locked
User Status in Active Directory with the Help of Employee ID or SamAccount along with when object changed last RRS feed

  • Question

  • Hello Folks, 

    I need to check the user status in Active Directory whether it is disabled or enabled and the When the Object got changed last.  As i have the below Code but unable to get the Modified date. Is  i am missing something or i need to change any attribute.

    Code

    $file = Import-Csv "C:\Scripts\displaynames.csv"

    ForEach ($u in $file) {

        Get-ADUser -Filter "EmployeeID -eq $($u.EmployeeID)" | Select-Object Name, SamAccountName, Enabled, Modified
       
    }

     Thanks

    Thanks

    Tuesday, August 29, 2017 7:04 PM

Answers

  • Add

    -Properties Modified

    To your Get-ADUser command. The reason is that Get-ADUser only retrieves a fixed list of properties. If you want more, you have to add them using the -Properties parameter.

    As an aside, "Modified" seems to be an alias for "whenChanged". I prefer to use the AD attribute names (in this case, "whenChanged" rather than "Modified") to reduce confusion between what you see in the ADUC console (and other AD tools) vs. what you see in PowerShell.


    -- Bill Stewart [Bill_Stewart]

    Tuesday, August 29, 2017 7:08 PM

All replies

  • Add

    -Properties Modified

    To your Get-ADUser command. The reason is that Get-ADUser only retrieves a fixed list of properties. If you want more, you have to add them using the -Properties parameter.

    As an aside, "Modified" seems to be an alias for "whenChanged". I prefer to use the AD attribute names (in this case, "whenChanged" rather than "Modified") to reduce confusion between what you see in the ADUC console (and other AD tools) vs. what you see in PowerShell.


    -- Bill Stewart [Bill_Stewart]

    Tuesday, August 29, 2017 7:08 PM
  • Thanks bill , just wanted to know how can i export the results when i tried with below export cmdlet getting an error 

    An empty pipe element is not allowed.
    At C:\Scripts\sam8.ps1:7 char:4
    + } | <<<<  Export-CSV -Path "C:\scripts\User1.csv" -notype
        + CategoryInfo          : ParserError: (:) [], ParseException
        + FullyQualifiedErrorId : EmptyPipeElement

    -----------------------------------------------

    $file = Import-Csv "C:\Scripts\displaynames.csv"

    ForEach ($u in $file) {

    Get-ADUser -Filter "EmployeeID -eq '$($u.EmployeeID)'" -Server DC01.domain.com:3268 -Property * | Select-Object Name, Samaccountname, EmployeeID, Enabled, whenChanged
       
    } | Export-CSV -Path "C:\scripts\User1.csv" -notype

    Tuesday, August 29, 2017 10:55 PM
  • I refer the honorable gentlemen to the answer already given.

    Read more carefully. The parameter name is -Properties, not -Property. And we don't recommend -Properties * as that retrieves all properties and will negatively impact performance. You only need to add properties you want over and above the standard set of properties (In your case, Modified or whenChanged).


    -- Bill Stewart [Bill_Stewart]

    Wednesday, August 30, 2017 1:59 PM