Mark Minasi's Reader Forum
Mark Minasi's Reader Forum
Home | Profile | Register | Active Topics | Active Polls | Members | Search | FAQ | Minasi Forum RSS Feed
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 General Forum
 Miscellany (Technical)
 Search-ADAccount, Top to Bottom		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

JSCLMEDAVE
Administrator

USA
6116 Posts
Status: offline
Posted - 04/26/2012 :  2:09:26 PM  Show Profile  Visit JSCLMEDAVE's Homepage  Click to see JSCLMEDAVE's MSN Messenger address  Reply with Quote
Good article from Mark…


April 26, 2012 12:57 PM
Search-ADAccount, Top to Bottom
This command is a terrific way to discover troubled accounts, and it can help solve many Active Directory cleanup problems
Tim-

“This too shall pass"

JSCLMEDAVE
Administrator

USA
6116 Posts
Status: offline
Posted - 05/09/2012 :  5:32:10 PM  Show Profile  Visit JSCLMEDAVE's Homepage  Click to see JSCLMEDAVE's MSN Messenger address  Reply with Quote
FYI..!

The first thing to do is to import the ActiveDirectory module by using the Import-Module cmdlet. This command is shown here:

Import-Module activedirectory


Example: Once the module is imported, use the Search-ADAccount cmdlet with the lockedout parameter. This command is shown here:

Search-ADAccount –LockedOut


PS C:\Users\TimBolton> Get-Help Search-ADAccount
NAME
Search-ADAccount
SYNOPSIS
Gets Active Directory user, computer, or service accounts.

SYNTAX
Search-ADAccount -AccountDisabled <switch> [-AuthType {Negotiate | Basic}] [-ComputersOnly <switch>] [-Credential <
PSCredential>] [-ResultPageSize <int>] [-ResultSetSize <System.Nullable[int]>] [-SearchBase <string>] [-SearchScope
{Base | OneLevel | Subtree}] [-Server <string>] [-UsersOnly <switch>] [<CommonParameters>]

Search-ADAccount -AccountExpired <switch> [-AuthType {Negotiate | Basic}] [-ComputersOnly <switch>] [-Credential <P
SCredential>] [-ResultPageSize <int>] [-ResultSetSize <System.Nullable[int]>] [-SearchBase <string>] [-SearchScope
{Base | OneLevel | Subtree}] [-Server <string>] [-UsersOnly <switch>] [<CommonParameters>]

Search-ADAccount -AccountExpiring <switch> [-DateTime <DateTime>] [-TimeSpan <TimeSpan>] [-AuthType {Negotiate | Ba
sic}] [-ComputersOnly <switch>] [-Credential <PSCredential>] [-ResultPageSize <int>] [-ResultSetSize <System.Nullab
le[int]>] [-SearchBase <string>] [-SearchScope {Base | OneLevel | Subtree}] [-Server <string>] [-UsersOnly <switch>
] [<CommonParameters>]

Search-ADAccount -AccountInactive <switch> [-DateTime <DateTime>] [-TimeSpan <TimeSpan>] [-AuthType {Negotiate | Ba
sic}] [-ComputersOnly <switch>] [-Credential <PSCredential>] [-ResultPageSize <int>] [-ResultSetSize <System.Nullab
le[int]>] [-SearchBase <string>] [-SearchScope {Base | OneLevel | Subtree}] [-Server <string>] [-UsersOnly <switch>
] [<CommonParameters>]

Search-ADAccount -LockedOut [-AuthType {Negotiate | Basic}] [-ComputersOnly <switch>] [-Credential <PSCredential>]
[-ResultPageSize <int>] [-ResultSetSize <System.Nullable[int]>] [-SearchBase <string>] [-SearchScope {Base | OneLev
el | Subtree}] [-Server <string>] [-UsersOnly <switch>] [<CommonParameters>]

Search-ADAccount -PasswordExpired <switch> [-AuthType {Negotiate | Basic}] [-ComputersOnly <switch>] [-Credential <
PSCredential>] [-ResultPageSize <int>] [-ResultSetSize <System.Nullable[int]>] [-SearchBase <string>] [-SearchScope
{Base | OneLevel | Subtree}] [-Server <string>] [-UsersOnly <switch>] [<CommonParameters>]

Search-ADAccount -PasswordNeverExpires <switch> [-AuthType {Negotiate | Basic}] [-ComputersOnly <switch>] [-Credent
ial <PSCredential>] [-ResultPageSize <int>] [-ResultSetSize <System.Nullable[int]>] [-SearchBase <string>] [-Search
Scope {Base | OneLevel | Subtree}] [-Server <string>] [-UsersOnly <switch>] [<CommonParameters>]


DESCRIPTION
The Search-ADAccount cmdlet retrieves one or more user, computer, or service accounts that meet the criteria specif
ied by the parameters. Search criteria include account and password status. For example, you can search for all acc
ounts that have expired by specifying the AccountExpired parameter. Similarly, you can search for all accounts with
an expired password by specifying the PasswordExpired parameter. You can limit the search to user accounts by spec
ifying the UsersOnly parameter. Similarly, when you specify the ComputersOnly parameter, the cmdlet only retrieves
computer accounts.

Some search parameters, such as AccountExpiring and AccountInactive use a default time that you can change by speci
fying the DateTime or TimeSpan parameter. The DateTime parameter specifies a distinct time. The TimeSpan parameter
specifies a time range from the current time. For example, to search for all accounts that expire in 10 days, speci
fy the AccountExpiring and TimeSpan parameter and set the value of TimeSpan to "10.00:00:00". To search for all acc
ounts that expire before December 31, 2012, set the DateTime parameter to "12/31/2012".


RELATED LINKS
Online version: http://go.microsoft.com/fwlink/?LinkID=144989
Enable-ADAccount
Disable-ADAccount
Unlock-ADAccount
Set-ADAccountControl
Set-ADAccountExpiration
Clear-ADAccountExpiration
Set-ADAccountPassword
Get-ADAccountResultantPasswordReplicationPolicy

REMARKS
To see the examples, type: "get-help Search-ADAccount -examples".
For more information, type: "get-help Search-ADAccount -detailed".
For technical information, type: "get-help Search-ADAccount -full".
Tim-

“This too shall pass"
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Mark Minasi's Reader Forum © 2002-2011 Mark Minasi Go To Top Of Page
This page was generated in 0.14 seconds. Snitz Forums 2000