You can use PowerShell to pretty much get anything you want out of Active Directory. Let’s say you want to see when the last time a user changed their password was. You can use the Get-ADUser commandlet to obtain any attribute for a user in the Active Directory schema. To use Get-ADUser, you’ll need to define a scope. In this example, we’ll do so using the -filter option and filter for everyone, using an *. That could be a lot of data, so we’re also going to look for the property, or attribute of PasswordLastSet using the -Properties option: Get-ADUser –filter * -Properties PasswordLastSet We can then add a little…
-
-
Obtain UPN from PowerShell
A UserPrincipalName (or UPN) is an attribute that contains an Internet-style login name for a user based on the Internet standard RFC 822. The UPN is used for a lot of different tasks, notably for Kerberos/Single Sign-On. As such, there are a lot of scripts that can now key off of a UPN. You can use the Get-ADUser cmdlet to query accounts for the UserPrincipalName attribute. To do so, we’re going to -Filter our results to display everyone (although we could include a username to only get one user) and then define the Search Base (using -SearchBase) to refine where in the query that the search will begin. Use the –Properties parameter…