Trond Jakob Sjøvang

Musings on cloud, devops & infrastructure as code

September 29, 2017
Get-ADUser -SearchBase "ou=users,dc=contoso,dc=com" -Filter * -Properties Name, EmployeeNumber, UserPrincipalName, Manager | where {$_.Manager -eq $null} | ft Name, EmployeeNumber, UserPrincipalName, Manager

Because “Manager” is an extended attribute in Active Directory you can’t use -Filter {Manager -notlike “*”} like you would with basic attributes

September 22, 2017
To delete an entire tree structure with objects (typically Organizational Units) with the flag “ProtectedFromAccidentialDeletion” we first need to remove the flag. We can then select the top node and delete the entire tree. Needless to say, you should probably use this with caution. If you don’t want to remove the protection from every OU in the specified SearchBase you need to split up and run the command multiple times with different values for the SearchBase-argument
July 17, 2017
Get-ADUser -Filter "*" -SearchBase "ou=Users,dc=contoso,dc=com" -Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
    Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}