Every now and then, someone comes to me with a request to retrieve a property or attribute on an AD object in PowerShell that doesn’t appear to be returned by Get-QADUser or Get-QADComputer. Yesterday, this was for a computer object, so we’ll use that as an example.
I was given a list of computers that we needed the password last set date for. Doing a quick
Get-QADComputer “computer” | select *
returned roughly 50 properties, but none of them appeared to be what I needed.
There is a trick I learned from Dmitry Sotnikov’s blog in the post “Get a list of ALL user properties”. Simply put, there is a –IncludeAllProperties parameter. Perfect! One could also find this in Get-Help Get-QADComputer, but I first learned of it skimming Dmitry’s blog posts.
Get-QADComputer “computer” -IncludeAllProperties | select *
This returns a long list of properties. Parsing through them, I found what I was looking for, pwdLastSet.
At this point, I could simply have just used the –IncludeAllProperties, but returning all of the properties takes more time, and I had a lot of computers to run this against. For example, compare the two commands below.
Measure-Command {Get-QADComputer “computer” -IncludeAllProperties }
…
TotalSeconds : 2.1021931
…
Measure-Command {Get-QADComputer “computer”}
…
TotalSeconds : 1.7405597
…
You may recall the discussion from a previous post where we discuss that the –DontUseDefaultIncludedProperties greatly increases the speed of AD object retrieval. However, how can one retrieve all properties and exclude the default properties at the same time? Clearly this isn’t the correct solution. What I want to do is return only the pwdLastSet property.
So how does one retrieve only a specific property? The key is in the –IncludedProperties parameter.
Get-QADComputer “computer” -IncludedProperties pwdLastSet | select name, pwdLastSet
Name : Computer
pwdLastSet : 1/1/2010 11:18:50 AM
In the interest of reducing the time it takes to run this against multiple computers, let’s look at how long it takes to run with and without the –DontUseDefaultIncludedProperties parameter.
Measure-Command { Get-QADComputer “Computer” -IncludedProperties pwdLastSet }
…
TotalSeconds : 1.7639832
…
Measure-Command { Get-QADComputer “Computer” -DontUseDefaultIncludedProperties -IncludedProperties pwdLastSet }
…
TotalSeconds : 1.72178
…
Not including the default properties appears to have only shaved a fraction of a second off the query time. In an individual query this may not seem worth typing out such a long parameter name. However, when grabbing hundreds or thousands of objects, those fractions of a second add up.
Finally, to speed things up even more, let’s try specifying that Computer is the name of the AD object I am searching for. Without specifying a parameter for the name Computer, the cmdlet and PowerShell do their magic on the backend to try to figure out what we’re searching for. This takes time.
Measure-Command { Get-QADComputer -Name “Computer” -DontUseDefaultIncludedProperties -IncludedProperties pwdLastSet }
…
TotalSeconds : 1.3745728
…
Not bad!
So, to put it all together on one line with an input file and exporting to CSV:
Get-Content “computers.txt“ | %{Get-QADComputer -Name $_ -DontUseDefaultIncludedProperties -IncludedProperties pwdLastSet} | Select Name,pwdLastSet | Export-Csv “Computers.csv“ -NoTypeInformation
I’ll most likely discuss setting any attribute, including non-default ones, in a later post. But if this is something you are interested in now, as it is a logical follow up to retrieving any given attribute, I would direct you to another Sotnikov post, “Set ANY AD attribute with PowerShell.”
~Daniel
Daniel Lange 
good info, thanks. I was able to find the property I needed using the following command: Get-QADComputer “computer” -IncludeAllProperties | select *
thanks again for posting this