get-aduser
Windows Active Directory provides very useful enterprise user management capabilities. Powershell is a new scripting language provides for Microsoft Operating systems. Get-ADUser is a very useful command or commandlet which can be used to list Active Directory users in different ways.
Windows Active Directory提供了非常有用的企业用户管理功能。 Powershell是一种为Microsoft操作系统提供的新脚本语言。 Get-ADUser是一个非常有用的命令或Commandlet,可用于以不同方式列出Active Directory用户。
交互式列出域用户 (List Domain Users Interactively)
We will start with a simple example. We will list all domain users. In this example, we will do not provide any option or parameter to the Get-ADUser command. But after running the command we will be asked for a filter. We will provide asterisk * as a filter which means all users.
我们将从一个简单的例子开始。 我们将列出所有域用户。 在此示例中,我们将不为Get-ADUser命令提供任何选项或参数。 但是在运行命令后,我们将被要求提供过滤器。 我们将提供星号*作为过滤器,表示所有用户。
PS> Get-ADUSer
The following information is provided with the Get-ADUser command.
Get-ADUser命令提供了以下信息。
- `DistingushedName` will provide the complete canonical name for the user. DistingushedName将为用户提供完整的规范名称。
- `Enabled` will show whether the user account is enabled or not. “启用”将显示是否启用了用户帐户。
- `GivenName` is the human-readable name which is generally the name and surname of the user. “ GivenName”是人类可读的名称,通常是用户的名字和姓氏。
- `ObjectClass` is the user type which is generally `user`. “ ObjectClass”是用户类型,通常是“ user”。
- `ObjectGUID` is the unique ID of the current user or object. “ ObjectGUID”是当前用户或对象的唯一ID。
- `SamAccountName` is the or SAM account name of the user. “ SamAccountName”是用户的或SAM帐户名。
列出域用户 (List Domain Users)
In this example, we will list all domain users by providing the asterisk as parameter * to the Get-ADUser command. We will use the -Filter option.
在此示例中,我们将通过将星号作为参数*给Get-ADUser命令来列出所有域用户。 我们将使用-Filter选项。
PS> Get-ADUser -Filter *
列出容器或OU中的所有用户(List All Users In A Container or OU)
As an enterprise environment has a lot of users with different departments, containers, and OU we may need to list only given department, container or OU. We will use the -SearchBase option and provide the OU to filter users. In this example, we will use DC=ABC, DC=LOCAL
由于企业环境中有许多用户具有不同的部门,容器和OU,因此我们可能只需要列出给定的部门,容器或OU。 我们将使用-SearchBase选项,并提供OU来过滤用户。 在此示例中,我们将使用DC=ABC, DC=LOCAL
PS> Get-ADUser -Filter * -SearchBase "DC=ABC,DC=LOCAL"
按用户名过滤用户(Filter Users By Username)
We can filter users by their username. We will use a query language that will specify the name in Powershell. We will also use the -Filter option. In this example, we will list users whose usernames start with the H letter.
我们可以通过用户名过滤用户。 我们将使用在Powershell中指定名称的查询语言。 我们还将使用-Filter选项。 在此示例中,我们将列出其用户名以H字母开头的用户。
PS> Get-ADUser -Filter 'Name -like "H*"'
Alternatively, we can specify the search term like;
另外,我们可以指定类似的搜索词;
*dan will search the user names those ends with the dan.
*dan将搜索以dan结尾的用户名。
按姓筛选用户 (Filter Users By Surname)
Another popular search case is searching the users according to their surnames. We will use the Surname property of the user with the -Filter option. In the following example, we will search the users those surnames end with the ak .
另一个流行的搜索案例是根据用户的姓氏搜索用户。 我们将通过-Filter选项使用用户的Surname属性。 在下面的示例中,我们将搜索那些以ak结尾的姓氏的用户。
PS> Get-ADUser -Filter 'Surname -like "*ak"'
使用AND进行复杂的过滤和搜索 (Complex Filter and Search with AND)
Search and filter with single property is easy but in some cases, we may need to search and filter for multiple conditions. We can use the AND and OR logic for different properties. Below we will search for the users whose name starts with İs and surname ends with the an . So we will use an AND logic in order to met both conditions for the Name and Surname properties.
具有单个属性的搜索和过滤很容易,但是在某些情况下,我们可能需要搜索和过滤多个条件。 我们可以将AND和OR逻辑用于不同的属性。 在下面,我们将搜索名称以İs且姓氏以an结尾的an 。 因此,我们将使用AND逻辑来满足Name和Surname属性的两个条件。
PS> Get-ADUser -Filter { (Name -Like "İs*") AND (Surname -Like "*an")}
Let’s make this example more complex but more useable by adding more conditions. We will search and filter users which resides in the MyUsers OU with the specified name and surname.
