# Get-ADUser

Published 2025-03-18

PowerShell command to find Active Directory users and their properties.

# Get a user's SID

Get-ADUser -server IP.OF.A.DOMAIN-CONTROLLER -Identity someuser -Properties SID | Select-Object SID

# Pull all high priv groups and show pwdLastSet time in human-readable format

# Define the groups to search for
$groups = "Administrators", "Domain Admins", "Enterprise Admins"

# Retrieve the members of these groups
$members = foreach ($group in $groups) {
    Get-ADGroupMember -server 1.2.3.4 -Identity $group -Recursive
}

# Remove duplicates and filter user accounts only
$uniqueMembers = $members | Select-Object -Unique | Where-Object { $_.objectClass -eq 'user' }

# Get user details, filter by enabled users, and sort by pwdLastSet, converting pwdLastSet to human-readable format
$results = $uniqueMembers | ForEach-Object {
    $user = Get-ADUser -server 1.2.3.4 -Identity $_.SamAccountName -Properties pwdLastSet, Enabled
    if ($user.Enabled) {
        [PSCustomObject]@{
            SamAccountName = $user.SamAccountName
            PwdLastSet     = if ($user.pwdLastSet) { [datetime]::FromFileTime($user.pwdLastSet) } else { $null }
        }
    }
} | Where-Object { $_ -ne $null } | Sort-Object -Property PwdLastSet

# Output the results
$results