How to Script the Export/Modify of Active Directory Objects Attributes
DSQUERY
Dsquery * -limit 0 -filter "&(objectClass=User)(objectCategory=Person)" -attr * >>AllUsers.txt
Powershell
Get-ADUser -Filter * -property
Get-ADUser -F * -PR *
Quest Powershell Script
Get-QADUser -Name * -sizelimit 0 | select givenName,sn,name,PasswordExpires | Export-CSV c:\pass_exp.csv
Find some specific attributes for a OU users using powershell
PS C:\> get-aduser -f * -Searchbase "ou=powershell,dc=contoso,dc=com" -pr SamAccountName,PasswordExpired,whenChanged,UserPrincipalName
Find users attributes (Users input from a Text file)PS C:\> get-content c:\users.txt | get-aduser -pr SamAccountName,PasswordExpired,whenChanged,UserPrincipalName
DistinguishedName : CN=rock,CN=Users,DC=contoso,DC=com
Enabled : True
GivenName : rock
Name : rock
ObjectClass : user
ObjectGUID : 57bcbc28-c46a-4ba3-8cad-db4eada9230e
PasswordExpired : True
SamAccountName : rock
SID : S-1-5-21-359348832-1345755819-277917231-1109
Surname :
UserPrincipalName : rock@contoso.com
whenChanged : 9/19/2013 7:51:09 AM
DistinguishedName : CN=Administrator,CN=Users,DC=contoso,DC=com
Enabled : True
GivenName :
Name : Administrator
ObjectClass : user
ObjectGUID : d7d91e0a-e25d-4adc-8c70-8197afd698e4
PasswordExpired : False
SamAccountName : Administrator
SID : S-1-5-21-359348832-1345755819-277917231-500
Surname :
UserPrincipalName :
whenChanged : 9/10/2013 7:37:38 AM
DistinguishedName : CN=copy,CN=Users,DC=contoso,DC=com
Enabled : True
GivenName : copy
Name : copy
ObjectClass : user
ObjectGUID : e3867e09-2f04-4238-aa36-aa1c83323d08
PasswordExpired : True
SamAccountName : copy
SID : S-1-5-21-359348832-1345755819-277917231-1106
Surname :
UserPrincipalName : copy@contoso.com
whenChanged : 9/3/2013 4:19:17 PM
Below example for user attributes
001.AccountExpirationDate :
002.accountExpires : 9223372036854775807
003.AccountLockoutTime :
004.AccountNotDelegated : False
005.AllowReversiblePasswordEncryption : False
006.BadLogonCount : 0
007.badPasswordTime : 0
008.badPwdCount : 0
009.CannotChangePassword : False
010.CanonicalName : contoso.com/Powershell/Ankur Seth
011.Certificates : {}
012.City :
013.CN : Ankur Seth
014.codePage : 0
015.Company :
016.CompoundIdentitySupported : {}
017.Country :
018.countryCode : 0
019.Created : 5/24/2013 11:50:43 PM
020.createTimeStamp : 5/24/2013 11:50:43 PM
021.Deleted :
022.Department :
023.Description : ADMIN
024.DisplayName : Ankur Seth
025.DistinguishedName : CN=Ankur Seth,OU=Powershell,DC=contoso,DC=com
026.Division :
027.DoesNotRequirePreAuth : False
028.dSCorePropagationData : {12/31/1600 4:00:00 PM}
029.EmailAddress :
030.EmployeeID :
031.EmployeeNumber :
032.Enabled : True
033.Fax :
034.GivenName : Ankur
035.HomeDirectory :
036.HomedirRequired : False
037.HomeDrive :
038.HomePage :
039.HomePhone :
040.Initials :
041.instanceType : 4
042.isDeleted :
