본문 바로가기

OS/Windows

Windows | AD(Active Directory) Powershell로 User 속성 정보 출력하기

반응형
 

Ldap 연동시 AD(Active Directory) 속성값(attribute) 찾기

ldap 연동 시에 다음과 같이 속성값(attribute)을 설정하게 된다. AD의 경우 "로그인 속성"에 "sAMAccountName"등을 사용 할 수있다. sAMAccountName NT4이전에 사용하던 로그온 이름 domainname\username 형식..

ploz.tistory.com

 

 

 

Get-ADUser <logon_name> -Properties <속성>

  • login_name : sAMAccountName 
PS C:> get-aduser test_user -properties *


AccountExpirationDate                                 :
accountExpires                                        :
AccountLockoutTime                                    :
AuthenticationPolicy                                  : {}
AuthenticationPolicySilo                              : {}
BadLogonCount                                         :
CannotChangePassword                                  : False
CanonicalName                                         :
Certificates                                          : {}
City                                                  :
CN                                                    : test_user
codePage                                              : 0
Company                                               :
CompoundIdentitySupported                             : {False}
Country                                               :
countryCode                                           : 0
Created                                               :
Deleted                                               :
Department                                            :
Description                                           :
DisplayName                                           : test_user
DistinguishedName                                     : CN=test_user,OU=TEST,DC=test,DC=com
Division                                              :
EmailAddress                                          :
EmployeeID                                            :
EmployeeNumber                                        :
Fax                                                   :
GivenName                                             :
HomeDirectory                                         :
HomeDrive                                             :
HomePage                                              :
HomePhone                                             :
Initials                                              :
instanceType                                          :
isDeleted                                             :
KerberosEncryptionType                                : {None}
LastBadPasswordAttempt                                :
LastKnownParent                                       :
LastLogonDate                                         :
LogonWorkstations                                     :
Manager                                               :
MemberOf                                              : {}
MobilePhone                                           :
Modified                                              :
msDS-FailedInteractiveLogonCount                      : 1553
msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon : 1553
msDS-LastFailedInteractiveLogonTime                   : 133077783424667720
msDS-LastSuccessfulInteractiveLogonTime               : 133081332439977378
msDS-SupportedEncryptionTypes                         : 0
Name                                                  : test_user
nTSecurityDescriptor                                  : System.DirectoryServices.ActiveDirectorySecurity
ObjectCategory                                        : CN=Person,CN=Schema,CN=Configuration,DC=test,DC=com
ObjectClass                                           : user
ObjectGUID                                            : f8e6da05-3eb4-4ee4-a7be-43558f6adcc2
objectSid                                             : S-1-5-21-1827114671-3833717205-3880562052-1109
Office                                                :
OfficePhone                                           :
Organization                                          :
OtherName                                             :
PasswordLastSet                                       :
POBox                                                 :
PostalCode                                            :
PrimaryGroup                                          : CN=Domain Users,CN=Users,DC=test,DC=com
primaryGroupID                                        : 513
PrincipalsAllowedToDelegateToAccount                  : {}
ProfilePath                                           :
ProtectedFromAccidentalDeletion                       : False
SamAccountName                                        : test_user
sAMAccountType                                        : 805306368
ScriptPath                                            :
sDRightsEffective                                     : 0
ServicePrincipalNames                                 : {}
SID                                                   : S-1-5-21-1827114671-3833717205-3880562052-1109
SIDHistory                                            : {}
sn                                                    : test_user
State                                                 :
StreetAddress                                         :
Surname                                               : test_user
Title                                                 :
userCertificate                                       : {}
UserPrincipalName                                     : test_user@test.com

 

 

 

특정 속성만 출력

get-aduser <ad_user> -properties <속성> | select SamAccountName,sid

PS C:> get-aduser test_user -properties * | select SamAccountName,sid

SamAccountName                                              sid
--------------                                              ---
test_user                                                   S-1-5-21-1827114671-3833717205-3880562052-1109

 

반응형