After years of neglecting their command line tools, Microsoft decided to try and build a grown-up set of administrative tools, and released PowerShell. Nearly a decade later, and many of their flagship services still don’t integrate neatly with PowerShell. Good Idea, Bad Idea The syntax is a bit messy, and the promises of an object-oriented shell never quite came to fruition. PowerShell is a great idea, executed poorly. For all that, it still offers certain advantages compared to the Unix family of shells, and is certainly worlds better than ol’ CMD.EXE.

Speaking of good ideas executed poorly: backups aren’t a good idea, they’re a great idea. And when Tommy took over as an Active Directory engineer, he was happy to hear that his predecessor had left behind a script that backed up all their user data on a daily basis. Tommy was significantly less happy when he saw the script.

Import-Module ActiveDirectory
$Date1 = get-date -uformat "%m-%d-%Y"
$LogFile = "D:\Reports\UserInfoDetailed.$Date1.csv"
echo "AccountExpirationDate*accountExpires*AccountLockoutTime*AccountNotDelegated*AllowReversiblePasswordEncryption*BadLogonCount*badPasswordTime*badPwdCount*C*CannotChangePassword*CanonicalName*City*CN*codePage*Comment*Company*Country*countryCode*Created*createTimeStamp*Deleted*Department*Description*DisplayName*DistinguishedName*Division*DoesNotRequirePreAuth*dSCorePropagationData*EmailAddress*EmployeeID*EmployeeNumber*employeeType*Enabled*$extensionAttribute10*$extensionAttribute13*Fax*GivenName*HomeDirectory*HomedirRequired*HomeDrive*HomePage*HomePhone*Initials*instanceType*isCriticalSystemObject*isDeleted*LastBadPasswordAttempt*LastKnownParent*LastLogonDate*LockedOut*lockoutTime*LogonWorkstations*Manager*MemberOf*MNSLogonAccount*MobilePhone*Modified*modifyTimeStamp*Name*nTSecurityDescriptor*ObjectCategory*ObjectClass*ObjectGUID*objectSid*Office*OfficePhone*Organization*OtherName*PasswordExpired*PasswordLastSet*PasswordNeverExpires*PasswordNotRequired*POBox*PostalCode*PrimaryGroup*primaryGroupID*ProfilePath*ProtectedFromAccidentalDeletion*pwdLastSet*SamAccountName*sAMAccountType*ScriptPath*sDRightsEffective*ServicePrincipalNames*SID*SIDHistory*SmartcardLogonRequired*State*StreetAddress*Surname*Title*TrustedForDelegation*TrustedToAuthForDelegation*UseDESKeyOnly*userAccountControl*UserPrincipalName*uSNChanged*uSNCreated*whenChanged*whenCreated" > $Logfile
# get-adUser -filter * -Property * | select * -Exclude userCertificate, showInAddressBook, Certificates | Export-csv $LogFile -NoTypeInformation
get-adUser -filter * -Property SamAccountName | Select SamAccountName | Foreach {$_.SamAccountName} > Accounts.txt
        $Accounts = get-content Accounts.txt
        Foreach ($Account in $Accounts)
                {$AccountExpirationDate = get-adUser $Account -Properties AccountExpirationDate | select AccountExpirationDate | Foreach {$_.AccountExpirationDate}
                $accountExpires = get-adUser $Account -Properties accountExpires | select accountExpires | Foreach {$_.accountExpires}
                $AccountLockoutTime = get-adUser $Account -Properties AccountLockoutTime | select AccountLockoutTime | Foreach {$_.AccountLockoutTime}
                $AccountNotDelegated = get-adUser $Account -Properties AccountNotDelegated | select AccountNotDelegated | Foreach {$_.AccountNotDelegated}
                $AllowReversiblePasswordEncryption = get-adUser $Account -Properties AllowReversiblePasswordEncryption | select AllowReversiblePasswordEncryption | Foreach {$_.AllowReversiblePasswordEncryption}
                $BadLogonCount = get-adUser $Account -Properties BadLogonCount | select BadLogonCount | Foreach {$_.BadLogonCount}
                $badPasswordTime = get-adUser $Account -Properties badPasswordTime | select badPasswordTime | Foreach {$_.badPasswordTime}
