Site icon TOSS

Search-ADAccount

powershell

Search-ADAccount is accessible with the help of addsadministration module. To install addsadministration on your system please refer to this link.

Synopsis

Gets Active Directory user, computer, or service accounts.

Description

The Search-ADAccount cmdlet retrieves one or more user, computer, or service accounts that meet the criteria specified by the parameters. Search criteria include account and password status. For example, you can search for all accounts that have expired by specifying the AccountExpired parameter. Similarly, you can search for all accounts with an expired password by specifying the PasswordExpired parameter. You can limit the search to user accounts by specifying the UsersOnly parameter. Similarly, when you specify the ComputersOnly parameter, the cmdlet only retrieves computer accounts.

Parameters

-AccountDisabled
Specifies a search for accounts that are disabled. An account is disabled when the ADAccount Enabled property is set to false.

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-AccountExpired
Specifies a search for accounts that are expired. An account is expired when the ADAccount AccountExpirationDate property is set to a time in the past. The Lightweight Directory Access Protocol (LDAP) display name (ldapDisplayName) for the AccountExpirationDate property is accountExpires.

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-AccountExpiring
Indicates that this cmdlet searches for accounts that are expiring in a given time period or by a specified time. To specify a time period, use the AccountExpiring parameter with the TimeSpan parameter. To specify a specific time, use the AccountExpiring parameter with the DateTime parameter.

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-AccountInactive
Indicates that this cmdlet searches for accounts that have not logged in within a given time period or since a specified time. To specify a time period, use the TimeSpan parameter. To specify a specific time, use the DateTime parameter. Note that this attribute is only used when the domain is in Windows Server 2003 Domain Functional Level or higher, so this parameter will only work in that mode.

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-AuthType
Specifies the authentication method to use. The acceptable values for this parameter are:

Negotiate or 0
Basic or 1
The default authentication method is Negotiate.

A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.

Type:	ADAuthType
Accepted values:	Negotiate, Basic
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-ComputersOnly
Indicates that this cmdlet searches only computer accounts.


Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Credential
Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.

To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.

If the acting credentials do not have directory-level permission to perform the task, Active Directory module for Windows PowerShell returns a terminating error.

Specifies the credentials for the security context under which the task is performed. If this security context doesn't have directory level permissions to perform the task, then an error is returned by the directory. If running under the context of an Active Directory module for Windows PowerShell provider drive, the credentials information associated with the drive is used as the default value; otherwise, the currently logged on user security context is used.

Type:	PSCredential
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-DateTime
Specifies a distinct time value for Search-ADAccount parameters such as AccountExpiring, AccountInactive, and PasswordExpiring.

Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to midnight local time. If you do not specify a date, the date is assumed to be the current date. The following examples show commonly-used syntax to specify a DateTime object.

"3/16/2020" "Monday, March 16, 2020" "2:22:45 PM" "Monday, March 16, 2020 2:22:45 PM"

These examples specify the same date and the time without the seconds.

"3/16/20202:22 PM" "Monday, March 16, 2020 2:22 PM" "2:22 PM"

The following example shows how to specify a date and time by using the RFC1123 standard. This example defines time by using Greenwich Mean Time (GMT).

"Mon, 17 Apr 2020 21:22:48 GMT"

The following example shows how to specify a value as Coordinated Universal Time (UTC). This example represents Monday, March 16, 2020at 2:22:58 PM UTC.

"2020-03-16T14:22:58.0000000"

The following example shows how to set the AccountExpiring parameter to a DateTime value of January 18, 2020 at 2:00:00 AM.

-AccountExpiring -DateTime "1/18/2020 2:00:00 AM"

Type:	DateTime
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-LockedOut
Indicates that this cmdlet searches for accounts that are locked out.

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-PasswordExpired
Indicates that this cmdlet searches for accounts that have an expired password.

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-PasswordNeverExpires
Indicates that this cmdlet searches for accounts that have a password that does not expire.

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-ResultPageSize
Specifies the number of objects to include in one page for an Active Directory Domain Services query.

The default is 256 objects per page.

Type:	Int32
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-ResultSetSize
Specifies the maximum number of objects to return for an Active Directory Domain Services query. If you want to receive all of the objects, set this parameter to $Null (null value). You can use Ctrl+C to stop the query and return of objects. The default is $Null.

The following example shows how to set this parameter so that you receive all of the returned objects:

-ResultSetSize $Null

Type:	Int32
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-SearchBase
Specifies an Active Directory path to search.

When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive.

When you run a cmdlet outside of an Active Directory provider drive against an Active Directory Domain Services (AD DS) target, the default value of this parameter is the default naming context of the target domain.

