--- external help file: PSAD-help.xml online version: https://github.com/zloeber/PSAD schema: 2.0.0
Get-DSUser
SYNOPSIS
Get Account objects in a given directory service.
SYNTAX
Get-DSUser [-DotNotAllowDelegation] [-AllowDelegation] [-UnconstrainedDelegation] [-LogOnAfter <DateTime>]
[-LogOnBefore <DateTime>] [-NoPasswordRequired] [-PasswordNeverExpires] [-Disabled] [-Enabled] [-AdminCount]
[-ServiceAccount] [-MustChangePassword] [-Locked] [-Identity <String>] [-ComputerName <String>]
[-Credential <PSCredential>] [-Limit <Int32>] [-SearchRoot <String>] [-Filter <String[]>]
[-BaseFilter <String>] [-Properties <String[]>] [-PageSize <Int32>] [-SearchScope <String>]
[-SecurityMask <String[]>] [-TombStone] [-ChangeLogicOrder] [-ModifiedAfter <DateTime>]
[-ModifiedBefore <DateTime>] [-CreatedAfter <DateTime>] [-CreatedBefore <DateTime>] [-DontJoinAttributeValues]
[-IncludeAllProperties] [-IncludeNullProperties] [-ExpandUAC] [-Raw] [-ResultsAs <String>] [-LiteralFilter]
DESCRIPTION
Get Account objects in a given directory service. This is just a fancy wrapper for get-dsobject.
EXAMPLES
-------------------------- EXAMPLE 1 --------------------------
Get-DSUser -Enabled -PasswordNeverExpires
Retrieves all users that are enabled and have passwords that never expire.
-------------------------- EXAMPLE 2 --------------------------
Get-DSUser -Enabled -PasswordNeverExpires -ExpandUAC -IncludeAllProperties
Same as above but including all user properties and UAC property expansion
-------------------------- EXAMPLE 3 --------------------------
Get-DSUser -Enabled -PasswordNeverExpires -ExpandUAC -Properties 'Name','Useraccountcontrol'
Same as above but with a reduced number of properties (which VASTLY speeds up results)
PARAMETERS
-DotNotAllowDelegation
Account is not setup for delegation
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-AllowDelegation
Account is setup for delegation
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-UnconstrainedDelegation
Account is set for unconstrained delegation
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-LogOnAfter
Account was logged on after this time. Filters against lastlogontimestamp so this is only valid for timestamps over 14 days old.
Type: DateTime
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-LogOnBefore
Account was logged on before this time. Filters against lastlogontimestamp so this is only valid for timestamps over 14 days old.
Type: DateTime
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-NoPasswordRequired
Account has no password required set
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-PasswordNeverExpires
Account has a never expiring password
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-Disabled
Account is disabled
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-Enabled
Account is enabled
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-AdminCount
AdminCount is 1 or greater
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-ServiceAccount
Account is a service account
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-MustChangePassword
Account must change password
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-Locked
Account is locked
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-BaseFilter
Immutable base ldap filter to use.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ChangeLogicOrder
Use logical OR instead of AND for custom LDAP filters.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ComputerName
Domain controller to use for this search.
Type: String
Parameter Sets: (All)
Aliases: Server, ServerName
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-CreatedAfter
Only include objects created after this date.
Type: DateTime
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-CreatedBefore
Only include objects created before this date.
Type: DateTime
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Credential
Credentials to connect with.
Type: PSCredential
Parameter Sets: (All)
Aliases: Creds
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-DontJoinAttributeValues
Do not joine attribute values in output.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ExpandUAC
Expand useraccountcontroll property (if it exists).
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Filter
LDAP filters to use.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Identity
Object to retreive.
Type: String
Parameter Sets: (All)
Aliases: sAMAccountName, distinguishedName
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
-IncludeAllProperties
Include all properties that have a value
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-IncludeNullProperties
Include null property values
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Limit
Limit results. If zero there is no limit.
Type: Int32
Parameter Sets: (All)
Aliases: SizeLimit
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-LiteralFilter
Escapes special characters in the filter ()/*`0
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ModifiedAfter
Only include objects modified after this date.
Type: DateTime
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ModifiedBefore
Only include objects modified before this date.
Type: DateTime
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-PageSize
Page size for larger results.
Type: Int32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Properties
LDAP properties to return
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Raw
Do no property transformations in output.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ResultsAs
How you want the results to be returned.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-SearchRoot
Root path to search.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-SearchScope
Type of search.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-SecurityMask
Security mask for search.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-TombStone
Include tombstone objects.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
INPUTS
OUTPUTS
NOTES
Author: Zachary Loeber