You can specify a particular OU to search:
get-aduser -filter {(PasswordNeverExpires -eq $True)} -SearchBase “OU=Users,OU=Accounts,DC=Contoso,DC=Com” -Properties * | ft Name,PasswordLastSet,PasswordExpired -AutoSize
Or find all Active Directory user objects by removing the SEARCHBASE criteria:
get-aduser -filter {(PasswordNeverExpires -eq $True)} -Properties * | ft Name,PasswordLastSet,PasswordExpired -AutoSize
Enjoy!
I put together this script due to an ongoing AD account cleanup project and needed to put together a report of what was deleted from a particular date range.
*Will only work if the Active Directory Recycle Bin is enabled in your domain.*
write-host -ForegroundColor Cyan “Getting deleted AD objects from date specified”
$StartTime = read-host ” Enter start date in this format: 2/1/2015″
$EndTime = read-host “Enter end date in this format: 2/10/2015”
$Deleted = @()
$Deleted = Get-ADObject -Filter {(isdeleted -eq $true) -and (name -ne “Deleted Objects”)} -includeDeletedObjects -property whenChanged,LastKnownParent |
Where-Object {$_.whenChanged -ge $StartTime -and $_.whenChanged -le $EndTime} |
Select @{ Name=’UserName’; Expression={$_.Name}}, @{
Name=’LastLocation’; Expression={$_.LastKnownParent}}, @{
Name=’Deleted’;Expression={$_.whenChanged}} | sort whenChanged -Descending
$Deleted | out-gridview
Or, you can simply run this line below. Although, two interesting things to note here:
1. The information is truncated. And, setting the variable $FormatEnumerationLimit to =-1 doesn’t affect the truncated information.
2. Curious that it displays same day deletions except the above script. The above script is filtering for objects that have “isDeleted” attribute set to “True” and that object is found in “Deleted Objects’ container. The line below is using the “SearchBase” parameter and specifying the “Deleted Objects” DN path. Something might tweak to test this outcome.
Get-ADObject -SearchBase “CN=Deleted Objects,DC=hq,DC=crabel,DC=com” -Filter * -IncludeDeletedObjects -Properties LastKnownParent, whenChanged | Sort whenChanged -Descending | ft Name,whenChanged,LastKnownParent
Enjoy!
A quick one liner on how to discover services that are “running” or “stopped”.
Get-Service | where {$_.Status -eq “Running”}
This will give you all Windows services that are in a “running” state. The line gives you all services and pipes it to the “where” filter for a condition. That condition is to find all services where that have a “status” that is “equal” (-eq) to “running”.
To find all services that are not running or stopped, just simply change the “equal” condition to “not equal”
Get-Service | where {$_.Status -ne “Running”}
Or, another way, would be to simply keep the “-eq” condition and change the “status” to “STOPPED” to give you all services that are not running.
Need to know how many user accounts are in your domain?
*Before running command, make sure you have the Active Directory module imported.*
(Get-ADUser -filter *).count
Conversely, you can specify a particular OU.
(Get-ADUser -searchbase “OU=Accounts,DC=Contoso,DC=Com” -filter *).count
Enjoy!
"The more I learn, the more I realize how much I don't know." - Albert Einstein 