wiki

User Tools

Site Tools

Trace: sendmail windows_adinfo
windows:windows_adinfo

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
windows:windows_adinfo [2021/10/06 21:09]
manu created 		windows:windows_adinfo [2023/02/15 22:04] (current)
manu
Line 1: Line 1:
 ====== Windows AD information in command line ====== ====== Windows AD information in command line ======
 +
 +<cli prompt='>'>​
 +C:​\Users\myuser1>​gpresult /r | find "​OU"​
 +    CN=MYUSER1,​OU=ALL Users,​OU=NDS,​DC=xxx,​DC=xxx,​DC=lu
 +        GPOUSER_ScreenSaver30m
 +</​cli>​
 +
 +List all groups of a user:
 +<cli prompt='>'>​
 +C:​\Users\myuser1>​ (GET-ADUSER –Identity myuser1 –Properties MemberOf | Select-Object MemberOf).MemberOf
 +</​cli>​
  
 Get the extensionAttribute attribute value for all Active Directory users using PowerShell Get the extensionAttribute attribute value for all Active Directory users using PowerShell
  
 How do I return the sAMAccountName and a particular attribute – in this case extensionAttribute1 for all Active Directory users in PowerShell How do I return the sAMAccountName and a particular attribute – in this case extensionAttribute1 for all Active Directory users in PowerShell
 +<cli prompt='>'>​
 +Get-ADUser username -Properties * | Select *
 +</​cli>​
 +
 <cli prompt='>'>​ <cli prompt='>'>​
 Get-ADUser -Properties extensionAttribute1 -Filter * | Select sAMAccountName,​ extensionAttribute1 | export-csv c:​\temp\extensionattribute1.csv Get-ADUser -Properties extensionAttribute1 -Filter * | Select sAMAccountName,​ extensionAttribute1 | export-csv c:​\temp\extensionattribute1.csv
 </​cli>​ </​cli>​
 +
 +Using PowerShell to List All AD User Attributes
 +
 +Per the previous section you need to examine the following to get the full list of potential attributes for any class definition:
 +
 +    Find a list of all classes inherited by the class (inheritance chain)
 +    Find a list of all supplemental (auxiliary) classes for the classes found in the previous step
 +    Find all attribute lists in the four mustContain/​mayContain attributes of the classes found in the two previous (don’t forget the class itself)
 +
 +<​code>​
 +Import-Module ActiveDirectory
 +$Loop = $True
 +$ClassName = "​User"​
 +$ClassArray = [System.Collections.ArrayList]@()
 +$UserAttributes = [System.Collections.ArrayList]@()
 +# Retrieve the User class and any parent classes
 +While ($Loop) {
 +  $Class = Get-ADObject -SearchBase (Get-ADRootDSE).SchemaNamingContext -Filter { ldapDisplayName -Like $ClassName } -Properties AuxiliaryClass,​ SystemAuxiliaryClass,​ mayContain, mustContain,​ systemMayContain,​ systemMustContain,​ subClassOf, ldapDisplayName
 +  If ($Class.ldapDisplayName -eq $Class.subClassOf) {
 +    $Loop = $False
 +  }
 +  $ClassArray.Add($Class)
 +  $ClassName = $Class.subClassOf
 +}
 +# Loop through all the classes and get all auxiliary class attributes and direct attributes
 +$ClassArray | % {
 +  # Get Auxiliary class attributes
 +  $Aux = $_.AuxiliaryClass | % { Get-ADObject -SearchBase (Get-ADRootDSE).SchemaNamingContext -Filter { ldapDisplayName -like $_ } -Properties mayContain, mustContain,​ systemMayContain,​ systemMustContain } |
 +  Select-Object @{n = "​Attributes";​ e = { $_.mayContain + $_.mustContain + $_.systemMaycontain + $_.systemMustContain } } |
 +  Select-Object -ExpandProperty Attributes
 +  # Get SystemAuxiliary class attributes
 +  $SysAux = $_.SystemAuxiliaryClass | % { Get-ADObject -SearchBase (Get-ADRootDSE).SchemaNamingContext -Filter { ldapDisplayName -like $_ } -Properties MayContain, SystemMayContain,​ systemMustContain } |
 +  Select-Object @{n = "​Attributes";​ e = { $_.maycontain + $_.systemmaycontain + $_.systemMustContain } } |
