Bird
Raised Fist0
PowerShellscripting~10 mins

Get-ADUser in PowerShell - Step-by-Step Execution

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Concept Flow - Get-ADUser
Start
Run Get-ADUser cmdlet
Connect to Active Directory
Search for user(s) based on parameters
Retrieve user properties
Output user object(s)
End
The Get-ADUser command connects to Active Directory, searches for users based on given parameters, retrieves their properties, and outputs the user objects.
Execution Sample
PowerShell
$user = Get-ADUser -Identity "jsmith" -Properties EmailAddress
Write-Output $user.EmailAddress
This code gets the user with username 'jsmith' and outputs their email address.
Execution Table
StepActionParameterResultOutput
1Run Get-ADUser-Identity "jsmith"Search AD for user 'jsmith'User object found
2Retrieve Properties-Properties EmailAddressGet EmailAddress propertyEmailAddress value stored
3Assign to variable$user = Get-ADUser ...User object assigned to $userVariable $user holds user data
4Output EmailAddressWrite-Output $user.EmailAddressPrint EmailAddressjsmith@example.com
5EndNo more commandsScript endsNo further output
💡 Completed retrieving and displaying the EmailAddress property of user 'jsmith'.
Variable Tracker
VariableStartAfter Step 1After Step 2After Step 3Final
$usernullUser object foundUser object with EmailAddress propertyUser object assignedUser object with EmailAddress property
Key Moments - 3 Insights
Why do we need to specify -Properties EmailAddress?
By default, Get-ADUser returns only a few properties. To get EmailAddress, we must explicitly request it using -Properties, as shown in execution_table step 2.
What happens if the user 'jsmith' does not exist?
Get-ADUser will throw an error or return nothing, so no user object is assigned to $user. This is implied in execution_table step 1 where the user is searched.
Why do we assign the result to a variable before outputting?
Assigning to $user lets us access properties easily later, like $user.EmailAddress in step 4, instead of running Get-ADUser multiple times.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is stored in $user after step 3?
AOnly the EmailAddress string
BUser object with requested properties
CNull value
DError message
💡 Hint
Check variable_tracker row for $user after Step 3.
At which step is the EmailAddress property retrieved?
AStep 4
BStep 1
CStep 2
DStep 5
💡 Hint
Look at the Action and Result columns in execution_table.
If we omit -Properties EmailAddress, what changes in the output?
AEmailAddress will be empty or missing
BScript will fail with error
CEmailAddress will still be shown
DUser object will not be found
💡 Hint
Refer to key_moments about why -Properties is needed.
Concept Snapshot
Get-ADUser -Identity <username> [-Properties <props>]
Retrieves AD user object by username.
Use -Properties to get extra info like EmailAddress.
Assign output to variable to access properties.
Output properties with Write-Output or direct access.
Full Transcript
The Get-ADUser command in PowerShell connects to Active Directory and searches for a user based on parameters like Identity. It retrieves the user object and requested properties such as EmailAddress. The script assigns the user object to a variable for easy access. Then it outputs the EmailAddress property. If the user does not exist, no object is returned. By default, only a few properties are returned, so -Properties is used to get more. This step-by-step trace shows how the command runs and how variables change.

Practice

(1/5)
1. What does the Get-ADUser cmdlet do in PowerShell?
easy
A. Creates a new Active Directory user
B. Retrieves information about Active Directory users
C. Deletes an Active Directory user
D. Modifies an Active Directory user's password

Solution

  1. Step 1: Understand the purpose of Get-ADUser

    The cmdlet is designed to fetch or retrieve user information from Active Directory.

  2. Step 2: Compare with other cmdlets

    Creating, deleting, or modifying users are done by other cmdlets like New-ADUser or Set-ADUser, not Get-ADUser.

  3. Final Answer:

    Retrieves information about Active Directory users -> Option B

  4. Quick Check:

    Get-ADUser = Retrieve user info [OK]
Hint: Get-ADUser always fetches user info, not changes [OK]
Common Mistakes:
  • Confusing Get-ADUser with New-ADUser
  • Thinking it modifies user data
  • Assuming it deletes users
2. Which of the following is the correct syntax to get a user by their username using Get-ADUser?
easy
A. Get-ADUser -Identity "jdoe"
B. Get-ADUser -Name "jdoe"
C. Get-ADUser -UserName "jdoe"
D. Get-ADUser -User "jdoe"

Solution

  1. Step 1: Identify the correct parameter for a single user

    The -Identity parameter is used to specify a single user by username or distinguished name.

