Get-AdUser and –properties

The Get-ADuser cmdlet returns a small subset of properties by default:

PS> Get-ADUser -Identity Richard

DistinguishedName : CN=Richard,CN=Users,DC=Manticore,DC=org
Enabled           : True
GivenName         : Richard
Name              : Richard
ObjectClass       : user
ObjectGUID        : b94a5255-28d0-4f91-ae0f-4c853ab92520
SamAccountName    : Richard
SID               : S-1-5-21-3881460461-1879668979-35955009-1104
Surname           :
UserPrincipalName :


You can use the –Properties parameter to return more properties

Get-ADUser -Identity Richard -Properties *

returns all properties

You can select a subset of properties by specifying their names

Get-ADUser -Identity Richard -Properties MemberOf, Country


If you want to use wildcards you need to use select

Get-ADUser -Identity Richard -Properties * | select last*

Published Mon, Aug 26 2013 21:36 by RichardSiddaway


# re: Get-AdUser and –properties

Hi Richard

I am an big fan of you work and have all your books.

Even I have subscribed to your new AD book (meap/ebook/paper) at Manning Publications Co..

Even If you use -Properties * not all Properties a user can have are returned. Only the Properties who are not empty are returned!

So it is hard to find out which Properties are possible for an AD Object.

Here you have to ask the Schema!

So it makes me sad that non PowerShell AD book I know deals with AD Schema. :-(

(I think I have all with that topic, look at my Blogs books section :-) )

Normally you can use the following .NET classes for that:



But this classes don’t work over the ADWS Web service.

I have developed a draft, to query all possible properties of an AD object from Schema over the Webservice.

How can I sent it to you ?

you can reach me an twitter @PeterKriegel

or with mail (one line):

[string](0..21|%{[char][int]([int]("{0:d}" -f 0x28)+('755964655967-86965747271757624-8796158066061').substring(($_*2),2))})-replace' '

Peter Kriegel

Friday, August 30, 2013 5:36 AM by Peter Kriegel

