前回の続きです。Active Directory のユーザーは、次のコマンドで検索できます。
 
  PS AD:\>Get-ADUser -Filter {Name -eq "Administrator" } -Properties *
 
以下のオブジェクト情報が取得できます。実に様々な情報が取得できます。これらをフィルタリングすることによって
パスワード変更をいつしたか、一定時間ログインしていないアカウントはどれかなど様々な状態を効率よく取得することができます。
 
【Small Business Server 2003】 【Small Business Server 2008】
AccountExpirationDate
accountExpires
AccountLockoutTime
AccountNotDelegated
adminCount
AllowReversiblePasswordEncryption
BadLogonCount
badPasswordTime
badPwdCount
CannotChangePassword
CanonicalName
Certificates
City
CN
codePage
Company
Country
countryCode
Created
createTimeStamp
Deleted
Department
Description
DisplayName
DistinguishedName
Division
DoesNotRequirePreAuth
dSCorePropagationData
EmailAddress
EmployeeID
EmployeeNumber
Enabled
extensionName
Fax
GivenName
HomeDirectory
HomedirRequired
HomeDrive
homeMDB
homeMTA
HomePage
HomePhone
Initials
instanceType
isCriticalSystemObject
isDeleted
LastBadPasswordAttempt
LastKnownParent
lastLogoff
lastLogon
LastLogonDate

legacyExchangeDN
LockedOut
logonCount

LogonWorkstations
mail
mailNickname 
Manager
mDBUseDefaults
MemberOf
MNSLogonAccount
MobilePhone
Modified
modifyTimeStamp
msDS-User-Account-Control-Computed
msExchALObjectVersion
msExchHomeServerName
msExchMailboxGuid
msExchMailboxSecurityDescriptor
msExchPoliciesIncluded

msExchUserAccountControl

Name
nTSecurityDescriptor
ObjectCategory
ObjectClass
ObjectGUID
objectSid
Office
OfficePhone
Organization
OtherName
PasswordExpired
PasswordLastSet
PasswordNeverExpires
PasswordNotRequired
POBox
PostalCode
PrimaryGroup
primaryGroupID
ProfilePath
ProtectedFromAccidentalDeletion
proxyAddresses
pwdLastSet
SamAccountName
sAMAccountType
ScriptPath
sDRightsEffective
ServicePrincipalNames
showInAddressBook
SID
SIDHistory
SmartcardLogonRequired
State
StreetAddress
Surname
textEncodedORAddress
Title
TrustedForDelegation
TrustedToAuthForDelegation
UseDESKeyOnly
userAccountControl
userCertificate
UserPrincipalName
uSNChanged
uSNCreated
whenChanged
whenCreated

AccountExpirationDate
accountExpires
AccountLockoutTime
AccountNotDelegated
adminCount
AllowReversiblePasswordEncryption
BadLogonCount
badPasswordTime
badPwdCount
CannotChangePassword
CanonicalName
Certificates
City
CN
codePage
Company
Country
countryCode
Created
createTimeStamp
Deleted
Department
Description
DisplayName
DistinguishedName
Division
DoesNotRequirePreAuth
dSCorePropagationData
EmailAddress
EmployeeID
EmployeeNumber
Enabled

Fax
GivenName
HomeDirectory
HomedirRequired
HomeDrive
homeMDB
homeMTA
HomePage
HomePhone
Initials
instanceType
isCriticalSystemObject
isDeleted
LastBadPasswordAttempt
LastKnownParent
lastLogoff
lastLogon
LastLogonDate
lastLogonTimestamp
legacyExchangeDN
LockedOut
logonCount
logonHours
LogonWorkstations
mail
mailNickname
Manager
mDBUseDefaults
MemberOf
MNSLogonAccount
MobilePhone
Modified
modifyTimeStamp
msDS-User-Account-Control-Computed

msExchHomeServerName
msExchMailboxGuid
msExchMailboxSecurityDescriptor
msExchPoliciesExcluded
msExchRecipientDisplayType
msExchRecipientTypeDetails
msExchUserAccountControl
msExchVersion
Name
nTSecurityDescriptor
ObjectCategory
ObjectClass
ObjectGUID
objectSid
Office
OfficePhone
Organization
OtherName
PasswordExpired
PasswordLastSet
PasswordNeverExpires
PasswordNotRequired
POBox
PostalCode
PrimaryGroup
primaryGroupID
ProfilePath
ProtectedFromAccidentalDeletion
proxyAddresses
pwdLastSet
SamAccountName
sAMAccountType
ScriptPath
sDRightsEffective
ServicePrincipalNames
showInAddressBook
SID
SIDHistory
SmartcardLogonRequired
State
StreetAddress
Surname

Title
TrustedForDelegation
TrustedToAuthForDelegation
UseDESKeyOnly
userAccountControl
userCertificate
UserPrincipalName
uSNChanged
uSNCreated
whenChanged
whenCreated

  
  
広告