# Get-ADUser
PowerShell command to find Active Directory users and their properties.

## Build a .CSV of AD users and their fields (looking for sensitive information such as passwords in the Description field)
```
Get-ADUser -Filter {Enabled -eq $true} -Properties Description, Title, Department, Office, EmailAddress, OfficePhone, MobilePhone, StreetAddress, City, Manager, Info |
    Select-Object SamAccountName, Name, Description, Title, Department, Office, EmailAddress, OfficePhone, MobilePhone, StreetAddress, City, Manager, Info |
    Export-Csv -Path "ad_users.csv" -NoTypeInformation
```

## Get a user's SID
```
Get-ADUser -server IP.OF.A.DOMAIN-CONTROLLER -Identity someuser -Properties SID | Select-Object SID
```

## Pull all high priv groups and show pwdLastSet time in human-readable format
```
# Define the groups to search for
$groups = "Administrators", "Domain Admins", "Enterprise Admins"

# Retrieve the members of these groups
$members = foreach ($group in $groups) {
    Get-ADGroupMember -server 1.2.3.4 -Identity $group -Recursive
}

# Remove duplicates and filter user accounts only
$uniqueMembers = $members | Select-Object -Unique | Where-Object { $_.objectClass -eq 'user' }

# Get user details, filter by enabled users, and sort by pwdLastSet, converting pwdLastSet to human-readable format
$results = $uniqueMembers | ForEach-Object {
    $user = Get-ADUser -server 1.2.3.4 -Identity $_.SamAccountName -Properties pwdLastSet, Enabled
    if ($user.Enabled) {
        [PSCustomObject]@{
            SamAccountName = $user.SamAccountName
            PwdLastSet     = if ($user.pwdLastSet) { [datetime]::FromFileTime($user.pwdLastSet) } else { $null }
        }
    }
} | Where-Object { $_ -ne $null } | Sort-Object -Property PwdLastSet

# Output the results
$results

```