PowerShell Basics: AD User Information

Below is a list of basic PowerShell scripts to run for functions within an on-premise Active Directory environment. These are simple but useful tools to have.

My favorite, and the most useful daily script is checking the users basic info. Handy if you get the typical “I’m having issues logging in” after a long holiday.

Run PowerShell as admin:

				
					net user dave.test /domain

The exports a nice list of important user account items such as password expiration, last time password was updated, group membership and more.

Example output:

				
					PS C:\Windows\system32> net user dave.test /domain
User name                    dave.test
Full Name                    Dave Test
Comment                      Dave Testing SSO
User's comment
Country/region code          000 (System Default)
Account active               Yes
Account expires              Never

Password last set            5/16/2024 12:28:13 PM
Password expires             Never
Password changeable          5/16/2024 12:28:13 PM
Password required            Yes
User may change password     Yes

Workstations allowed         All
Logon script
User profile
Home directory
Last logon                   4/9/2024 10:55:06 AM

Logon hours allowed          All

Local Group Memberships
Global Group memberships     *intune-apps-base     *docusign-users
                             *linkedin-learning    *rapid7-users
                             *Domain Users         *azure-intune-users
                             *azuresync            *Domain Admins
The command completed successfully.

Hope you find this helpful!

June 5, 2024 Dave Herrell

Active Directory PowerShell

Dave Herrell

PowerShell Basics: AD User Information

Categories

Recent Posts

Tags