  2. Step 2: Check other parameters

    Parameters like -Name, -UserName, or -User are not valid for Get-ADUser to specify a single user.

  3. Final Answer:

    Get-ADUser -Identity "jdoe" -> Option A

  4. Quick Check:

    -Identity = single user [OK]
Hint: Use -Identity to specify one user by username [OK]
Common Mistakes:
  • Using -Name instead of -Identity
  • Trying -UserName which is invalid
  • Confusing parameter names
3. What will this command output?
Get-ADUser -Filter 'Enabled -eq $true' -Properties EmailAddress | Select-Object Name, EmailAddress
medium
A. List of disabled users with their names and email addresses
B. List of all users with only their names
C. List of enabled users with their names and email addresses
D. Error because EmailAddress is not a valid property

Solution

  1. Step 1: Understand the filter condition

    The filter Enabled -eq $true selects only users who are enabled (active).

  2. Step 2: Check properties and output

    The command requests the EmailAddress property and selects to display Name and EmailAddress for each user.

  3. Final Answer:

    List of enabled users with their names and email addresses -> Option C

  4. Quick Check:

    Filter enabled + EmailAddress shown = List of enabled users with their names and email addresses [OK]
Hint: Filter enabled users and add -Properties for extra fields [OK]
Common Mistakes:
  • Forgetting to add -Properties EmailAddress
  • Assuming it lists disabled users
  • Thinking EmailAddress is invalid property
4. You run this command but get an error:
Get-ADUser -Filter "Name -like '*Smith'" -Properties Email

What is the likely cause?
medium
A. The property 'Email' does not exist; it should be 'EmailAddress'
B. The filter syntax is incorrect; should use single quotes inside double quotes
C. Get-ADUser cannot filter by Name
D. Missing -Identity parameter

Solution

  1. Step 1: Check the property name

    The correct property for user email is EmailAddress, not Email.

  2. Step 2: Validate filter and parameters

    The filter syntax is valid and filtering by Name is allowed. The -Identity parameter is not required when using -Filter.

  3. Final Answer:

    The property 'Email' does not exist; it should be 'EmailAddress' -> Option A

  4. Quick Check:

    Wrong property name causes error [OK]
Hint: Use correct property names like EmailAddress, not Email [OK]
Common Mistakes:
  • Using wrong property names
  • Misunderstanding filter syntax
  • Thinking -Identity is mandatory with -Filter
5. You want to list all users in the 'Sales' department with their names and phone numbers. Which command will do this correctly?
hard
A. Get-ADUser -Filter 'Department -like Sales' | Select Name, PhoneNumber
B. Get-ADUser -Identity 'Sales' -Properties Phone | Select Name, Phone
C. Get-ADUser -Filter 'Department = Sales' -Properties PhoneNumber | Select-Object Name, PhoneNumber
D. Get-ADUser -Filter 'Department -eq "Sales"' -Properties TelephoneNumber | Select-Object Name, TelephoneNumber

Solution

  1. Step 1: Use correct filter syntax for department

    The filter Department -eq "Sales" correctly matches users in Sales department.

  2. Step 2: Include correct property and select output

    Use -Properties TelephoneNumber to get phone numbers, then select Name and TelephoneNumber for output.

  3. Step 3: Check other options for errors

    Get-ADUser -Identity 'Sales' -Properties Phone | Select Name, Phone uses -Identity incorrectly and wrong property names. Get-ADUser -Filter 'Department -like Sales' | Select Name, PhoneNumber has wrong filter syntax and property names. Get-ADUser -Filter 'Department = Sales' -Properties PhoneNumber | Select-Object Name, PhoneNumber uses '=' instead of '-eq' and wrong property names.

  4. Final Answer:

    Get-ADUser -Filter 'Department -eq "Sales"' -Properties TelephoneNumber | Select-Object Name, TelephoneNumber -> Option D

  5. Quick Check:

    Filter with -eq + correct property = Get-ADUser -Filter 'Department -eq "Sales"' -Properties TelephoneNumber | Select-Object Name, TelephoneNumber [OK]
Hint: Use -Filter with -eq and add -Properties for extra fields [OK]
Common Mistakes:
  • Using wrong filter operators like '='
  • Wrong property names like Phone instead of TelephoneNumber
  • Misusing -Identity for filtering