043.KerberosEncryptionType : {}
044.LastBadPasswordAttempt :
045.LastKnownParent :
046.lastLogoff : 0
047.lastLogon : 0
048.LastLogonDate :
049.LockedOut : False
050.logonCount : 0
051.LogonWorkstations :
052.Manager :
053.MemberOf : {}
054.MNSLogonAccount : False
055.MobilePhone :
056.Modified : 5/24/2013 11:56:24 PM
057.modifyTimeStamp : 5/24/2013 11:56:24 PM
058.msDS-User-Account-Control-Computed : 8388608
059.Name : Ankur Seth
060.nTSecurityDescriptor : System.DirectoryServices.ActiveDirectorySecurity
061.ObjectCategory : CN=Person,CN=Schema,CN=Configuration,DC=contoso,DC=com
062.ObjectClass : user
063.ObjectGUID : cd1f097f-8c54-4988-9bcd-ced6cb954e9c
064.objectSid : S-1-5-21-3894563728-440662116-3668880775-1105
065.Office :
066.OfficePhone :
067.Organization :
068.OtherName :
069.PasswordExpired : True
070.PasswordLastSet :
071.PasswordNeverExpires : False
072.PasswordNotRequired : False
073.POBox :
074.PostalCode :
075.PrimaryGroup : CN=Domain Users,CN=Users,DC=contoso,DC=com
076.primaryGroupID : 513
077.PrincipalsAllowedToDelegateToAccount : {}
078.ProfilePath :
079.ProtectedFromAccidentalDeletion : False
080.pwdLastSet : 0
081.SamAccountName : ASeth
082.sAMAccountType : 805306368
083.ScriptPath :
084.sDRightsEffective : 15
085.ServicePrincipalNames : {}
086.SID : S-1-5-21-3894563728-440662116-3668880775-1105
087.SIDHistory : {}
088.SmartcardLogonRequired : False
089.sn : Seth
090.State :
091.StreetAddress :
092.Surname : Seth
093.Title :
094.TrustedForDelegation : False
095.TrustedToAuthForDelegation : False
096.UseDESKeyOnly : False
097.userAccountControl : 512
098.userCertificate : {}
099.UserPrincipalName : ASeth@contoso.com
100.uSNChanged : 28712
101.uSNCreated : 28705
102.whenChanged : 5/24/2013 11:56:24 PM
103.whenCreated : 5/24/2013 11:50:43 PM
How to reset the passwords for some specific users
Get-Content C:\Users.txt | Get-ADUser | Set-ADAccountPassword -NewPassword (ConvertTo-SecureString -AsPlainText monster@me123 -Force)
How to update the manager field for bulk users.
Get-Content C:\Users.txt | Get-ADUser | Set-ADUser -Manager "Biswajit"
How to update "ProfilePath","homeDrive" & "HomeDirectory" based on a input file.Get-Content users.txt | ForEach-Object {
Set-ADUser -Identity $_ -ProfilePath "\\WIN-85IOGS94Q68\profile\$_" -homedrive "Y:" -homedirectory "\\WIN-85IOGS94Q68\netshare\$_"
}
Find Users exist in AD or Not.
$users = get-content c:\users.txt
foreach ($user in $users) {
$User = Get-ADUser -Filter {(samaccountname -eq $user)}
If ($user -eq $Null) {"User does not exist in AD ($user)" }
Else {"User found in AD ($user)"}
}
Find users are enabled and have E-Mail and Homedirectory and PasswordExpired -eq false
PS C:\> Get-ADUser -Filter {(enabled -eq $true) -and (EmailAddress -like "*") -and (Homedirectory -like "*") -and (PasswordExpired -eq $false)}
Also finding the Groupmembership.
PS C:\> Get -ADUser -Filter {(enabled -eq $true) -and (EmailAddress -like "*" ) -and (Homedirectory -like "*" ) -and
(PasswordExpired -eq $false) -and (MemberOf -eq "CN=rock2,OU=win7,DC=Jaihanuman,DC=net" )}
DistinguishedName : CN=test1,OU=win7,DC=Jaihanuman,DC=net
Enabled : True
GivenName : test1
Name : test1
ObjectClass : user
ObjectGUID : 5cf0d339-2c51-470a-8aaa-164a5363701a
SamAccountName : test1
SID : S-1-5-21-21944202-3218234477-1901693054-1104
Surname :
UserPrincipalName : test1@Jaihanuman.net
DistinguishedName : CN=test2,OU=win7,DC=Jaihanuman,DC=net
Enabled : True
GivenName : test2
Name : test2
ObjectClass : user
ObjectGUID : 05b45363-08ce-4346-a81e-c722bd8540ec
SamAccountName : test2
SID : S-1-5-21-21944202-3218234477-1901693054-1105
Surname :
UserPrincipalName : test2@Jaihanuman.net
Which commands are in the Active Directory module
001.PS C:\> get-command -module ActiveDirectory
002.
003.CommandType Name ModuleName
004.----------- ---- ----------
005.Cmdlet Add-ADCentralAccessPolicyMember ActiveDirectory
006.Cmdlet Add-ADComputerServiceAccount ActiveDirectory
007.Cmdlet Add-ADDomainControllerPasswordReplicationPolicy ActiveDirectory
008.Cmdlet Add-ADFineGrainedPasswordPolicySubject ActiveDirectory
009.Cmdlet Add-ADGroupMember ActiveDirectory
010.Cmdlet Add-ADPrincipalGroupMembership ActiveDirectory
011.Cmdlet Add-ADResourcePropertyListMember ActiveDirectory
012.Cmdlet Clear-ADAccountExpiration ActiveDirectory
013.Cmdlet Clear-ADClaimTransformLink ActiveDirectory
014.Cmdlet Disable-ADAccount ActiveDirectory
015.Cmdlet Disable-ADOptionalFeature ActiveDirectory
016.Cmdlet Enable-ADAccount ActiveDirectory
017.Cmdlet Enable-ADOptionalFeature ActiveDirectory
018.Cmdlet Get-ADAccountAuthorizationGroup ActiveDirectory
019.Cmdlet Get-ADAccountResultantPasswordReplicationPolicy ActiveDirectory
020.Cmdlet Get-ADCentralAccessPolicy ActiveDirectory
021.Cmdlet Get-ADCentralAccessRule ActiveDirectory
022.Cmdlet Get-ADClaimTransformPolicy ActiveDirectory
023.Cmdlet Get-ADClaimType ActiveDirectory
024.Cmdlet Get-ADComputer ActiveDirectory
025.Cmdlet Get-ADComputerServiceAccount ActiveDirectory
026.Cmdlet Get-ADDCCloningExcludedApplicationList ActiveDirectory
027.Cmdlet Get-ADDefaultDomainPasswordPolicy ActiveDirectory
028.Cmdlet Get-ADDomain ActiveDirectory
029.Cmdlet Get-ADDomainController ActiveDirectory
030.Cmdlet Get-ADDomainControllerPasswordReplicationPolicy ActiveDirectory
031.Cmdlet Get-ADDomainControllerPasswordReplicationPolicy... ActiveDirectory
032.Cmdlet Get-ADFineGrainedPasswordPolicy ActiveDirectory
033.Cmdlet Get-ADFineGrainedPasswordPolicySubject ActiveDirectory
034.Cmdlet Get-ADForest ActiveDirectory
035.Cmdlet Get-ADGroup ActiveDirectory
036.Cmdlet Get-ADGroupMember ActiveDirectory
037.Cmdlet Get-ADObject ActiveDirectory
