none
Need some help with PowerShell Active Directory auditing

    Question

  • I'm working on a AD security audit and need to export a list of all users with this info:

    • creation date
    • username
    • employee name
    • role
    • department

    I ran this the below line, it was the closest I could find.  It doesn't list everything I'm looking for.  Does anybody know a more effective method for accomplishing this task?

    PS C:\Windows\system32> Get-ADUser -Filter * -Properties whenCreated | Where-Object {$_.whenCreated -ge ((Get-Date).AddDays(-9999)).Date} | Export-Csv c:\PS.csv

    Thanks!

    Friday, August 29, 2014 5:49 PM

Answers

  • Hi,

    Add the additional properties you need to the -Properties parameter of Get-ADUser. If you're not sure which you actually need (I have no idea what 'role' would match up to), use a wildcard to return everything for a single user and then use those properties in the full command.


    EDIT: Here's an example:

    Get-ADUser -Filter * -Properties whenCreated,department | 
        Select SamAccountName,Name,department,whenCreated | 
            Sort SamAccountName |
                Export-Csv .\userAudit.csv -NoTypeInformation

    You'll still need to identify what property you need for your 'role' requirement.


    Don't retire TechNet! - (Don't give up yet - 13,085+ strong and growing)

    Friday, August 29, 2014 5:57 PM
  • In my experience, there's a good chance they'll be back for more information.

    Do yourself a favor and make it a script, and create a variable for the property list.

    $Properties = @(
    'SamAccountName',
    'Name',
    'Department',
    'WhenCreated' 
    )
    
     Get-ADUser -Filter * -Properties $Properties |
      Select $Properties | Export-Csv c:\PS.csv


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "



    Friday, August 29, 2014 6:31 PM

All replies

  • Hi,

    Add the additional properties you need to the -Properties parameter of Get-ADUser. If you're not sure which you actually need (I have no idea what 'role' would match up to), use a wildcard to return everything for a single user and then use those properties in the full command.


    EDIT: Here's an example:

    Get-ADUser -Filter * -Properties whenCreated,department | 
        Select SamAccountName,Name,department,whenCreated | 
            Sort SamAccountName |
                Export-Csv .\userAudit.csv -NoTypeInformation

    You'll still need to identify what property you need for your 'role' requirement.


    Don't retire TechNet! - (Don't give up yet - 13,085+ strong and growing)

    Friday, August 29, 2014 5:57 PM
  • In my experience, there's a good chance they'll be back for more information.

    Do yourself a favor and make it a script, and create a variable for the property list.

    $Properties = @(
    'SamAccountName',
    'Name',
    'Department',
    'WhenCreated' 
    )
    
     Get-ADUser -Filter * -Properties $Properties |
      Select $Properties | Export-Csv c:\PS.csv


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "



    Friday, August 29, 2014 6:31 PM