2: Check properties and output

    The command requests the EmailAddress property and selects to display Name and EmailAddress for each user.

  3. Final Answer:

    List of enabled users with their names and email addresses -> Option C

  4. Quick Check:

    Filter enabled + EmailAddress shown = List of enabled users with their names and email addresses [OK]
Hint: Filter enabled users and add -Properties for extra fields [OK]
Common Mistakes:
  • Forgetting to add -Properties EmailAddress
  • Assuming it lists disabled users
  • Thinking EmailAddress is invalid property
4. You run this command but get an error:
Get-ADUser -Filter "Name -like '*Smith'" -Properties Email

What is the likely cause?
medium
A. The property 'Email' does not exist; it should be 'EmailAddress'
B. The filter syntax is incorrect; should use single quotes inside double quotes
C. Get-ADUser cannot filter by Name
D. Missing -Identity parameter

Solution

  1. Step 1: Check the property name

    The correct property for user email is EmailAddress, not Email.

  2. Step 2: Validate filter and parameters

    The filter syntax is valid and filtering by Name is allowed. The -Identity parameter is not required when using -Filter.

  3. Final Answer:

    The property 'Email' does not exist; it should be 'EmailAddress' -> Option A

  4. Quick Check:

    Wrong property name causes error [OK]
Hint: Use correct property names like EmailAddress, not Email [OK]
Common Mistakes:
  • Using wrong property names
  • Misunderstanding filter syntax
  • Thinking -Identity is mandatory with -Filter
5. You want to list all users in the 'Sales' department with their names and phone numbers. Which command will do this correctly?
hard
A. Get-ADUser -Filter 'Department -like Sales' | Select Name, PhoneNumber
B. Get-ADUser -Identity 'Sales' -Properties Phone | Select Name, Phone
C. Get-ADUser -Filter 'Department = Sales' -Properties PhoneNumber | Select-Object Name, PhoneNumber
D. Get-ADUser -Filter 'Department -eq "Sales"' -Properties TelephoneNumber | Select-Object Name, TelephoneNumber

Solution

  1. Step 1: Use correct filter syntax for department

    The filter Department -eq "Sales" correctly matches users in Sales department.

  2. Step 2: Include correct property and select output

    Use -Properties TelephoneNumber to get phone numbers, then select Name and TelephoneNumber for output.

  3. Step 3: Check other options for errors

    Get-ADUser -Identity 'Sales' -Properties Phone | Select Name, Phone uses -Identity incorrectly and wrong property names. Get-ADUser -Filter 'Department -like Sales' | Select Name, PhoneNumber has wrong filter syntax and property names. Get-ADUser -Filter 'Department = Sales' -Properties PhoneNumber | Select-Object Name, PhoneNumber uses '=' instead of '-eq' and wrong property names.

  4. Final Answer:

    Get-ADUser -Filter 'Department -eq "Sales"' -Properties TelephoneNumber | Select-Object Name, TelephoneNumber -> Option D

  5. Quick Check:

    Filter with -eq + correct property = Get-ADUser -Filter 'Department -eq "Sales"' -Properties TelephoneNumber | Select-Object Name, TelephoneNumber [OK]
Hint: Use -Filter with -eq and add -Properties for extra fields [OK]
Common Mistakes:
  • Using wrong filter operators like '='
  • Wrong property names like Phone instead of TelephoneNumber
  • Misusing -Identity for filtering