#
Get-ADUser
PowerShell command to find Active Directory users and their properties.
#
Get a user's SID
Get-ADUser -server IP.OF.A.DOMAIN-CONTROLLER -Identity someuser -Properties SID | Select-Object SID
#
Pull all high priv groups and show pwdLastSet time in human-readable format
# Define the groups to search for
$groups = "Administrators", "Domain Admins", "Enterprise Admins"
# Retrieve the members of these groups
$members = foreach ($group in $groups) {
Get-ADGroupMember -server 1.2.3.4 -Identity $group -Recursive
}
# Remove duplicates and filter user accounts only
$uniqueMembers = $members | Select-Object -Unique | Where-Object { $_.objectClass -eq 'user' }
# Get user details, filter by enabled users, and sort by pwdLastSet, converting pwdLastSet to human-readable format
$results = $uniqueMembers | ForEach-Object {
$user = Get-ADUser -server 1.2.3.4 -Identity $_.SamAccountName -Properties pwdLastSet, Enabled
if ($user.Enabled) {
[PSCustomObject]@{
SamAccountName = $user.SamAccountName
PwdLastSet = if ($user.pwdLastSet) { [datetime]::FromFileTime($user.pwdLastSet) } else { $null }
}
}
} | Where-Object { $_ -ne $null } | Sort-Object -Property PwdLastSet
# Output the results
$results