                $badPwdCount = get-adUser $Account -Properties badPwdCount | select badPwdCount | Foreach {$_.badPwdCount}
                $C = get-adUser $Account -Properties C | select C | Foreach {$_.C}
                $CannotChangePassword = get-adUser $Account -Properties CannotChangePassword | select CannotChangePassword | Foreach {$_.CannotChangePassword}
                $CanonicalName = get-adUser $Account -Properties CanonicalName | select CanonicalName | Foreach {$_.CanonicalName}
                $City = get-adUser $Account -Properties City | select City | Foreach {$_.City}
                $CN = get-adUser $Account -Properties CN | select CN | Foreach {$_.CN}
                $codePage = get-adUser $Account -Properties codePage | select codePage | Foreach {$_.codePage}
                $comment = Get-ADUser $Account -Properties * | select -ExpandProperty commentForeach {$_.comment}
                $Company = get-adUser $Account -Properties Company | select Company | Foreach {$_.Company}
                $Country = get-adUser $Account -Properties Country | select Country | Foreach {$_.Country}
                $countryCode = get-adUser $Account -Properties countryCode | select countryCode | Foreach {$_.countryCode}
                $Created = get-adUser $Account -Properties Created | select Created | Foreach {$_.Created}
                $createTimeStamp = get-adUser $Account -Properties createTimeStamp | select createTimeStamp | Foreach {$_.createTimeStamp}
                $Deleted = get-adUser $Account -Properties Deleted | select Deleted | Foreach {$_.Deleted}
                $Department = get-adUser $Account -Properties Department | select Department | Foreach {$_.Department}
                $Description = get-adUser $Account -Properties Description | select Description | Foreach {$_.Description}
                $DisplayName = get-adUser $Account -Properties DisplayName | select DisplayName | Foreach {$_.DisplayName}
                $DistinguishedName = get-adUser $Account -Properties DistinguishedName | select DistinguishedName | Foreach {$_.DistinguishedName}
                $Division = get-adUser $Account -Properties Division | select Division | Foreach {$_.Division}
                $DoesNotRequirePreAuth = get-adUser $Account -Properties DoesNotRequirePreAuth | select DoesNotRequirePreAuth | Foreach {$_.DoesNotRequirePreAuth}
                $dSCorePropagationData = get-adUser $Account -Properties dSCorePropagationData | select -ExpandProperty dSCorePropagationData
                $EmailAddress = get-adUser $Account -Properties EmailAddress | select EmailAddress | Foreach {$_.EmailAddress}
                $EmployeeID = get-adUser $Account -Properties EmployeeID | select EmployeeID | Foreach {$_.EmployeeID}
                $EmployeeNumber = get-adUser $Account -Properties EmployeeNumber | select EmployeeNumber | Foreach {$_.EmployeeNumber}
                $employeeType = get-adUser $Account -Properties employeeType | select employeeType | Foreach {$_.employeeType}
                $Enabled = get-adUser $Account -Properties Enabled | select Enabled | Foreach {$_.Enabled}
                $extensionAttribute10 = get-adUser $Account -Properties extensionAttribute10 | select extensionAttribute10 | Foreach {$_.extensionAttribute10}
                $extensionAttribute13 = get-adUser $Account -Properties extensionAttribute13 | select extensionAttribute13 | Foreach {$_.extensionAttribute13}
                $Fax = get-adUser $Account -Properties Fax | select Fax | Foreach {$_.Fax}
                $GivenName = get-adUser $Account -Properties GivenName | select GivenName | Foreach {$_.GivenName}
                $HomeDirectory = get-adUser $Account -Properties HomeDirectory | select HomeDirectory | Foreach {$_.HomeDirectory}
