Top Ten Tasks

Given that its October, the 10th month of the year, I thought I'd put together a series of PowerShell one-liners using the Quest PowerShell/AD cmdlets, that you might use for some quick Top Ten type tasks. Even though I've arbitrarily chosen a threshold of 10 you can easily tweak the expressions for any number. The following list are items that I felt an Active Directory administrator might find the most useful. All of the expressions write to the pipeline so you can easily extend the expression to direct output to a file, a printer, convert to HTML, export ot a CSV or whatever else you can come up with.

Top Ten Newest Users

This task is really to find the 10 newest user accounts that have been added to my domain. I've selected some properties that are of interest to me, you might want different ones.

[mycompany-dc01]: PS C:\> get-qaduser -enabled -sizelimit 0 | sort WhenCreated -descending | Select Name,Description,WhenCreated,ParentContainer -first 10

I'm using the -enabled and -sizelimit parameters to make sure I don't miss any accounts and also to skip anything disabled. As written this is searching the entire domain, but of course you can refine the expression by adding the -SearchRoot parameter to Get-QADuser.

Top Ten Oldest Users

As you might imagine, it's trivial to turn this around and find the top ten oldest accounts. The default sort order is Ascending so all I have to do is remove the -descending parameter.

[mycompany-dc01]: PS C:\> get-qaduser -enabled -sizelimit 0 | sort WhenCreated | Select Name,Description,WhenCreated,ParentContainer -first 10

Top Ten Oldest Computers

I can do something similar to find the oldest computers in my domain.

[mycompany-dc01]: PS C:\> get-qadcomputer -sizelimit 0 | sort WhenCreated | Select Name,ComputerRole,OperatingSystem,WhenCreated,ParentContainer

Again, you might want to limit your search to a particular OU. Or you might to only find the 10 oldest domain controllers or member servers. For that task you can use the -ComputerRole parameter. Look at cmdlet help for Get-QADComputer and you'll find a number of ways you can tweak this expression.

Top Ten Oldest Passwords

Let's go back to users for a moment. I want to find the top 10 users with the oldest passwords.

[mycompany-dc01]: PS C:\> get-qaduser -enabled -PasswordNeverExpires:$false -sizelimit 0 | sort PasswordAge -desc | Select CanonicalName,Description,Pass* -first 10

This expression has a little variety. Instead of the name, I'm displaying the Canonical name which will include the OU path., I find that useful. I'm also displaying all the password properties by using a wildcard with the property name in the Select-Object portion of the expression. This will show me PasswordLastSet, PasswordAge, PasswordExpires, PasswordNeverExpires (which I already know is False because I used it as a filter with Get-QADUser), PasswordIsExpired and PasswordStatus.

Top Ten Newest Groups

[mycompany-dc01]: PS C:\> get-qadgroup -sizelimit 0 | Sort WhenCreated -desc | Select CanonicalName,GroupType,GroupScope,Description,WhenCreated -first 10

As written this will return the top ten newest created groups, regardless of type. This can easily be modified to see only say Distribution by using the -GroupType parameter with Get-QADGroup. Other options include filtering by group scope or organizational unit.

Top Ten Largest Groups

This last one is a little trickier.

[mycompany-dc01]: PS C:\> get-qadgroup -sizelimit 0 | foreach { $_ | Add-member -membertype Noteproperty -name "Size" -value ($_.members.count) -passthru } | Sort Size -desc | Select CanonicalName,GroupType,GroupScope,Description,Size -first 10

Each group is piped to ForEach where the group object is piped to the Add-Member cmdlet so that I can add a new property called Size, which takes the member count as its value. You need to use -Passthru so the object is written to the pipeline. Otherwise my subsequent sorting and selecting will have nothing to work with.

There are many variations on all of these expressions. Be sure to look at cmdlet help and examples.

What are your "Top 10" tasks?