 +  Select-Object -ExpandProperty Attributes
 +  # Get direct attributes
 +  $UserAttributes += $Aux + $SysAux + $_.mayContain + $_.mustContain + $_.systemMayContain + $_.systemMustContain
 +}
 +$UserAttributes | Sort-Object | Get-Unique
 +</​code>​
 +
 +<​code>​
 +accountExpires
 +accountNameHistory
 +aCSPolicyName
 +adminCount
 +adminDescription
 +adminDisplayName
 +...
 +c
 +canonicalName
 +carLicense
 +cn
 +co
 +codePage
 +comment
 +company
 +controlAccessRights
 +countryCode
 +...
 +enabledProtocols
 +expirationTime
 +extensionAttribute1
 +...
 +extensionData
 +extensionName
 +facsimileTelephoneNumber
 +flags
 +folderPathname
 +formData
 +forwardingAddress
 +fromEntry
 +frsComputerReferenceBL
 +fRSMemberReferenceBL
 +fSMORoleOwner
 +garbageCollPeriod
 +gecos
 +generationQualifier
 +gidNumber
 +givenName
 +groupMembershipSAM
 +groupPriority
 +groupsToIgnore
 +heuristics
 +homeDirectory
 +homeDrive
 +homeMDB
 +homeMTA
 +homePhone
 +homePostalAddress
 +houseIdentifier
 +importedFrom
 +info
 +initials
 +instanceType
 +internationalISDNNumber
 +internetEncoding
 +ipPhone
 +isCriticalSystemObject
 +isDeleted
 +isPrivilegeHolder
 +isRecycled
 +jpegPhoto
 +kMServer
 +l
 +labeledURI
 +language
 +languageCode
 +lastKnownParent
 +lastLogoff
 +lastLogon
 +lastLogonTimestamp
 +legacyExchangeDN
 +lmPwdHistory
 +localeID
 +lockoutTime
 +loginShell
 +logonCount
 +logonHours
 +logonWorkstation
 +mail
 +mailNickname
 +managedObjects
 +manager
 +mAPIRecipient
 +masteredBy
 +maxStorage
 +mDBOverHardQuotaLimit
 +mDBOverQuotaLimit
 +mDBStorageQuota
 +mDBUseDefaults
 +memberOf
 +mhsORAddress
 +middleName
 +mobile
 +modifyTimeStamp
 +msCOM-PartitionSetLink
 +msCOM-UserLink
 +...
 +msDS-UserPasswordExpiryTimeComputed
 +msDS-ValueTypeReferenceBL
 +msExchADCGlobalNames
 +...
 +msNPSavedCallingStationID
 +msOrg-LeadersBL
 +msPKIAccountCredentials
 +...
 +msRADIUSServiceType
 +msRASSavedCallbackNumber
 +msRASSavedFramedIPAddress
 +msRASSavedFramedRoute
 +msSFU30Name
 +msSFU30NisDomain
 +msSFU30PosixMemberOf
 +msTSAllowLogon
 +...
 +name
 +netbootSCPBL
 +networkAddress
 +nonSecurityMemberBL
 +ntPwdHistory
 +nTSecurityDescriptor
 +o
 +objectCategory
 +objectClass
 +objectGUID
 +objectSid
 +objectVersion
 +...
 +ou
 +ownerBL
 +...
 +postOfficeBox
 +preferredDeliveryMethod
 +preferredLanguage
 +preferredOU
 +primaryGroupID
 +primaryInternationalISDNNumber
 +...
 +pwdLastSet
 +...
 +repsFrom
 +repsTo
 +revision
 +rid
 +roomNumber
 +sAMAccountName
 +sAMAccountType
 +scriptPath
 +sDRightsEffective
 +secretary
 +securityIdentifier
 +securityProtocol
 +seeAlso
 +serialNumber
 +serverReferenceBL
 +servicePrincipalName
 +shadowExpire
 +shadowFlag
 +shadowInactive
 +shadowLastChange
 +shadowMax
 +shadowMin
 +shadowWarning
 +showInAddressBook
 +showInAdvancedViewOnly
 +sIDHistory
 +siteObjectBL
 +sn
 +st
 +street
 +...
 +title
 +tokenGroups
 +tokenGroupsGlobalAndUniversal
 +tokenGroupsNoGCAcceptable
 +uid
 +uidNumber
 +unauthOrig
 +unauthOrigBL
 +unicodePwd
 +unixHomeDirectory
 +unixUserPassword
 +unmergedAtts
 +url
 +userAccountControl
 +userCert
 +userCertificate
 +userParameters
 +userPassword
 +userPKCS12
 +userPrincipalName
 +userSharedFolder
 +userSharedFolderOther
 +userSMIMECertificate
 +userWorkstations
 +uSNChanged
 +uSNCreated
 +uSNDSALastObjRemoved
 +USNIntersite
 +uSNLastObjRem
 +uSNSource
 +versionNumber
 +wbemPath
 +wellKnownObjects
 +whenChanged
 +whenCreated
 +wWWHomePage
 +x121Address
 +x500uniqueIdentifier
 +</​code>​
 +
 +https://​www.easy365manager.com/​how-to-get-all-active-directory-user-object-attributes/​
windows/windows_adinfo.1633547380.txt.gz · Last modified: 2021/10/06 21:09 by manu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki