IST / SOLL powershell script for Active Directory

How to make a IST/SOLL overview from all your Active Directory (AD) users with just a single powershell command.

Get-ADUser -Filter '*' -Properties * |
    Select-Object DisplayName, Description, SamAccountName, Enabled, CanonicalName, @{l="Member oF";e={[string]$_.memberof}}, @{n='LastLogon';e={[DateTime]::FromFileTime($_.LastLogon).ToString('yyyy-MM-dd HH:mm')}} |
    Export-Csv 'ist-soll.csv' -NoType

This will give you a CSV file which you can import in Excel or a database with an overview of current users, account status, groups where the user is a member of and their last logon timestamp.
For an IST/SOLL you can compare this generated list with an older created file and see if there are accounts created which should not be there!

You can easily add or remove more details from the AD.
Check out the microsoft site for other details you can add.

https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-aduser

Was this post helpful?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.