Search-ADAccount

Gets Active Directory user, computer, or service accounts.

Syntax

Search-ADAccount
      [-AccountDisabled]
      [-AuthType <ADAuthType>]
      [-ComputersOnly]
      [-Credential <PSCredential>]
      [-ResultPageSize <Int32>]
      [-ResultSetSize <Int32>]
      [-SearchBase <String>]
      [-SearchScope <ADSearchScope>]
      [-Server <String>]
      [-UsersOnly]
      [<CommonParameters>]
Search-ADAccount
      [-AccountExpired]
      [-AuthType <ADAuthType>]
      [-ComputersOnly]
      [-Credential <PSCredential>]
      [-ResultPageSize <Int32>]
      [-ResultSetSize <Int32>]
      [-SearchBase <String>]
      [-SearchScope <ADSearchScope>]
      [-Server <String>]
      [-UsersOnly]
      [<CommonParameters>]
Search-ADAccount
      [-AccountExpiring]
      [-AuthType <ADAuthType>]
      [-ComputersOnly]
      [-Credential <PSCredential>]
      [-DateTime <DateTime>]
      [-ResultPageSize <Int32>]
      [-ResultSetSize <Int32>]
      [-SearchBase <String>]
      [-SearchScope <ADSearchScope>]
      [-Server <String>]
      [-TimeSpan <TimeSpan>]
      [-UsersOnly]
      [<CommonParameters>]
Search-ADAccount
      [-AccountInactive]
      [-AuthType <ADAuthType>]
      [-ComputersOnly]
      [-Credential <PSCredential>]
      [-DateTime <DateTime>]
      [-ResultPageSize <Int32>]
      [-ResultSetSize <Int32>]
      [-SearchBase <String>]
      [-SearchScope <ADSearchScope>]
      [-Server <String>]
      [-TimeSpan <TimeSpan>]
      [-UsersOnly]
      [<CommonParameters>]
Search-ADAccount
      [-AuthType <ADAuthType>]
      [-ComputersOnly]
      [-Credential <PSCredential>]
      [-LockedOut]
      [-ResultPageSize <Int32>]
      [-ResultSetSize <Int32>]
      [-SearchBase <String>]
      [-SearchScope <ADSearchScope>]
      [-Server <String>]
      [-UsersOnly]
      [<CommonParameters>]
Search-ADAccount
      [-AuthType <ADAuthType>]
      [-ComputersOnly]
      [-Credential <PSCredential>]
      [-PasswordExpired]
      [-ResultPageSize <Int32>]
      [-ResultSetSize <Int32>]
      [-SearchBase <String>]
      [-SearchScope <ADSearchScope>]
      [-Server <String>]
      [-UsersOnly]
      [<CommonParameters>]
Search-ADAccount
      [-AuthType <ADAuthType>]
      [-ComputersOnly]
      [-Credential <PSCredential>]
      [-PasswordNeverExpires]
      [-ResultPageSize <Int32>]
      [-ResultSetSize <Int32>]
      [-SearchBase <String>]
      [-SearchScope <ADSearchScope>]
      [-Server <String>]
      [-UsersOnly]
      [<CommonParameters>]

Description

The Search-ADAccount cmdlet retrieves one or more user, computer, or service accounts that meet the criteria specified by the parameters. Search criteria include account and password status. For example, you can search for all accounts that have expired by specifying the AccountExpired parameter. Similarly, you can search for all accounts with an expired password by specifying the PasswordExpired parameter. You can limit the search to user accounts by specifying the UsersOnly parameter. Similarly, when you specify the ComputersOnly parameter, the cmdlet only retrieves computer accounts.

Some search parameters, such as AccountExpiring and AccountInactive use a default time that you can change by specifying the DateTime or TimeSpan parameter. The DateTime parameter specifies a distinct time. The TimeSpan parameter specifies a time range from the current time. For example, to search for all accounts that expire in 10 days, specify the AccountExpiring and TimeSpan parameter and set the value of TimeSpan to "10.00:00:00". To search for all accounts that expire before December 31, 2012, set the DateTime parameter to "12/31/2012".

Examples

-------------------------- EXAMPLE 1 --------------------------

C:\PS>Search-ADAccount -AccountDisabled | FT Name,ObjectClass -A


Name            ObjectClass
----            -----------
Guest           user
krbtgt          user
krbtgt_51399    user
AmyAl-LPTOP     computer
DeepakAn-DSKTOP computer

Description


Returns all users, computers and service accounts that are disabled.

-------------------------- EXAMPLE 2 --------------------------

C:\PS>Search-ADAccount -AccountDisabled -UsersOnly | FT Name,ObjectClass -A


Name         ObjectClass
----         -----------
Guest        user
krbtgt       user
krbtgt_51399 user

Description


Returns all users that are disabled.

