Get-ADUserReport.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
<#PSScriptInfo
 
.VERSION 1.0
 
.GUID e6b77778-2225-42cb-8dc3-5f18f385a19a
 
.AUTHOR
    CarlosDZRZ
 
.DESCRIPTION
    Returns a customized list of Active Directory account information for a single user. The customized list is a combination of the fields that are most commonly needed to review when an employee calls the helpdesk for assistance.
 
.COMPANYNAME
 
.COPYRIGHT
 
.TAGS User Report Info
 
.EXTERNALMODULEDEPENDENCIES ActiveDirectory
 
.RELEASENOTES
Version 1.0: Original published version.
 
.PRIVATEDATA
 
#>


Function Get-ADUserReport {
<#
    .SYNOPSIS
        Returns a customized list of Active Directory account information for a single user
    .EXAMPLE
        Get-ADUserReport <UserName>
        Returns a customized list of AD account information from UserName
        PS C:\Scripts> Get-ADUserReport JSmith
            FirstName : John
            LastName : Smith
            Title : System Engineer
            Department : IT
            Manager : Bruce
            City : Redmon
            UserName : jsmith
            DisplayName : Smith, John
            UserPrincipalName : jsmith@contoso.com
            EmailAddress : jsmith@outlook.com
            OfficePhone : 12345
            MobilePhone : 123456789
            LogonWorkstations :
            LastLogon : 18-Dec-19 8:08:42 AM
            LastLogonTimestamp : 17-Dec-19 12:01:14 AM
 
            AccountExpires : 01-Feb-20 12:00:00 AM
            AccountIsEnabled : True
            AccountIsLockedOut : False
            PasswordAge : 18.22:22:23
            PasswordLastSet : 29-Nov-19 10:29:23 AM
            PasswordNeverExpires : False
            PasswordExpires : 28-Jan-20 10:29:23 AM
            UserMustChangePassword : False
            PasswordIsExpired : False
            LastBadPasswordAttempt : 05-Dec-19 12:55:36 PM
     .PARAMETER UserName
        The employee account to lookup in Active Directory
    .NOTES
        NAME: Get-ADUserReport
        AUTHOR: CarlosDZRZ
    .LINK
        http://www.microsoft.com
    .LINK
        http://www.google.es
    .LINK
        http://lmgtfy.com/?q=Manual+powershell
#>

[CmdletBinding()]
Param(
    [Parameter(Mandatory=$true,ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)]
    [string[]]$User_Name
)
Begin {
    $Manager = $null
    $AccountExpires = $null
    $PwdLastSet = $null
}
Process{
    foreach ($UserName in $User_Name){
        $ADusr = Get-ADuser $UserName -Properties givenName, Surname, Title, Department, Manager, City, SamAccountName,
        DisplayName, UserPrincipalName, EmailAddress, OfficePhone, MobilePhone, LogonWorkstations, LastLogon, LastLogonTimestamp,
        accountExpires, Enabled, LockedOut, PasswordLastSet, PasswordNeverExpires, PasswordExpired, CannotChangePassword,
        msDS-UserPasswordExpiryTimeComputed, LastBadPasswordAttempt
        $PasswordExpires = [datetime]::FromFileTime($ADusr.'msDS-UserPasswordExpiryTimeComputed')
        if ($null -ne $ADusr.manager){
            $Manager = Get-ADUser $ADusr.Manager
        }
        if ($ADusr.AccountExpires -eq 0){
            $AccountExpires = "Never"
        }
        else {
            $AccountExpires = [datetime]::FromFileTime($ADusr.accountExpires)
        }
        if ($null -eq $ADusr.PasswordLastSet){
            $PasswordAge = 0
            $PwdLastSet = 0
        }
        else{
            $PasswordAge = ((Get-Date) - ($ADusr.PasswordLastSet)).ToString("dd\.hh':'mm':'ss")
            $PwdLastSet = $ADusr.PasswordLastSet
        }
        $AccountInfo = [PSCustomObject]@{
            FirstName           = $ADusr.givenName
            LastName            = $ADusr.Surname
            Title               = $ADusr.Title
            Department          = $ADusr.Department
            Manager             = $Manager.SamAccountName
            City                = $ADusr.City
            UserName            = $ADusr.SamAccountName
            DisplayName         = $ADusr.DisplayName
            UserPrincipalName   = $ADusr.UserPrincipalName
            EmailAddress        = $ADusr.EmailAddress
            OfficePhone         = $ADusr.OfficePhone
            MobilePhone         = $ADusr.MobilePhone
            LogonWorkstations   = $ADusr.LogonWorkstations
            LastLogon           = [datetime]::FromFileTime($ADusr.LastLogon)
            LastLogonTimestamp  = [datetime]::FromFileTime($ADusr.LastLogonTimestamp)
        }
        $AccountStatus = [PSCustomObject]@{
            AccountExpires          = $AccountExpires
            AccountIsEnabled        = $ADusr.Enabled
            AccountIsLockedOut      = $ADusr.LockedOut
            PasswordAge             = $PasswordAge
            PasswordLastSet         = $PwdLastSet
            PasswordNeverExpires    = $ADusr.PasswordNeverExpires
            PasswordExpires         = $PasswordExpires
            UserMustChangePassword  = $ADusr.CannotChangePassword
            PasswordIsExpired       = $ADusr.PasswordExpired
            LastBadPasswordAttempt  = $ADusr.LastBadPasswordAttempt
        }
        $AccountInfo
        $AccountStatus
    }
}#End Process
}#End Function Get-ADUserReport