When you run a cmdlet outside of an Active Directory provider drive against an Active Directory Lightweight Directory Services (AD LDS) target, the default value is the default naming context of the target AD LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory service agent object nTDSDSA for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value.

The following example shows how to set this parameter to search under an organizational unit.

-SearchBase "ou=mfg,dc=noam,dc=corp,dc=contoso,dc=com"

When the value of the SearchBase parameter is set to an empty string and you are connected to a global catalog port, all partitions are searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a global catalog port, an error is generated.

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-SearchScope
Specifies the scope of an Active Directory search. The acceptable values for this parameter are:

-- Base or 0 -- OneLevel or 1 -- Subtree or 2

A Base query searches only the current path or object. A OneLevel query searches the immediate children of that path or object. A Subtree query searches the current path or object and all children of that path or object.

Type:	ADSearchScope
Accepted values:	Base, OneLevel, Subtree
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-Server
Specifies the Active Directory Domain Services instance to connect to, by providing one of the following values for a corresponding domain name or directory server. The service may be any of the following: Active Directory Lightweight Domain Services, Active Directory Domain Services or Active Directory snapshot instance.

Specify the Active Directory Domain Services instance in one of the following ways:

Domain name values:

Fully qualified domain name
NetBIOS name
Directory server values:

Fully qualified directory server name
NetBIOS name
Fully qualified directory server name and port
The default value for this parameter is determined by one of the following methods in the order that they are listed:

By using the Server value from objects passed through the pipeline
By using the server information associated with the Active Directory Domain ServicesWindows PowerShell provider drive, when the cmdlet runs in that drive
By using the domain of the computer running Windows PowerShell

Type:	String
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-TimeSpan
Specifies a time interval. This parameter is used to specify a time value for Search-ADAccount parameters such as AccountExpiring. Specify the time interval in the following format:

[-]D.H:M:S.F

Copy
where: 

--  D = Days (0 to 10675199) 
-- H = Hours (0 to 23) -- M = Minutes (0 to 59) -- S = Seconds (0 to 59) -- F= Fractions of a second (0 to 9999999)

Note: Time values must be between the following values: -10675199:02:48:05.4775808 and 10675199:02:48:05.4775807.

The following examples show how to set this parameter.

Set the time to 2 days

Copy
-TimeSpan "2" 
Set the time span to the previous 2 days

-TimeSpan "-2"

Set the time to 2 hours

Copy
-TimeSpan "2:00"
For example, to search for all accounts that are expiring in 10 days, specify the AccountExpiring and TimeSpan parameters as follows.

-AccountExpiring -TimeSpan "10"

Type:	TimeSpan
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

-UsersOnly
Indicates that this cmdlet searches for user accounts only.

Type:	SwitchParameter
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

Syntax

Search-ADAccount [-AccountDisabled] [-AuthType <ADAuthType>] [-ComputersOnly] [-Credential <PSCredential>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [-UsersOnly] [<CommonParameters>]

Search-ADAccount [-AccountExpired] [-AuthType <ADAuthType>] [-ComputersOnly] [-Credential <PSCredential>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [-UsersOnly] [<CommonParameters>]

Search-ADAccount [-AccountExpiring] [-AuthType <ADAuthType>] [-ComputersOnly] [-Credential <PSCredential>] [-DateTime <DateTime>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [-TimeSpan <TimeSpan>] [-UsersOnly] [<CommonParameters>]

Search-ADAccount [-AccountInactive] [-AuthType <ADAuthType>] [-ComputersOnly] [-Credential <PSCredential>] [-DateTime <DateTime>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [-TimeSpan <TimeSpan>] [-UsersOnly] [<CommonParameters>]

Search-ADAccount [-AuthType <ADAuthType>] [-ComputersOnly] [-Credential <PSCredential>] [-LockedOut] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [-UsersOnly] [<CommonParameters>]

Search-ADAccount [-AuthType <ADAuthType>] [-ComputersOnly] [-Credential <PSCredential>] [-PasswordExpired] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [-UsersOnly] [<CommonParameters>]

Search-ADAccount [-AuthType <ADAuthType>] [-ComputersOnly] [-Credential <PSCredential>] [-PasswordNeverExpires] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [-UsersOnly] [<CommonParameters>]

————————– EXAMPLE 1 ————————–
C:\PS>Search-ADAccount -AccountDisabled | FT Name,ObjectClass -A

Name            ObjectClass
----            -----------
Guest           user
dsdfsd          user
dsdfsd_54399    user
Amypl-LPTOP     computer
kishoren-DSKTOP computer

Returns all users, computers and service accounts that are disabled.

