Using the Active Directory PowerShell command Get-ADUser with the –properties * (asterisk) switch does not return all available user attributes.
Properties like “msDS-UserPasswordExpiryTimeComputed” will not show up like that and have to be explicitly specified to be returned:
1 | Get-ADUser –Properties msDS-UserPasswordExpiryTimeComputed |
The following code returns all values of the user object:
1 2 | $properties = Get-ADObject -SearchBase (Get-ADRootDSE).SchemanamingContext -Filter {name -eq "User"} -Properties MayContain,SystemMayContain | Select-Object @{name="Properties";expression={$_.maycontain+$_.systemmaycontain}} | Select-Object -ExpandProperty Properties Get-ADUser -Identity username -Properties $properties | fl $properties |
In the above example, all available properties of the Active Directory ObjectClass “user” are retrieved and stored in an array, which is then used to specify the wanted properties using the Get-ADUser cmdlet.