Powershell – Pulling up specific user fields in Active Directory

Ok Here’s an easy one I stumbled across in Powershell that’s SO incredibly useful.
 
First off, get yourself a copy of the Active Roles Management Shell from Quest Software.  It’s free and makes working in Active Directory a complete breeze with Powershell.
 
Now I had what could have been a nightmare task (doesn’t seem at first until you think about it)
 
Pull up a list of users that I had created in the past thirty days.
 
"Well that should be easy… " I thought to myself.   The information *IS* in ActiveDirectory.  But how?
 
Well Powershell and Active Roles Management Shell from Quest Software, it’s dead simple.  
 
In the Active Roles Shell all you have to do is
 
GET-QADUSERS -searchroot "ou=xxx,dc=yyy,dc=zzz" -enabled | where { $-.whencreated -gt "mm/dd/yyyy }
 
Where the "-enabled" shows all ENABLED User accounts and "ou=xxx,dc=yyy,dc=zzz" is your Search scope to isolate it to a single OU in Active Directory
 
So if my domain was "energized.local" and I was digging through the "technicians" OU from the root of Active Directory I would use
 
"OU=TECHNICIANS,DC=ENERGIZED,DC=LOCAL"
 
Now this was a "quick and dirty" solution where I ran in my head that 30days was this date and just figured out what the month day and year to plug in was.
 
But you can get fancy.   And make it into a function or just a simple script for occasional use.
 
In Powershell there is a GET-DATE function which gets, ( well yes of course, you guessed it)  The Date.
 
So without much difficulty you can run create this little script.
 
$TODAYDATE=GET-DATE
 
GET-QADUSERS -searchroot "ou=xxx,dc=yyy,dc=zzz" -enabled | where { $.whencreated.AddDays(30) -gt $TODAYDATE }
 
Now save that as "LIST30DayUsers.PS1" and you’ve got a handy script for pulling up new Users that are recently created.  Now If you want, pull out the -searchroot "ou=xxx,dc=yyy,dc=zzz" from the line and it will search the Entire Active Directory you’re defaulting to.  Pull out "-enabled" and it will show ALL accounts created in the structure (including disabled accounts)
 
And if you’re wondering?  The Active Roles Management Shell DOES work with the newer Powershell (as of this writing) in the RC1 of Server 2008R2 and RC1 of Windows 7.   I did this on a Server 2008R2 setup.
 
Enjoy.   I am.  I’m sitting at my desk now humming "Highway to Powershell" 😉
 
Sean
The Energized Tech
 
 
 
 
 
 
 

Leave a Reply