So I noticed something peculiar today while doing some AD filtering in a PS console.
Get-ADComputer $Env:ComputerName | Select * DistinguishedName : DNSHostName : Enabled : Name : ObjectClass : ObjectGUID : SamAccountName : SID : UserPrincipalName : PropertyNames : AddedProperties : RemovedProperties : ModifiedProperties : PropertyCount :
^^^ This should supposedly return all of the properties for that AD computer (removed all values for confidentiality). But, this next command returns a much larger set of properties (see below)
Get-ADComputer $Env:ComputerName -Properties * AccountExpirationDate : accountExpires : AccountLockoutTime : AccountNotDelegated : AllowReversiblePasswordEncryption : AuthenticationPolicy : AuthenticationPolicySilo : BadLogonCount : badPasswordTime : badPwdCount : CannotChangePassword : CanonicalName : Certificates : CN : codePage : CompoundIdentitySupported : countryCode : Created : createTimeStamp : Deleted : Description : Cory Etmund Laptop DisplayName : DistinguishedName : DNSHostName : DoesNotRequirePreAuth : dSCorePropagationData : Enabled : HomedirRequired : HomePage : instanceType : IPv4Address : IPv6Address : isCriticalSystemObject : isDeleted : KerberosEncryptionType : LastBadPasswordAttempt : LastKnownParent : lastLogoff : lastLogon : LastLogonDate : lastLogonTimestamp : localPolicyFlags : Location : LockedOut : logonCount : ManagedBy : MemberOf : MNSLogonAccount : Modified : modifyTimeStamp : msDS-SupportedEncryptionTypes : msDS-User-Account-Control-Computed : Name : nTSecurityDescriptor : ObjectCategory : ObjectClass : computer ObjectGUID : objectSid : OperatingSystem : Windows 10 Enterprise OperatingSystemHotfix : OperatingSystemServicePack : OperatingSystemVersion : PasswordExpired : PasswordLastSet : PasswordNeverExpires : PasswordNotRequired : PrimaryGroup : primaryGroupID : PrincipalsAllowedToDelegateToAccount : ProtectedFromAccidentalDeletion : pwdLastSet : SamAccountName : sAMAccountType : sDRightsEffective : ServiceAccount : servicePrincipalName : ServicePrincipalNames : SID : SIDHistory : TrustedForDelegation : TrustedToAuthForDelegation : UseDESKeyOnly : userAccountControl : userCertificate : UserPrincipalName : uSNChanged : uSNCreated : whenChanged : whenCreated :
Why won’t the first command return all of the properties? Is this (for some weird reason) by design? Sorry for the long code, just wanted to make sure my question is being specific enough and the results of the commands were clear. Thanks in advance! I like to learn the ‘How’ and ‘Why’ of things in PS