-------------------------- EXAMPLE 3 --------------------------

C:\PS>Search-ADAccount -AccountExpired | FT Name,ObjectClass -A


Name            ObjectClass
----            -----------
Greg Chapman    user
Claus Hansen    user
Tomasz Bochenek user

Description


Returns all users, computers and service accounts that are expired.

-------------------------- EXAMPLE 4 --------------------------

C:\PS>Search-ADAccount -AccountExpiring -TimeSpan 6.00:00:00 | FT Name,ObjectClass -A


Name           ObjectClass
----           -----------
Iulian Calinov user
John Campbell  user
Garth Fort     user

Description


Returns all users, computers and service accounts that will expire in the next 6 days.

-------------------------- EXAMPLE 5 --------------------------

C:\PS>Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 | FT Name,ObjectClass -A


Name                        ObjectClass
----                        -----------
FABRIKAM-RODC1              computer
Guest                       user
krbtgt                      user
krbtgt_51399                user
Almudena Benito             user
Aaron Con                   user
Adina Hagege                user
Aaron Nicholls              user
Aaron M. Painter            user
Jeff Phillips               user
Flemming Pedersen           use

Description


Returns all accounts that have been inactive for the last 90 days.

-------------------------- EXAMPLE 6 --------------------------

C:\PS>Search-ADAccount -PasswordExpired | FT Name,ObjectClass -A


Name                        ObjectClass
----                        -----------
Stan Orme                   user
Danni Ortman                user
Matej Potokar               user

Description


Returns all accounts where the password has expired.

-------------------------- EXAMPLE 7 --------------------------

C:\PS>Search-ADAccount -PasswordNeverExpires | FT Name,ObjectClass -A


Name           ObjectClass
----           -----------
Guest          user
Toni Poe       user
Anders Riis    user
Fabien Hernoux user

Description


Returns all accounts with a password that will never expire.

-------------------------- EXAMPLE 8 --------------------------

C:\PS>Search-ADAccount -LockedOut | FT Name,ObjectClass -A

Name           ObjectClass
----           -----------
Toni Poe       user

Description


Returns all accounts that have been locked out.

-------------------------- EXAMPLE 9 --------------------------

C:\PS>Search-ADAccount -AccountDisabled -ComputersOnly | FT Name,ObjectClass -A

Name           ObjectClass
----           -----------
TPOE-PC1       computer

Description


Returns all disabled computer accounts.

-------------------------- EXAMPLE 10 --------------------------

C:\PS>Search-ADAccount -AccountExpiring -DateTime "3/18/2009" | FT Name,ObjectClass -A

Name         ObjectClass
----         -----------
Anders Riis  user

Description


Returns all accounts which expire on the 18th of March, 2009.

-------------------------- EXAMPLE 11 --------------------------

C:\PS>Search-AdAccount -AccountDisabled -SearchBase "DC=AppNC" -Server "FABRIKAM-SRV1:60000"

Enabled               : False
Name                  : SanjayPatel
UserPrincipalName     :
PasswordNeverExpires  :
LockedOut             : False
ObjectGUID            : d671de28-6e40-42a7-b32c-63d336de296d
ObjectClass           : user
SID                   : S-1-510474493-936115905-2231798853-1260534229-4171027843-767619944
PasswordExpired       : False
LastLogonDate         :
DistinguishedName     : CN=SanjayPatel,OU=AccountDeptOU,DC=AppNC
AccountExpirationDate :

Description


Returns all users, computers and service accounts that are disabled in the LDS instance: "FABRIKAM-SRV1:60000".

Required Parameters

-AccountDisabled

{{Fill AccountDisabled Description}}

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AccountExpired

{{Fill AccountExpired Description}}

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AccountExpiring

{{Fill AccountExpiring Description}}

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AccountInactive

{{Fill AccountInactive Description}}

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-LockedOut

{{Fill LockedOut Description}}

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PasswordExpired

{{Fill PasswordExpired Description}}

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PasswordNeverExpires

{{Fill PasswordNeverExpires Description}}

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Optional Parameters

-AuthType

{{Fill AuthType Description}}

Type:ADAuthType
Parameter Sets:Negotiate, Basic
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ComputersOnly

{{Fill ComputersOnly Description}}

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Credential

{{Fill Credential Description}}

Type:PSCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DateTime

{{Fill DateTime Description}}

Type:DateTime
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ResultPageSize

{{Fill ResultPageSize Description}}

Type:Int32
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ResultSetSize

{{Fill ResultSetSize Description}}

Type:Int32
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SearchBase

{{Fill SearchBase Description}}

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SearchScope

{{Fill SearchScope Description}}

Type:ADSearchScope
Parameter Sets:Base, OneLevel, Subtree
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Server

{{Fill Server Description}}

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-TimeSpan

{{Fill TimeSpan Description}}

Type:TimeSpan
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-UsersOnly

{{Fill UsersOnly Description}}

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None

Outputs

Microsoft.ActiveDirectory.Management.ADAccount

Returns one or more account objects that meet the conditions set by the parameters.