< Back
Search-ADAccount
Post
NAME Search-ADAccount
SYNOPSIS
Gets Active Directory user, computer, or service accounts.
SYNTAX
Search-ADAccount [<CommonParameters>]
DESCRIPTION
The Search-ADAccount cmdlet retrieves one or more user, computer, or service accounts that meet the criteria
specified by the parameters. Search criteria include account and password status. For example, you can search for
all accounts that have expired by specifying the AccountExpired parameter. Similarly, you can search for all
accounts with an expired password by specifying the PasswordExpired parameter. You can limit the search to user
accounts by specifying the UsersOnly parameter. Similarly, when you specify the ComputersOnly parameter, the
cmdlet only retrieves computer accounts.
Some search parameters, such as AccountExpiring and AccountInactive use a default time that you can change by
specifying the DateTime or TimeSpan parameter. The DateTime parameter specifies a distinct time. The TimeSpan
parameter specifies a time range from the current time. For example, to search for all accounts that expire in 10
days, specify the AccountExpiring and TimeSpan parameter and set the value of TimeSpan to "10.00:00:00". To search
for all accounts that expire before December 31, 2012, set the DateTime parameter to "12/31/2012".
PARAMETERS
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
OUTPUTS
Microsoft.ActiveDirectory.Management.ADAccount
Returns one or more account objects that meet the conditions set by the parameters.
-------------------------- EXAMPLE 1 --------------------------
C:\\PS>Search-ADAccount -AccountDisabled | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
Guest user
krbtgt user
krbtgt_51399 user
AmyAl-LPTOP computer
DeepakAn-DSKTOP computer
Description
-----------
Returns all users, computers and service accounts that are disabled.
-------------------------- EXAMPLE 2 --------------------------
C:\\PS>Search-ADAccount -AccountDisabled -UsersOnly | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
Guest user
krbtgt user
krbtgt_51399 user
Description
-----------
Returns all users that are disabled.
-------------------------- EXAMPLE 3 --------------------------
C:\\PS>Search-ADAccount -AccountExpired | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
Greg Chapman user
Claus Hansen user
Tomasz Bochenek user
Description
-----------
Returns all users, computers and service accounts that are expired.
-------------------------- EXAMPLE 4 --------------------------
C:\\PS>Search-ADAccount -AccountExpiring -TimeSpan 6.00:00:00 | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
Iulian Calinov user
John Campbell user
Garth Fort user
Description
-----------
Returns all users, computers and service accounts that will expire in the next 6 days.
-------------------------- EXAMPLE 5 --------------------------
C:\\PS>Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
FABRIKAM-RODC1 computer
Guest user
krbtgt user
krbtgt_51399 user
Almudena Benito user
Aaron Con user
Adina Hagege user
Aaron Nicholls user
Aaron M. Painter user
Jeff Phillips user
Flemming Pedersen use
Description
-----------
Returns all accounts that have been inactive for the last 90 days.
-------------------------- EXAMPLE 6 --------------------------
C:\\PS>Search-ADAccount -PasswordExpired | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
Stan Orme user
Danni Ortman user
Matej Potokar user
Description
-----------
Returns all accounts where the password has expired.
-------------------------- EXAMPLE 7 --------------------------
C:\\PS>Search-ADAccount -PasswordNeverExpires | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
Guest user
Toni Poe user
Anders Riis user
Fabien Hernoux user
Description
-----------
Returns all accounts with a password that will never expire.
-------------------------- EXAMPLE 8 --------------------------
C:\\PS>Search-ADAccount -LockedOut | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
Toni Poe user
Description
-----------
Returns all accounts that have been locked out.
-------------------------- EXAMPLE 9 --------------------------
C:\\PS>Search-ADAccount -AccountDisabled -ComputersOnly | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
TPOE-PC1 computer
Description
-----------
Returns all disabled computer accounts.
-------------------------- EXAMPLE 10 --------------------------
C:\\PS>Search-ADAccount -AccountExpiring -DateTime "3/18/2009" | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
Anders Riis user
Description
-----------
Returns all accounts which expire on the 18th of March, 2009.
-------------------------- EXAMPLE 11 --------------------------
C:\\PS>Search-AdAccount -AccountDisabled -SearchBase "DC=AppNC" -Server "FABRIKAM-SRV1:60000"
Enabled : False
Name : SanjayPatel
UserPrincipalName :
PasswordNeverExpires :
LockedOut : False
ObjectGUID : d671de28-6e40-42a7-b32c-63d336de296d
ObjectClass : user
SID : S-1-510474493-936115905-2231798853-1260534229-4171027843-767619944
PasswordExpired : False
LastLogonDate :
DistinguishedName : CN=SanjayPatel,OU=AccountDeptOU,DC=AppNC
AccountExpirationDate :
Description
-----------
Returns all users, computers and service accounts that are disabled in the LDS instance: "FABRIKAM-SRV1:60000".
RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/p/?linkid=291105
Clear-ADAccountExpiration
Disable-ADAccount
Enable-ADAccount
Get-ADAccountResultantPasswordReplicationPolicy
Set-ADAccountControl
Set-ADAccountExpiration
Set-ADAccountPassword
Unlock-ADAccount
SYNOPSIS
Gets Active Directory user, computer, or service accounts.
