Function will retrieve AD user's properties and group memberships. It will then export and log the results. Could be used when changing permissions on an account or before disabling it.
function Get-ADUserProperties {
param (
[Parameter(mandatory = $True, ValueFromPipeline = $true)]
[ValidateNotNullOrEmpty()]
[string]$Username
)
Log file location ex:
$Logfilename = 'c:\reports\temp' + $Username + ($TimeStamp = Get-Date -Format '_yyyy_MM_dd_HH-mm-ss') + '.txt'
$User = Get-ADUser -LDAPFilter "(sAMAccountName=$Username)"
if($User -ne $Null){ Write-Host "Processing"
$uprop1 = Get-ADUser $Username -Properties * -ErrorAction Stop
$managerDetails = Get-ADUser (Get-ADUser $Username -properties manager).manager -properties displayName
$uprop2 = Get-ADPrincipalGroupMembership -Identity $Username | Get-ADGroup -Properties * | select name, description
$prop1 = [ordered]@{
"Name" = $uprop1.name
"User ID" = $uprop1.samaccountname
"Email Address" = $uprop1.emailaddress
"Title" = $uprop1.title
"Description" = $uprop1.Description
"Department" = $uprop1.Department
"Manager" = $managerDetails.Name
"Office Phone" = $uprop1.officephone
"Mobile" = $uprop1.mobile
"Account Created" = $uprop1.Created
"Password Last Changed" = $uprop1.PasswordLastSet
# End of $prop1
}
$4userinfo += $prop1 | FT -AutoSize | Out-String
$4userinfo += $uprop2 | FT -AutoSize | Out-String
$4userinfo | Out-File -FilePath $Logfilename
Write-host "Completed"
}
else {Write-Host "User not found: $Username" -ForegroundColor Red }
}
Function will retrieve AD user's properties and group memberships. It will then export and log the results. Could be used when changing permissions on an account or before disabling it.