Share via

Active Directory: Get-ADComputer Default and Extended Properties

  • Article

The concept of default and extended properties available with the PowerShell Active Directory cmdlets are defined in Active Directory: PowerShell AD Module Properties. The PowerShell Get-ADComputer cmdlet supports the default and extended properties in the following table. Many can be assigned values with the Set-ADComputer cmdlet. In the table, default properties are shown with the property name highlighted in cyan. Extended properties are highlighted in pink.
 

Property Syntax R/RW lDAPDisplayName
AccountExpirationDate DateTime RW accountExpires, local time
AccountLockoutTime DateTime RW lockoutTime, local time
AccountNotDelegated Boolean RW userAccountControl (bit mask 1048576)
AllowReversiblePasswordEncryption Boolean RW userAccountControl (bit mask 128)
BadLogonCount Int32 R badPwdCount
CannotChangePassword Boolean RW nTSecurityDescriptor
CanonicalName String R canonicalName
Certificates ADCollection RW userCertificate
CN String R cn
Created DateTime R whenCreated
Deleted Boolean R isDeleted
Description String RW description
DisplayName String RW displayName
DistinguishedName String (DN) R distinguishedName
DNSHostName String RW dNSHostName
DoesNotRequirePreAuth Boolean RW userAccountControl (bit mask 4194304)
Enabled Boolean RW userAccountControl (bit mask not 2)
HomedirRequired Boolean RW userAccountControl (bit mask 8)
HomePage String RW wWWHomePage
IPv4Address String R See Note 1
IPv6Address String R See Note 1
LastBadPasswordAttempt DateTime R badPasswordTime, local time
LastKnownParent String (DN) R lastKnownParent
LastLogonDate DateTime R lastLogonTimeStamp, local time
Location String RW location
LockedOut Boolean RW msDS-User-Account-Control-Computed (bit mask 16)
ManagedBy String (DN) RW managedBy
MemberOf ADCollection R memberOf
MNSLogonAccount Boolean RW userAccountControl (bit mask 131072)
Modified DateTime R whenChanged
Name String R cn (Relative Distinguished Name)
ObjectCategory String R objectCategory
ObjectClass String R objectClass, most specific value
ObjectGUID Guid R objectGUID converted to string
OperatingSystem String RW operatingSystem
OperatingSystemHotfix String RW operatingSystemHotFix
OperatingSystemServicePack String RW operatingSystemServicePack
OperatingSystemVersion String RW operatingSystemVersion
PasswordExpired Boolean RW msDS-User-Account-Control-Computed (bit mask 8388608)
PasswordLastSet DateTime RW pwdLastSet, local time
PasswordNeverExpires Boolean RW userAccountControl (bit mask 65536)
PasswordNotRequired Boolean RW userAccountControl (bit mask 32)
PrimaryGroup String R Group with primaryGroupToken
ProtectedFromAccidentalDeletion Boolean RW nTSecurityDescriptor
SamAccountName String RW sAMAccountName
ServiceAccount ADCollection RW msDS-HostServiceAccount
ServicePrincipalNames ADCollection RW servicePrincipalName
SID Sid R objectSID converted to string
SIDHistory ADCollection R sIDHistory
TrustedForDelegation Boolean RW userAccountControl (bit mask 524288)
TrustedToAuthForDelegation Boolean RW userAccountControl (bit mask 16777216)
UseDESKeyOnly Boolean RW userAccountControl (bit mask 2097152)
UserPrincipalName String RW userPrincipalName

↑ Return to Top

NOTES

  1. There is no attribute of Active Directory computer objects for IP addresses, either IPv4 or IPv6. The Get-ADComputer cmdlet retrieves the addresses from DNS, using [System.Net.Dns]::GetHostEntry($Computer).AddressList, where $Computer is the name of the computer. This returns an array of IP addresses, both IPv4 and IPv6. But only one (or none) of each is returned by either the -IPv4Adress or -IPv6Address properties. See the link regarding IPv4address in the "Other Resources" section.

↑ Return to Top

See Also

↑ Return to Top

Other Resources

↑ Return to Top