none
Using get-aduser to search for enabled users in entire domain filter ..

    Question

  • Hi,

    my first post here.

    I have the following problem. I am trying to figure out to create a powershell command (with get-aduser) that searches for only enabled users (in the entire domain),  whose user account login names starts with "b" or "B" (because their user account login names are composed of Bnnnnn, n=numbers). I suppose that a string of "B*" in the command should be sufficient. The query result must show the user account login name (Bnnnnn),  first name and last name  and the enabled  (yes) status  of those enabled users. I would like to write the entire query result to a file (csv format), saving it to c: for example

    Please help. Thanks in advance


    Tuesday, April 10, 2012 10:23 PM

Answers

  • Hi,

    Also here:

    get-aduser -ldapfilter "(&(&(samaccountname=b*)(useraccountcontrol=512)))"

    -propterties * |select name,givenname, sn,enabled |

    export-csv -path c:\test.csv

    Best Regards,

    Yan Li


    Yan Li

    TechNet Community Support

    Thursday, April 12, 2012 1:34 AM
    Moderator
  • Sorry, I must not have read the entire question. Here is a PowerShell solution:

    Get-ADUser -LDAPFilter "(&(sAMAccountName=b*)(!userAccountControl:1.2.840.113556.1.4.803:=2))" `
        -Properties sAMAccountName, givenName, sn, enabled | Select sAMAccountName, givenName, sn, enabled | `
        Export-Csv -Path c:\Scripts\Users.csv -NoTypeInformation

    -----

    sAMAccountName is the "pre-Windows 2000 logon" name, which I assume is what you mean by account login name. The filter is case insensitive.


    Richard Mueller - MVP Directory Services

    Wednesday, April 11, 2012 1:29 PM

All replies

  • To retrieve all users not disabled you can use:

    Get-ADUser -LDAPFilter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"


    Richard Mueller - MVP Directory Services

    Tuesday, April 10, 2012 10:46 PM
  • Hi,

    Please see the below code:

    get-aduser -ldapfilter "(&(&(objectCategory=user)(userAccountControl=512)))"

    Or:

    Get-ADUser -Filter 'enabled -eq $true' |fl name

    Best Regards,

    Yan Li


    Yan Li

    TechNet Community Support

    Wednesday, April 11, 2012 2:00 AM
    Moderator
  • Sorry, but i do not see your solution

    regards


    • Edited by Mister007 Wednesday, April 11, 2012 7:32 AM
    Wednesday, April 11, 2012 7:30 AM
  • Hi Yan Li,

    Thanks for your quick reply but i do not see how i can query for users with user account login starting with "b" (only those users) and saving it to disk in csv format

    please help

    Wednesday, April 11, 2012 7:32 AM
  • Sorry, I must not have read the entire question. Here is a PowerShell solution:

    Get-ADUser -LDAPFilter "(&(sAMAccountName=b*)(!userAccountControl:1.2.840.113556.1.4.803:=2))" `
        -Properties sAMAccountName, givenName, sn, enabled | Select sAMAccountName, givenName, sn, enabled | `
        Export-Csv -Path c:\Scripts\Users.csv -NoTypeInformation

    -----

    sAMAccountName is the "pre-Windows 2000 logon" name, which I assume is what you mean by account login name. The filter is case insensitive.


    Richard Mueller - MVP Directory Services

    Wednesday, April 11, 2012 1:29 PM
  • Hi,

    Also here:

    get-aduser -ldapfilter "(&(&(samaccountname=b*)(useraccountcontrol=512)))"

    -propterties * |select name,givenname, sn,enabled |

    export-csv -path c:\test.csv

    Best Regards,

    Yan Li


    Yan Li

    TechNet Community Support

    Thursday, April 12, 2012 1:34 AM
    Moderator
  • Note spelling of properties was wrong:

    Hi,

    Also here:

    get-aduser -ldapfilter "(&(&(samaccountname=b*)(useraccountcontrol=512)))"

    -propterties * |select name,givenname, sn,enabled |

    export-csv -path c:\test.csv

    Best Regards,

    Yan Li


    Yan Li

    TechNet Community Support

    Saturday, October 26, 2013 8:43 PM
  • At what point would it be beneficial to use an ldapfilter over a -filter ?

    Many thanks,

    Wednesday, November 06, 2013 4:01 AM
  • Get-ADUser -Filter{name -like "*b*" -and enabled -eq $true} | Select-object Samaccountname,givenname,surname,enabled | Out-GridView

    I use Out-GridView because it allows you to easily transfer the results into an Excel spreadsheet with a simple copy and paste without having to fiddle around with csv files - Unless of course you are feeding into a secondary script, the data is easily accessible for consumption without too much hassle.



    Wednesday, November 06, 2013 4:04 AM
  • I use -LDAPFilter mostly because I am used to the LDAP syntax. It can be used in PowerShell, VBScript, dsquery, VB, and many command line utilities (like Joe Richards' free adfind utility). Active Directory is an LDAP compliant database.

    The PowerShell -Filter syntax can do the same things, but the properties it exposes are really aliases. I'm used to the AD attribute names, like sAMAccountName and userAccountControl. PowerShell uses things like "enabled" and "surname", which are aliases you need to know or look up. For example, the Get-ADUser default and extended properties, with the actual AD attributes they are based on, are documented here:

    http://social.technet.microsoft.com/wiki/contents/articles/12037.active-directory-get-aduser-default-and-extended-properties.aspx

    Finally, note that the "Name" property refers to the Relative Distinguished Name (RDN) of the object, which for user objects is the value of the cn attribute (the Common Name of the user). This may not uniquely identify the user, as it only needs to be unique in the parent OU/container. The user login name (pre-Windows 2000 logon name) is the value of the sAMAccountName attribute, which must be unique in the domain. In the Wiki article I linked, we see that the PowerShell alias for this attribute is "SamAccountName" (in this case the name of the property matches the name of the AD attribute). All of this can be confusing.


    Richard Mueller - MVP Directory Services

    Wednesday, November 06, 2013 10:53 AM