038.Cmdlet Get-ADOptionalFeature ActiveDirectory
039.Cmdlet Get-ADOrganizationalUnit ActiveDirectory
040.Cmdlet Get-ADPrincipalGroupMembership ActiveDirectory
041.Cmdlet Get-ADReplicationAttributeMetadata ActiveDirectory
042.Cmdlet Get-ADReplicationConnection ActiveDirectory
043.Cmdlet Get-ADReplicationFailure ActiveDirectory
044.Cmdlet Get-ADReplicationPartnerMetadata ActiveDirectory
045.Cmdlet Get-ADReplicationQueueOperation ActiveDirectory
046.Cmdlet Get-ADReplicationSite ActiveDirectory
047.Cmdlet Get-ADReplicationSiteLink ActiveDirectory
048.Cmdlet Get-ADReplicationSiteLinkBridge ActiveDirectory
049.Cmdlet Get-ADReplicationSubnet ActiveDirectory
050.Cmdlet Get-ADReplicationUpToDatenessVectorTable ActiveDirectory
051.Cmdlet Get-ADResourceProperty ActiveDirectory
052.Cmdlet Get-ADResourcePropertyList ActiveDirectory
053.Cmdlet Get-ADResourcePropertyValueType ActiveDirectory
054.Cmdlet Get-ADRootDSE ActiveDirectory
055.Cmdlet Get-ADServiceAccount ActiveDirectory
056.Cmdlet Get-ADTrust ActiveDirectory
057.Cmdlet Get-ADUser ActiveDirectory
058.Cmdlet Get-ADUserResultantPasswordPolicy ActiveDirectory
059.Cmdlet Install-ADServiceAccount ActiveDirectory
060.Cmdlet Move-ADDirectoryServer ActiveDirectory
061.Cmdlet Move-ADDirectoryServerOperationMasterRole ActiveDirectory
062.Cmdlet Move-ADObject ActiveDirectory
063.Cmdlet New-ADCentralAccessPolicy ActiveDirectory
064.Cmdlet New-ADCentralAccessRule ActiveDirectory
065.Cmdlet New-ADClaimTransformPolicy ActiveDirectory
066.Cmdlet New-ADClaimType ActiveDirectory
067.Cmdlet New-ADComputer ActiveDirectory
068.Cmdlet New-ADDCCloneConfigFile ActiveDirectory
069.Cmdlet New-ADFineGrainedPasswordPolicy ActiveDirectory
070.Cmdlet New-ADGroup ActiveDirectory
071.Cmdlet New-ADObject ActiveDirectory
072.Cmdlet New-ADOrganizationalUnit ActiveDirectory
073.Cmdlet New-ADReplicationSite ActiveDirectory
074.Cmdlet New-ADReplicationSiteLink ActiveDirectory
075.Cmdlet New-ADReplicationSiteLinkBridge ActiveDirectory
076.Cmdlet New-ADReplicationSubnet ActiveDirectory
077.Cmdlet New-ADResourceProperty ActiveDirectory
078.Cmdlet New-ADResourcePropertyList ActiveDirectory
079.Cmdlet New-ADServiceAccount ActiveDirectory
080.Cmdlet New-ADUser ActiveDirectory
081.Cmdlet Remove-ADCentralAccessPolicy ActiveDirectory
082.Cmdlet Remove-ADCentralAccessPolicyMember ActiveDirectory
083.Cmdlet Remove-ADCentralAccessRule ActiveDirectory
084.Cmdlet Remove-ADClaimTransformPolicy ActiveDirectory
085.Cmdlet Remove-ADClaimType ActiveDirectory
086.Cmdlet Remove-ADComputer ActiveDirectory
087.Cmdlet Remove-ADComputerServiceAccount ActiveDirectory
088.Cmdlet Remove-ADDomainControllerPasswordReplicationPolicy ActiveDirectory
089.Cmdlet Remove-ADFineGrainedPasswordPolicy ActiveDirectory
090.Cmdlet Remove-ADFineGrainedPasswordPolicySubject ActiveDirectory
