Check Active Directory User Attributes with PowerShell
- Knowledge Assistant
Owned by Knowledge Assistant
Description of Issue
When troubleshooting user authentication issues, it can be helpful to verify what is set for a user in Active Directory. This article provides instructions for querying these attributes with PowerShell.Â
Context
- AD
- Active Directory
- Tyler Identity
Cause
Tyler products often use Active Directory attributes as part of the authentication process. What is set on the product specific user account must match what is set in Active Directory.
Resolution
- Log into one of the Enterprise ERP servers with tylerservice or an admin account
- Run PowerShell as administrator
- In the script(s) below, replace username or emailaddress@xx.com with desired value, then paste into PowerShell and hit enter
| Get email address based on a specific username | Get-ADUser -identity username -Properties DisplayName, EmailAddress, Title | select DisplayName, EmailAddress, Title |
| Get email address and userPrincipalName based on a specific username | Get-ADUser -identity username -Properties DisplayName, EmailAddress, Title, userPrincipalName | select DisplayName, SamAccountName, EmailAddress, Title, userPrincipalName |
| Wide open query that will show if the email field is blank | Get-ADUser -identity username |
| Find a user filtered by email address. Helpful to tell if multiple accounts share an email address | Get-ADUser -Filter {Emailaddress -eq "emailaddress@xx.com"} -Properties DisplayName, SamAccountName, EmailAddress, Title | select DisplayName, SamAccountName, EmailAddress, Title |
Additional Information
If you receive the message, Get-ADUser : The term 'Get-ADUser' is not recognized as the name of a cmdlet, function, script file, or operable program
- In the PowerShell window, run the script below, then re-run the desired script from above
- Install-WindowsFeature RSAT-AD-PowerShell