Learning powershell, how to get all properties of an AD user

I have an assignment in my class that asks me to “Using Get-ADUser, obtain a list of the users added in the previous step. Pipe the output to Export-CliXML. Using the Import-CliXML, display the objects generated from the CliXML file that you just created. In the display, look for the user that was added to multiple groups – you should see reference to this user’s groups.” I created a line that gets me the list of users, but I can’t seem to figure out how to add the groups to it and get it functioning.

This is my current line

Get-ADUser -Filter * -SearchBase “DC=cls,DC=com”|Select name |Export-Clixml -path C:\userlist.xml

I tried adding groups, security groups, membersof, ect in the select category but they come out blank


You should be using -Properties parameter of Get-AdUser cmdlet to select them , as by default very few properties will be displayed and groups, security groups, membersof are not part of it.

so would it be more like this?

Get-ADUser -Filter * -SearchBase “DC=cls,DC=com” -Properties type |Export-Clixml -path C:\userlist.xml

when I try it like that I get an error saying properties are invalid.

what is “type” here ? you can see it once by using -Properties *, but using it in script will give all the properties and will be too much.
So once select all using * will show you all the available properties then can be decided to select required prorpties.

Get-ADUser -Filter * -properties *|select Name,groups, security groups, membersof|Export-Clixml -path C:\userlist.xml

Looking at your script and requirement it should be as of and -searchbase is not required as you are querying the whole domain. Searchbase is used for a particular OU in domain.

If you want to check scripts like this you are welcome to visit https://www.powershellguru.com/ad

sorry for no responding, was working on another assignment. When I try the script above I get the following error

PS C:> Get-ADUser -Filter * -properties *|select Name,groups, security groups, membersof|Export-Clixml -path C:\userlist.xml

Select-Object : A positional parameter cannot be found that accepts argument ‘System.Object[]’.
At line:1 char:36

  • … -properties *|select Name,groups, security groups, membersof|Export- …
  • CategoryInfo : InvalidArgument: (:slight_smile: [Select-Object], ParameterBindingException
  • FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.SelectObjectCommand

When using properties with space, it should be wrapped in quotes ‘security groups’.

But AFAIK, ‘security groups’ and groups are not properties of a AD user object.

They are not. To see all the properties he can run

(Get-ADUser -Filter * -Properties * |
    Select-Object -First 1 | Get-Member -MemberType Property).name

These are the names of all the properties on an AD user. of course I’d limit this to one user if you could using -Filter

(Get-ADUser -Filter "name -like '*someusername*'" -Properties * | Get-Member -MemberType Property).name

i’d make it even simpler, if you have the details of a user, no reason to user -filter

get-aduser samaccountname_of_user_here -prop *

you can then either select name, or look at the properties with a value included, I find that much easier to parse than just the list of names

If they have the samaccountname, sure. Otherwise filter.