Category Archives: active directory

Pull AD Group Members and Member Properties

##Pull Active Directory Group Members, and Member Properties
##Get AD Groups via text file or Get-ADGroup command
$adGroups = Get-Content “C:\Temp\adGroups.txt”;
#$adGroups = Get-ADGroup -Filter *;

Foreach ( $group in $adGroups ) {
     $groupName = $group;
     #$groupName = $group.Name;
     $adGroupMembers = Get-ADGroupMember $groupName;

     Foreach ( $member in $adGroupMembers ) {
          $memberSamAcct = $member.SamAccountName;
          $adUser = Get-ADUser $memberName;
          ##Get other AD User attributes here
          echo “$groupName,$memberSamAcct”;


PowerShell Compare User Info in Multiple Domains

Below is a script to compare a user’s Given Name between two domains.  Useful for a development and production comparison.

##Get Domain Credentials
$domain1Creds = Get-Credential ##Enter credentials for first domain;
$domain2Creds = Get-Credential ##Enter credentials for first domain;

##Get Domain Users
$adUsersD1 = Get-ADUser -Filter * -Server Domain1 -Credential $domain1Creds;
$adUsersD2 = Get-ADUser -Filter * -Server Domain2 -Credential $domain2Creds;

Foreach ( $user in $adUsersD1 ) {
     $userName = $user.SamAccountName;
     $userGivenName = $user.GivenName;

     ##Get Index and entry of user in the adUsersD2 array
     $d2Index = $adUsersD2.SamAccountname.IndexOf($userName);
     $user2Compare = $adUsersD2[$d2Index];

     ##Compare Given name from domain1 to domain2
     if ( $userGivenName -ne $user2Compare.GivenName ) {
          echo “$userName Given name is different in domain2”;

PS Script Pull Event Log data

Below is a script I wrote to help identify computers that had a trust relationship issue with the Active Directory domain.  This script searches for an event on the domain controller that you run this on(please use caution).  It looks for an event that has an event ID of 5723, and that happened today.  Then it pulls the name of the computer identified in the event.  This script allows me to know and address the computers with issues before I get a support call.

#Get todays date;
$today = get-date -uformat "%m/%d/%Y"; 
#Create array for computers;
$cName = @();
#Pull events from system event log that are errors;
$events = Get-EventLog -log system -entrytype Error 
#Filter the events where eventID is 5723 and the time written is today;
$events = $events | where { 
 $_.eventID -eq 5723 -and $_.timewritten -like "$today*" 
#Select computer name property;
$events = $events | select ReplacementStrings;
#Add computer names to array;
$events | foreach { $cName += $_.replacementstrings[0];}; 
#Print array leaving out duplicates
$cName | select -uniq;

Recovering AD Users and Computers

Periodically I find myself needing to recover a user or computer that has been deleted from Active Directory, and every time I go Googling.  When I finally find the solution, I have to sit back and ask myself, why do I not document this.  So here it is, my documentation on recovering a deleted user or computer.  Enjoy.


  • Windows Server 2008 or 2008 R2
  • Active Directory 2008 or 2008 R2
  • Active Directory Module for Windows PowerShell (obtained through the Add Features in the Server Manager tool on Domain Controller)


  • Open Active Directory Module for Windows Powershell as administrator.
  • Now utilize the Get-ADObject command.

Searching for Users or Computers:

Search for a particular user

Get-ADObject -Filter {Deleted -eq $True -and Name -like "username" -and ObjectClass -eq "User"} -IncludeDeletedObjects

Search for a particular computer

Get-ADObject -Filter {Deleted -eq $True -and Name -like "computername" -and ObjectClass -eq "Computer"} -IncludeDeletedObjects

Note: Asterisks can used in the filter.  “*username*” and your filter can be as simple or as complex as you need.  As long as you include the -IncludeDeletedObjects parameter you should be good to go.

Restoring a User or Computer:

Once you use one of the above commands to locate the user or computer you want to restore, then pipe Restore-ADObject to the end of the statement.  Examples below.  Please make sure your results in your search are the only objects you want restored.

Restore a particular user

Get-ADObject -Filter {Deleted -eq $True -and Name -like "username" -and ObjectClass -eq "User"} -IncludeDeletedObjects | Restore-ADObject

Restore a particular computer

Get-ADObject -Filter {Deleted -eq $True -and Name -like "computername" -and ObjectClass -eq "Computer"} -IncludeDeletedObjects | Restore-ADObject

Restoring other AD Objects:

This method can also be used to restore other deleted objects in AD.  In order to do that you will need to edit the filter to return the needed object.