How to display “Description” attribute in any user's account?

Question

I want to use the Get-ADUser cmdlet to determine who's accounts are disabled.

The "Description" attribute in any user's account is not showing up.

Is it only the attributes that you get when you do Get-ADUser [username], as listed here:

DistinguishedName
Enabled
GivenName
Name
ObjectClass
ObjectGUID
SamAccountName
SID
Surname
UserPrincipalName

We list the employeeID number in the description of the user account and that's helpful when we have duplicate names and need to figure out who's who. The command I'm using is:

Get-ADUser -SearchBase "OU=ou,OU=ou,OU=ou,DC=dc,DC=dc,DC=dc" -Filter {Enabled -eq $false} | FT SamAccountName,Name,Description

and the results for one person would look like this:

SamAccountName          Name                   Description
-------------------------          --------                   ---------------
john.doe                          John Doe

Just a blank spot, not even <> like if you listed something that doesn't exist.

That tells me the Powershell command acknowledges the attribute exists, just won't grab it from the AD Account's info.

Itchydon Itchydon · Accepted Answer · 2017-06-22T22:47:36

Sounds like it is not one of the default properties that get-aduser displays. Hence in order to get this information you have to explicitly tell it to display the description property. Hence:

Get-ADUser -Properties description -SearchBase "OU=ou,OU=ou,OU=ou,DC=dc,DC=dc,DC=dc" -Filter {Enabled -eq $false} | FT SamAccountName,Name,Description

How to display “Description” attribute in any user's account?

1 Answers