Tuesday, May 02, 2017

AD User Properties In PowerShell

I spend a lot of time as a Group Administrator looking after the PowerShell forum over on Spiceworks. The PowerShell group has an active forum  which you can find over at https://community.spiceworks.com/programming/powershell,

One issue that arises often is around getting properties back from a user object in Windows Active Directory. Typically we see posters knowing the GUI interface in Active Directory Users and Computers (ADUC), and wanting to get the same details. Although it is NOT new, I found a great resource the other day: Mappings for the Active Directory Users and Computers Snap-in.

This page, which has numerous subpages, maps the fields you find on the property sheets inside the ADUC MMC snap-in to the properties names you get/set using the Microsoft provided AD cmdlets.

For example, if you have set an Office address on the OU Managed By property sheet, you need to use the Physical-Delivery-Office-Name property from Get-Organizational unit to obtain that information. Likewise, the General Property Page for a user object shows First Name (property givenName), Last Name (sn), and the Display Name (displayName).

This page has links for:

  • Computer Object User Interface Mapping
  • Domain Object User Interface Mapping
  • Group Object User Interface Mapping
  • Object Property Sheet
  • Organizational Unit User Interface Mapping
  • Printer Object User Interface Mapping
  • Shared Folder Object User Interface Mapping
  • User Object User Interface Mapping
If you are working with the AD cmdlets and you need to map what you see in the ADUC GUI to what you need to use in PowerShell.

No comments: