Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, February 8, 2013 3:00 PM
I am fairly new to PowerShell and have gotten quite a bit of help browsing the Forums and asking questions.
I have been working on getting Properties from get-aduser, and its bafflilng to me on the below examples.
To find if a user account is enabled I have used:
get-aduser -identity USERNAME | %{$_.enabled}
This will return True or False
To check if a user account is Locked I found this will return True or False
(get-aduser -identity USERNAME -Properties LockedOut).LockedOut
Why is this? When I try
get-aduser -identity USERNAME | %{$_.LockedOut}, it returns blank
Subsequently if I try
(get-aduser -identity USERNAME -Properties Enabled).Enabled, it returns blank.
All replies (6)
Friday, February 8, 2013 4:35 PM
Hi,
Have a look at
Search-ADAccount -AccountExpired
and
Search-ADAccount -AccountDisabled
I've looked at (get-aduser -identity USERNAME -Properties Enabled).Enabled works for me. get-aduser -identity USERNAME | %{$_.LockedOut} is blank for me because my account isn't locked ... but get-aduser -identity USERNAME | % {$_.Enabled} returns true
Have you looked at get-aduser USERNAME | Get-Member ...I
s there anything in particular you're trying to achieve or just understanding?
Thanks,
John
Friday, February 8, 2013 6:55 PM
Thanks John,
I may not have explained my question right.
I am confused on why I have to use two different methods to pull a property out of get-aduser? Both the Enabled and LockedOut properties return True or False.
I am quickly finding out there are very many different ways to get something accomplished in Powershell.
Chris
Friday, September 4, 2015 7:29 PM
For me, Get-Aduser is returning information for some accounts but not others even though they are actively used accounts. In the following picture, both accounts are enabled and actively used but only one is showing the Enabled attribute. It doesn't matter if I explicitly ask for it either (Get-Aduser userid -Properties Enabled)
Thursday, September 17, 2015 8:22 PM | 2 votes
Thanks for the information Richard!
Ricc, we experienced the same issue here a month or so ago. A colleague was not able to get the enabled value for some users. I could run the exact same command and get the value for every user. Both of our accounts are domain admins. I ran PowerShell as my account from his RDP session and it also worked fine. I found that his admin account was in a test OU where we test GPO's. After his account was moved out of that OU he was able to get the enabled value for all accounts, same as me. I never went back and looked to see what GPO's were applied to that OU at the time, so I still do not know what actually caused the problem.
Jason
Thursday, September 17, 2015 9:44 PM
Thanks for the information Richard!
Ricc, we experienced the same issue here a month or so ago. A colleague was not able to get the enabled value for some users. I could run the exact same command and get the value for every user. Both of our accounts are domain admins. I ran PowerShell as my account from his RDP session and it also worked fine. I found that his admin account was in a test OU where we test GPO's. After his account was moved out of that OU he was able to get the enabled value for all accounts, same as me. I never went back and looked to see what GPO's were applied to that OU at the time, so I still do not know what actually caused the problem.
Jason
Good info. Look high, look low, look under the bed. This kind of thing can be a challenge. Look for difference (as you did) and suspect everything.
\(ツ)_/
Thursday, November 26, 2015 11:22 AM
Hello Ricc,
I had the same issue. "Enabled" and "useraccountcontrol" where missing from the output on some accounts but not on others. When looking into ADUC I could see the values correctly. It turned out that I had to run PS with administrative privileges (right click - "Run as Administrator"). After that all values where shown correctly.
Regards
Harry