Get Qaduser
Powershell

Get-QADUser makes administration of Active Directory plain simple and fast:

  • See which users are locked
Get-QADUser -Locked
  • Unlock the following user 'username'
Unlock-QADUser 'DOMAIN\username'

When you want to see users in a specific OU that are enabled type:

get-QADUser -SearchRoot 'OU=Standard,OU=Users,OU=Chicago,DC=netlab,DC=com' -Enabled | Format-Table -auto |Out-File "c:\output\users.txt"

To find all the disabled users in the domain:
Get-QADUser -Disabled

When you want to disable a certain person and move them into your disabled container do as follows:
[PS] C:\>Disable-QADUser -Identity "NameOfUser" | Move-QADObject -NewParentContainer 'OU=Disabled,OU=Standard,OU=Users,DC=Domain,DC=com'

Get a list in excel to find all the admins in your active directory
Get-QADUser -ldapFilter '(SamAccountName=*adm_*)'|export-csv admins.csv

To find all your users in your domain and look if they are active or disabled try:
Get-QADUser -Identity * | Select-Object {$_.SamAccountName} > Users.txt
gc Users.txt | %{$u=$_; trap {"$u,deleted"} if(get-qaduser $_ -disabled){"$_,disabled"}else{"$_,active"}} | out-file "User Status.csv"

To find users that have the EmployeeNumber field populated you would type something like:
$UsersWithEmployeeIDOK = Get-QADUser -SizeLimit 0 -IncludedProperties 'employeeNumber' | where { $_.'EmployeeNumber' -gt "" } | Select-Object { $_.EmployeeNumber}, { $_.Name}, { $_.TelephoneNumber } 
$UsersWithEmployeeIDOK | Out-File \\fileserver\homedrives\User\Scripts\EmployeeNumber.txt

To find all users from department 'Accounting' you would type:
Get-QADUser -Department 'Accounting' | Select Name,Samaccountname |Format-table -auto

What also is usefull is to count the members of a particulair department:
 Get-QADUser -Department '*' | Group-Object department

Quest Software

On Me

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License