通过添加更多条件,使此示例更复杂但更有用。 我们将搜索并筛选具有指定名称和姓氏的MyUsers OU中的用户。
PS> Get-ADUser -SearchBase "DC=MyUsers,DC=ABC,DC=LOCAL" '' -Filter { (Name -Like "İs*") AND (Surname -Like "*an")}
获取所有属性 (Get All Properties)
As Active Directory is a very complex environment there are a lot of attributes and properties about users. By default, only some of them are printed like Name, SID, Surname, GivenName, etc. We can also list all of these attributes with the -Properties command and asterisk *.
由于Active Directory是一个非常复杂的环境,因此有许多关于用户的属性。 默认情况下,仅打印其中的一部分,例如Name,SID,Surname,GivenName等。我们还可以使用-Properties命令和星号*列出所有这些属性。
PS> Get-ADUser -Filter * -Properties *
As we can see from the screenshot that properties like AccountExpirationDate, AccountLockoutTime, … are printed.
从屏幕截图中可以看到,已打印诸如AccountExpirationDate,AccountLockoutTime等属性。
- `AccountExprirationDate` will show the account expire day if it is set. If not there will be now value. 如果设置了“ AccountExprirationDate”,则会显示该帐户的到期日。 如果没有的话,那么现在就会有价值。
- `AccountExpires` will show whether the account has an expiration date. “ AccountExpires”将显示该帐户是否具有到期日期。
- `AccountLockoutTime` will show the interval to lock the account when it is idle. “ AccountLockoutTime”将显示空闲状态下锁定帐户的时间间隔。
- `BadLogonCount` will show how many unsuccessful login attempts occurred in the past. “ BadLogonCount”将显示过去发生了多少次不成功的登录尝试。
- `Created` will show the date and time information about the account creation. “创建”将显示有关帐户创建的日期和时间信息。
- `Company` will show the user company name of the user account if set. “公司”将显示用户帐户的用户公司名称(如果已设置)。
筛选并显示特定属性(Filter and Show Specific Properties)
As there are a lot of properties and by default, only some of them are printed we may need specific properties to be printed. We can print specific property or attribute by specifying with the -Property option like below. We will print properties like BadLogonCount, Title etc.
由于属性很多,默认情况下,仅打印其中一些属性,因此我们可能需要打印特定的属性。 我们可以通过使用-Property选项指定来打印特定的属性或属性,如下所示。 我们将打印BadLogonCount , Title等属性。
PS> Get-ADUser -Filter * -Properties "BadLogonCount","Title"
显示特定用户的属性(Show Properties For Specific User)
We can also show properties of the given or specific user we need to provide the username to the -Filter option and the properties or attributes we want to show.
我们还可以显示给定或特定用户的属性,我们需要向-Filter选项提供用户名以及我们要显示的属性或属性。
PS> Get-ADUser -Filter "Name -like 'İsmail Baydan'" -Properties "BadLogonCount","Title"
导出到CSV文件(Export To CSV File)
If we ware working with 3rd party systems and provide Active Directory user data we can use CSV format. We can export the Active Directory User data in CSV to a file with the Export-CSV command like below. We will also provide the CSV file name and path which is ADUsers.csv in this example.
如果我们考虑使用第三方系统并提供Active Directory用户数据,则可以使用CSV格式。 我们可以使用如下的Export-CSV命令Export-CSV的Active Directory用户数据导出到文件中。 在此示例中,我们还将提供CSV文件名和路径,即ADUsers.csv 。
PS> Get-ADUser -Filter "*" | Export-CSV -Path ADUsers.csv
打印电子邮件地址(Print Email Address)
Email address information also printed with the Get-ADUser command. We will just provide the email as the property we want to print.
电子邮件地址信息也使用Get-ADUser命令打印。 我们将只提供电子邮件作为我们要打印的属性。
PS> Get-ADUser -Filter "*'" -Properties "EmailAddress"
仅列出已启用的用户 (List Only Enabled Users)
Active Directory users can be disabled for different reasons like Security. So after a user account is disabled its Enabled property will be set to false. If we need to list only enabled users and filter out disabled users we can use Enabled -eq $True filter.
可以出于各种原因(例如安全性)禁用Active Directory用户。 因此,禁用用户帐户后,其Enabled属性将设置为false。 如果只需要列出启用的用户并过滤掉禁用的用户,则可以使用Enabled -eq $True过滤器。
PS> Get-ADUser -Filter {Enabled -eq $True}
get-aduser
扫一扫
2498
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