                $HomedirRequired = get-adUser $Account -Properties HomedirRequired | select HomedirRequired | Foreach {$_.HomedirRequired}
                $HomeDrive = get-adUser $Account -Properties HomeDrive | select HomeDrive | Foreach {$_.HomeDrive}
                $HomePage = get-adUser $Account -Properties HomePage | select HomePage | Foreach {$_.HomePage}
                $HomePhone = get-adUser $Account -Properties HomePhone | select HomePhone | Foreach {$_.HomePhone}
                $Initials = get-adUser $Account -Properties Initials | select Initials | Foreach {$_.Initials}
                $instanceType = get-adUser $Account -Properties instanceType | select instanceType | Foreach {$_.instanceType}
                $isCriticalSystemObject = get-adUser $Account -Properties isCriticalSystemObject | select isCriticalSystemObject | Foreach {$_.isCriticalSystemObject}
                $isDeleted = get-adUser $Account -Properties isDeleted | select isDeleted | Foreach {$_.isDeleted}
                $LastBadPasswordAttempt = get-adUser $Account -Properties LastBadPasswordAttempt | select LastBadPasswordAttempt | Foreach {$_.LastBadPasswordAttempt}
                $LastKnownParent = get-adUser $Account -Properties LastKnownParent | select LastKnownParent | Foreach {$_.LastKnownParent}
                $LastLogonDate = get-adUser $Account -Properties LastLogonDate | select LastLogonDate | Foreach {$_.LastLogonDate}
                $LockedOut = get-adUser $Account -Properties LockedOut | select LockedOut | Foreach {$_.LockedOut}
                $lockoutTime = get-adUser $Account -Properties lockoutTime | select lockoutTime | Foreach {$_.lockoutTime}
                $LogonWorkstations = get-adUser $Account -Properties LogonWorkstations | select LogonWorkstations | Foreach {$_.LogonWorkstations}
                $Manager = get-adUser $Account -Properties Manager | select Manager | Foreach {$_.Manager}
                $MemberOf = get-adUser $Account -Properties MemberOf | select -ExpandProperty MemberOf
                $MNSLogonAccount = get-adUser $Account -Properties MNSLogonAccount | select MNSLogonAccount | Foreach {$_.MNSLogonAccount}
                $MobilePhone = get-adUser $Account -Properties MobilePhone | select MobilePhone | Foreach {$_.MobilePhone}
                $Modified = get-adUser $Account -Properties Modified | select Modified | Foreach {$_.Modified}
                $modifyTimeStamp = get-adUser $Account -Properties modifyTimeStamp | select modifyTimeStamp | Foreach {$_.modifyTimeStamp}
                #$msDS-User-Account-Control-Computed = get-adUser $Account -Properties msDS-User-Account-Control-Computed | select msDS-User-Account-Control-Computed | Foreach {$_.msDS-User-Account-Control-Computed}
                $Name = get-adUser $Account -Properties Name | select Name | Foreach {$_.Name}
                $nTSecurityDescriptor = get-adUser $Account -Properties nTSecurityDescriptor | select nTSecurityDescriptor | Foreach {$_.nTSecurityDescriptor}
                $ObjectCategory = get-adUser $Account -Properties ObjectCategory | select ObjectCategory | Foreach {$_.ObjectCategory}
                $ObjectClass = get-adUser $Account -Properties ObjectClass | select ObjectClass | Foreach {$_.ObjectClass}
                $ObjectGUID = get-adUser $Account -Properties ObjectGUID | select ObjectGUID | Foreach {$_.ObjectGUID}
                $objectSid = get-adUser $Account -Properties objectSid | select objectSid | Foreach {$_.objectSid}
                $Office = get-adUser $Account -Properties Office | select Office | Foreach {$_.Office}
                $OfficePhone = get-adUser $Account -Properties OfficePhone | select OfficePhone | Foreach {$_.OfficePhone}
                $Organization = get-adUser $Account -Properties Organization | select Organization | Foreach {$_.Organization}