091.Cmdlet Remove-ADGroup ActiveDirectory
092.Cmdlet Remove-ADGroupMember ActiveDirectory
093.Cmdlet Remove-ADObject ActiveDirectory
094.Cmdlet Remove-ADOrganizationalUnit ActiveDirectory
095.Cmdlet Remove-ADPrincipalGroupMembership ActiveDirectory
096.Cmdlet Remove-ADReplicationSite ActiveDirectory
097.Cmdlet Remove-ADReplicationSiteLink ActiveDirectory
098.Cmdlet Remove-ADReplicationSiteLinkBridge ActiveDirectory
099.Cmdlet Remove-ADReplicationSubnet ActiveDirectory
100.Cmdlet Remove-ADResourceProperty ActiveDirectory
101.Cmdlet Remove-ADResourcePropertyList ActiveDirectory
102.Cmdlet Remove-ADResourcePropertyListMember ActiveDirectory
103.Cmdlet Remove-ADServiceAccount ActiveDirectory
104.Cmdlet Remove-ADUser ActiveDirectory
105.Cmdlet Rename-ADObject ActiveDirectory
106.Cmdlet Reset-ADServiceAccountPassword ActiveDirectory
107.Cmdlet Restore-ADObject ActiveDirectory
108.Cmdlet Search-ADAccount ActiveDirectory
109.Cmdlet Set-ADAccountControl ActiveDirectory
110.Cmdlet Set-ADAccountExpiration ActiveDirectory
111.Cmdlet Set-ADAccountPassword ActiveDirectory
112.Cmdlet Set-ADCentralAccessPolicy ActiveDirectory
113.Cmdlet Set-ADCentralAccessRule ActiveDirectory
114.Cmdlet Set-ADClaimTransformLink ActiveDirectory
115.Cmdlet Set-ADClaimTransformPolicy ActiveDirectory
116.Cmdlet Set-ADClaimType ActiveDirectory
117.Cmdlet Set-ADComputer ActiveDirectory
118.Cmdlet Set-ADDefaultDomainPasswordPolicy ActiveDirectory
119.Cmdlet Set-ADDomain ActiveDirectory
120.Cmdlet Set-ADDomainMode ActiveDirectory
121.Cmdlet Set-ADFineGrainedPasswordPolicy ActiveDirectory
122.Cmdlet Set-ADForest ActiveDirectory
123.Cmdlet Set-ADForestMode ActiveDirectory
124.Cmdlet Set-ADGroup ActiveDirectory
125.Cmdlet Set-ADObject ActiveDirectory
126.Cmdlet Set-ADOrganizationalUnit ActiveDirectory
127.Cmdlet Set-ADReplicationConnection ActiveDirectory
128.Cmdlet Set-ADReplicationSite ActiveDirectory
129.Cmdlet Set-ADReplicationSiteLink ActiveDirectory
130.Cmdlet Set-ADReplicationSiteLinkBridge ActiveDirectory
131.Cmdlet Set-ADReplicationSubnet ActiveDirectory
132.Cmdlet Set-ADResourceProperty ActiveDirectory
133.Cmdlet Set-ADResourcePropertyList ActiveDirectory
134.Cmdlet Set-ADServiceAccount ActiveDirectory
135.Cmdlet Set-ADUser ActiveDirectory
136.Cmdlet Sync-ADObject ActiveDirectory
137.Cmdlet Test-ADServiceAccount ActiveDirectory
138.Cmdlet Uninstall-ADServiceAccount ActiveDirectory
139.Cmdlet Unlock-ADAccount ActiveDirectory
Active Directory Administration with Windows PowerShell
http://technet.microsoft.com/en-us/library/dd378937%28v=ws.10%29.aspx
See Also
Active Directory: Get-ADUser Default and Extended Properties - Blogged by Richard Mueller
ADDS PowerShell (CMDLET , ADSI & .Net) to Expedite Your Tasks
Regards
Biswajit Biswas
My Blogs|TechnetWiki Ninja 