————————– EXAMPLE 2 ————————–
C:\PS>Search-ADAccount -AccountDisabled -UsersOnly | FT Name,ObjectClass -A

Name         ObjectClass
----         -----------
Guest        user
dsdfsd       user
dsdfsd_51399 user

Returns all users that are disabled.

————————– EXAMPLE 3 ————————–
C:\PS>Search- ADAccount -AccountExpired | FT Name,ObjectClass -A

Name            ObjectClass
----            -----------
Kamal Kumara    user
Hamasa Raja     user
Rajesh Gowda    user

Returns all users, computers and service accounts that are expired.

————————– EXAMPLE 4 ————————–
C:\PS>Search- ADAccount -AccountExpiring -TimeSpan 6.00:00:00 | FT Name,ObjectClass -A

Name           ObjectClass
----           -----------
Julie Chawala  user
Kishore Kumar  user
Raj Kumar      user

Returns all users, computers and service accounts that will expire in the next 6 days.

————————– EXAMPLE 5 ————————–
C:\PS>Search- ADAccount -AccountInactive -TimeSpan 90.00:00:00 | FT Name,ObjectClass -A

Name                        ObjectClass
----                        -----------
TOSSolution-RODC1           computer
Guest                       user
dsdfsd                      user
dsdfsd_54399                user
Amala Kahana                user
Kamlash Raj                 user

Returns all accounts that have been inactive for the last 90 days.

————————– EXAMPLE 6 ————————–
C:\PS>Search- ADAccount -PasswordExpired | FT Name,ObjectClass -A

Name                        ObjectClass
----                        -----------
Ash dev                     user
Samba Shiva                 user
Vijay Kommi                 user

Returns all accounts where the password has expired.

————————– EXAMPLE 7 ————————–
C:\PS>Search- ADAccount -PasswordNeverExpires | FT Name,ObjectClass -A

Name           ObjectClass
----           -----------
Guest          user
Tone Jose      user
Bill Gates     user
Karthik Sri    user

Returns all accounts with a password that will never expire.

————————– EXAMPLE 8 ————————–
C:\PS>Search- ADAccount -LockedOut | FT Name,ObjectClass -A

Name           ObjectClass
----           -----------
Latish kumar       user

Returns all accounts that have been locked out.

————————– EXAMPLE 9 ————————–
C:\PS>Search- ADAccount -AccountDisabled -ComputersOnly | FT Name,ObjectClass -A

Name           ObjectClass
----           -----------
Latishk-PC1       computer

Returns all disabled computer accounts.

————————– EXAMPLE 10 ————————–
C:\PS>Search- ADAccount -AccountExpiring -DateTime “3/18/2020” | FT Name,ObjectClass -A

Name         ObjectClass
----         -----------
NuthanBB       user

Returns all accounts which expire on the 18th of March, 2020.

————————– EXAMPLE 11 ————————–
C:\PS>Search- AdAccount -AccountDisabled -SearchBase “DC=AppNC” -Server “TOSSolution-SRV1:60000”

Enabled               : False
Name                  : KumarGovind
UserPrincipalName     :
PasswordNeverExpires  :
LockedOut             : False
ObjectGUID            : 8den89u7-6e40-42a7-b32c-63d336de296d
ObjectClass           : user
SID                   : S-1-823478283-936115905-2231798853-1260534229-4171027843-767619944
PasswordExpired       : False
LastLogonDate         :
DistinguishedName     : CN=KumarGovind,OU=AccountDeptOU,DC=AppNC
AccountExpirationDate :

Returns all users, computers and service accounts that are disabled in the LDS instance: “TOSSolution-SRV1:60000”.

You can check the Version, CommandType and Source of this cmdlet by giving below command.

Get-Command Search-ADAccount

You can also read about
. Clear-ADAccountExpiration
. Disable-ADAccount
. Enable-ADAccount
. Get-ADAccountResultantPasswordReplicationPolicy
. Set-ADAccountControl
. Set-ADAccountExpiration
. Set-ADAccountPassword
. Unlock-ADAccount

To know more PowerShell cmdlets(Commands) on addsadministration (Active Directory) click here

Click on this Link for an Single place where you get all the PowerShell cmdlet sorted based on the modules.

You can also refer other blogs on PowerShell at link

You can also refer other blogs on Microsoft at link

And also if you required any technology you want to learn, let us know below we will publish them in our site http://tossolution.com/

Like our page in Facebook and follow us for New technical information.

References are taken from Microsoft

Exit mobile version