                $OtherName = get-adUser $Account -Properties OtherName | select OtherName | Foreach {$_.OtherName}
                $PasswordExpired = get-adUser $Account -Properties PasswordExpired | select PasswordExpired | Foreach {$_.PasswordExpired}
                $PasswordLastSet = get-adUser $Account -Properties PasswordLastSet | select PasswordLastSet | Foreach {$_.PasswordLastSet}
                $PasswordNeverExpires = get-adUser $Account -Properties PasswordNeverExpires | select PasswordNeverExpires | Foreach {$_.PasswordNeverExpires}
                $PasswordNotRequired = get-adUser $Account -Properties PasswordNotRequired | select PasswordNotRequired | Foreach {$_.PasswordNotRequired}
                $POBox = get-adUser $Account -Properties POBox | select POBox | Foreach {$_.POBox}
                $PostalCode = get-adUser $Account -Properties PostalCode | select PostalCode | Foreach {$_.PostalCode}
                $PrimaryGroup = get-adUser $Account -Properties PrimaryGroup | select PrimaryGroup | Foreach {$_.PrimaryGroup}
                $primaryGroupID = get-adUser $Account -Properties primaryGroupID | select primaryGroupID | Foreach {$_.primaryGroupID}
                $ProfilePath = get-adUser $Account -Properties ProfilePath | select ProfilePath | Foreach {$_.ProfilePath}
                $ProtectedFromAccidentalDeletion = get-adUser $Account -Properties ProtectedFromAccidentalDeletion | select ProtectedFromAccidentalDeletion | Foreach {$_.ProtectedFromAccidentalDeletion}
                $pwdLastSet = get-adUser $Account -Properties pwdLastSet | select pwdLastSet | Foreach {$_.pwdLastSet}
                $SamAccountName = get-adUser $Account -Properties SamAccountName | select SamAccountName | Foreach {$_.SamAccountName}
                $sAMAccountType = get-adUser $Account -Properties sAMAccountType | select sAMAccountType | Foreach {$_.sAMAccountType}
                $ScriptPath = get-adUser $Account -Properties ScriptPath | select ScriptPath | Foreach {$_.ScriptPath}
                $sDRightsEffective = get-adUser $Account -Properties sDRightsEffective | select sDRightsEffective | Foreach {$_.sDRightsEffective}
                $ServicePrincipalNames = get-adUser $Account -Properties ServicePrincipalNames | select -ExpandProperty ServicePrincipalNames
                $SID = get-adUser $Account -Properties SID | select SID | Foreach {$_.SID}
                $SIDHistory = get-adUser $Account -Properties SIDHistory | select -ExpandProperty SIDHistory
                $SmartcardLogonRequired = get-adUser $Account -Properties SmartcardLogonRequired | select SmartcardLogonRequired | Foreach {$_.SmartcardLogonRequired}
                $State = get-adUser $Account -Properties State | select State | Foreach {$_.State}
                $StreetAddress = get-adUser $Account -Properties StreetAddress | select StreetAddress | Foreach {$_.StreetAddress}
                $Surname = get-adUser $Account -Properties Surname | select Surname | Foreach {$_.Surname}
                $Title = get-adUser $Account -Properties Title | select Title | Foreach {$_.Title}
                $TrustedForDelegation = get-adUser $Account -Properties TrustedForDelegation | select TrustedForDelegation | Foreach {$_.TrustedForDelegation}
                $TrustedToAuthForDelegation = get-adUser $Account -Properties TrustedToAuthForDelegation | select TrustedToAuthForDelegation | Foreach {$_.TrustedToAuthForDelegation}
                $UseDESKeyOnly = get-adUser $Account -Properties UseDESKeyOnly | select UseDESKeyOnly | Foreach {$_.UseDESKeyOnly}
                $userAccountControl = get-adUser $Account -Properties userAccountControl | select userAccountControl | Foreach {$_.userAccountControl}