SYNTAX
Search-ADAccount [<CommonParameters>]
DESCRIPTION
The Search-ADAccount cmdlet retrieves one or more user, computer, or service accounts that meet the criteria
specified by the parameters. Search criteria include account and password status. For example, you can search for
all accounts that have expired by specifying the AccountExpired parameter. Similarly, you can search for all
accounts with an expired password by specifying the PasswordExpired parameter. You can limit the search to user
accounts by specifying the UsersOnly parameter. Similarly, when you specify the ComputersOnly parameter, the
cmdlet only retrieves computer accounts.
Some search parameters, such as AccountExpiring and AccountInactive use a default time that you can change by
specifying the DateTime or TimeSpan parameter. The DateTime parameter specifies a distinct time. The TimeSpan
parameter specifies a time range from the current time. For example, to search for all accounts that expire in 10
days, specify the AccountExpiring and TimeSpan parameter and set the value of TimeSpan to "10.00:00:00". To search
for all accounts that expire before December 31, 2012, set the DateTime parameter to "12/31/2012".
PARAMETERS
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
OUTPUTS
Microsoft.ActiveDirectory.Management.ADAccount
Returns one or more account objects that meet the conditions set by the parameters.
-------------------------- EXAMPLE 1 --------------------------
C:\\PS>Search-ADAccount -AccountDisabled | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
Guest user
krbtgt user
krbtgt_51399 user
AmyAl-LPTOP computer
DeepakAn-DSKTOP computer
Description
-----------
Returns all users, computers and service accounts that are disabled.
-------------------------- EXAMPLE 2 --------------------------
C:\\PS>Search-ADAccount -AccountDisabled -UsersOnly | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
Guest user
krbtgt user
krbtgt_51399 user
Description
-----------
Returns all users that are disabled.
-------------------------- EXAMPLE 3 --------------------------
C:\\PS>Search-ADAccount -AccountExpired | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
Greg Chapman user
Claus Hansen user
Tomasz Bochenek user
Description
-----------
Returns all users, computers and service accounts that are expired.
-------------------------- EXAMPLE 4 --------------------------
C:\\PS>Search-ADAccount -AccountExpiring -TimeSpan 6.00:00:00 | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
Iulian Calinov user
John Campbell user
Garth Fort user
Description
-----------
Returns all users, computers and service accounts that will expire in the next 6 days.
-------------------------- EXAMPLE 5 --------------------------
C:\\PS>Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
FABRIKAM-RODC1 computer
Guest user
krbtgt user
krbtgt_51399 user
Almudena Benito user
Aaron Con user
Adina Hagege user
Aaron Nicholls user
Aaron M. Painter user
Jeff Phillips user
Flemming Pedersen use
Description
-----------
Returns all accounts that have been inactive for the last 90 days.
-------------------------- EXAMPLE 6 --------------------------
C:\\PS>Search-ADAccount -PasswordExpired | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
Stan Orme user
Danni Ortman user
Matej Potokar user
Description
-----------
Returns all accounts where the password has expired.
-------------------------- EXAMPLE 7 --------------------------
C:\\PS>Search-ADAccount -PasswordNeverExpires | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
Guest user
Toni Poe user
Anders Riis user
Fabien Hernoux user
Description
-----------
Returns all accounts with a password that will never expire.
-------------------------- EXAMPLE 8 --------------------------
C:\\PS>Search-ADAccount -LockedOut | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
Toni Poe user
Description
-----------
Returns all accounts that have been locked out.
-------------------------- EXAMPLE 9 --------------------------
C:\\PS>Search-ADAccount -AccountDisabled -ComputersOnly | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
TPOE-PC1 computer
Description
-----------
Returns all disabled computer accounts.
-------------------------- EXAMPLE 10 --------------------------
C:\\PS>Search-ADAccount -AccountExpiring -DateTime "3/18/2009" | FT Name,ObjectClass -A
Name ObjectClass
---- -----------
Anders Riis user
Description
-----------
Returns all accounts which expire on the 18th of March, 2009.
-------------------------- EXAMPLE 11 --------------------------
C:\\PS>Search-AdAccount -AccountDisabled -SearchBase "DC=AppNC" -Server "FABRIKAM-SRV1:60000"
Enabled : False
Name : SanjayPatel
UserPrincipalName :
PasswordNeverExpires :
LockedOut : False
ObjectGUID : d671de28-6e40-42a7-b32c-63d336de296d
ObjectClass : user
SID : S-1-510474493-936115905-2231798853-1260534229-4171027843-767619944
PasswordExpired : False
LastLogonDate :
DistinguishedName : CN=SanjayPatel,OU=AccountDeptOU,DC=AppNC
AccountExpirationDate :
Description
-----------
Returns all users, computers and service accounts that are disabled in the LDS instance: "FABRIKAM-SRV1:60000".
RELATED LINKS
Online Version: http://go.microsoft.com/fwlink/p/?linkid=291105
Clear-ADAccountExpiration
Disable-ADAccount
Enable-ADAccount
Get-ADAccountResultantPasswordReplicationPolicy
Set-ADAccountControl
Set-ADAccountExpiration
Set-ADAccountPassword
Unlock-ADAccount