                $UserPrincipalName = get-adUser $Account -Properties UserPrincipalName | select UserPrincipalName | Foreach {$_.UserPrincipalName}
                $uSNChanged = get-adUser $Account -Properties uSNChanged | select uSNChanged | Foreach {$_.uSNChanged}
                $uSNCreated = get-adUser $Account -Properties uSNCreated | select uSNCreated | Foreach {$_.uSNCreated}
                $whenChanged = get-adUser $Account -Properties whenChanged | select whenChanged | Foreach {$_.whenChanged}
                $whenCreated = get-adUser $Account -Properties whenCreated | select whenCreated | Foreach {$_.whenCreated}
                #$PropertyNames = get-adUser $Account -Properties PropertyNames | select PropertyNames | Foreach {$_.PropertyNames}
                #$PropertyCount = get-adUser $Account -Properties PropertyCount | select PropertyCount | Foreach {$_.PropertyCount}
                echo "$AccountExpirationDate*$accountExpires*$AccountLockoutTime*$AccountNotDelegated*$AllowReversiblePasswordEncryption*$BadLogonCount*$badPasswordTime*$badPwdCount*$C*$CannotChangePassword*$CanonicalName*$City*$CN*$codePage*$comment*$Company*$Country*$countryCode*$Created*$createTimeStamp*$Deleted*$Department*$Description*$DisplayName*$DistinguishedName*$Division*$DoesNotRequirePreAuth*$dSCorePropagationData*$EmailAddress*$EmployeeID*$EmployeeNumber*$employeeType*$Enabled*$extensionAttribute10*$extensionAttribute13*$Fax*$GivenName*$HomeDirectory*$HomedirRequired*$HomeDrive*$HomePage*$HomePhone*$Initials*$instanceType*$isCriticalSystemObject*$isDeleted*$LastBadPasswordAttempt*$LastKnownParent*$LastLogonDate*$LockedOut*$lockoutTime*$LogonWorkstations*$Manager*$MemberOf*$MNSLogonAccount*$MobilePhone*$Modified*$modifyTimeStamp*$Name*$nTSecurityDescriptor*$ObjectCategory*$ObjectClass*$ObjectGUID*$objectSid*$Office*$OfficePhone*$Organization*$OtherName*$PasswordExpired*$PasswordLastSet*$PasswordNeverExpires*$PasswordNotRequired*$POBox*$PostalCode*$PrimaryGroup*$primaryGroupID*$ProfilePath*$ProtectedFromAccidentalDeletion*$pwdLastSet*$SamAccountName*$sAMAccountType*$ScriptPath*$sDRightsEffective*$ServicePrincipalNames*$SID*$SIDHistory*$SmartcardLogonRequired*$State*$StreetAddress*$Surname*$Title*$TrustedForDelegation*$TrustedToAuthForDelegation*$UseDESKeyOnly*$userAccountControl*$UserPrincipalName*$uSNChanged*$uSNCreated*$whenChanged*$whenCreated" >> $Logfile
                #echo "$AccountExpirationDate*$accountExpires*$AccountLockoutTime*$AccountNotDelegated*$AllowReversiblePasswordEncryption*$BadLogonCount*$badPasswordTime*$badPwdCount*$CannotChangePassword*$CanonicalName*$City*$CN*$codePage*$Company*$Country*$countryCode*$Created*$createTimeStamp*$Deleted*$Department*$Description*$DisplayName*$DistinguishedName*$Division*$DoesNotRequirePreAuth*$dSCorePropagationData*$EmailAddress*$EmployeeID*$EmployeeNumber*$employeeType*$Enabled*$Fax*$GivenName*$HomeDirectory*$HomedirRequired*$HomeDrive*$HomePage*$HomePhone*$Initials*$instanceType*$isCriticalSystemObject*$isDeleted*$LastBadPasswordAttempt*$LastKnownParent*$LastLogonDate*$LockedOut*$lockoutTime*$LogonWorkstations*$Manager*$MemberOf*$MNSLogonAccount*$MobilePhone*$Modified*$modifyTimeStamp*$Name*$nTSecurityDescriptor*$ObjectCategory*$ObjectClass*$ObjectGUID*$objectSid*$Office*$OfficePhone*$Organization*$OtherName*$PasswordExpired*$PasswordLastSet*$PasswordNeverExpires*$PasswordNotRequired*$POBox*$PostalCode*$PrimaryGroup*$primaryGroupID*$ProfilePath*$ProtectedFromAccidentalDeletion*$pwdLastSet*$SamAccountName*$sAMAccountType*$ScriptPath*$sDRightsEffective*$ServicePrincipalNames*$SID*$SIDHistory*$SmartcardLogonRequired*$State*$StreetAddress*$Surname*$Title*$TrustedForDelegation*$TrustedToAuthForDelegation*$UseDESKeyOnly*$userAccountControl*$UserPrincipalName*$uSNChanged*$uSNCreated*$whenChanged*$whenCreated" >> $Logfile
        }