Your network contains an Active Directory forest.
The forest schema contains a custom attribute for user objects.
You need to give the human resources department a file that contains the last logon time and the custom attribute values for each user in the forest.
What should you use?
A. the Dsquery tool
B. the Export-CSV cmdlet
C. the Get-ADUser cmdlet
D. the Net.exe user command
Correct Answer: C
Explanation/Reference:
Practically the same question as K/Q43.
I find this one a bit tricky, as both the Get-ADUser cmdlet and the Dsquery tool seem to get the job done, I think. The other two options play no role here:
Export-CSV cannot perform queries. It is used to save queries that have been piped through.
Net User is too limited for our question.
Get-ADUser
References:
https://devcentral.f5.com/weblogs/Joe/archive/2009/01/09/powershell-abcs—o-is-for-output.aspx
http://social.technet.microsoft.com/Forums/en-US/winserverpowershell/thread/8d8649d9-f591-4b44-b838- e0f5f3a591d7
http://kpytko.wordpress.com/2012/07/30/lastlogon-vs-lastlogontimestamp/
Export-Csv
Reference:
http://technet.microsoft.com/en-us/library/ee176825.aspx Saving Data as a Comma-Separated Values File
The Export-Csv cmdlet makes it easy to export data as a comma-separated values (CSV) file; all you need to do is call Export-Csv followed by the path to the CSV file. For example, this command uses Get-Process to grab information about all the processes running on the computer, then uses Export-Csv to write that data to a file named C:ScriptsTest.txt:
Get-Process | Export-Csv c:scriptstest.txt.
Net User
Reference:
http://technet.microsoft.com/en-us/library/cc771865.aspx
Adds or modifies user accounts, or displays user account information.
DSQUERY
Reference 1:
http://technet.microsoft.com/en-us/library/cc754232.aspx
Parameters
{<StartNode> | forestroot | domainroot}
Specifies the node in the console tree where the search starts. You can specify the forest root (forestroot), domain root (domainroot), or distinguished name of a node as the start node <StartNode>. If you specify forestroot, AD DS searches by using the global catalog.
-attr {<AttributeList> | *}
Specifies that the semicolon separated LDAP display names included in <AttributeList> for each entry in the result set. If you specify the value of this parameter as a wildcard character (*), this parameter displays all attributes that are present on the object in the result set. In addition, if you specify a *, this parameter uses the default output format (a list), regardless of whether you specify the -l parameter. The default
<AttributeList> is a distinguished name.
Reference 2:
http://social.technet.microsoft.com/Forums/eu/winserverDS/thread/dda5fcd6-1a10-4d47-9379-02ca38aaa65b
Gives an example of how to find a user with certain attributes using Dsquery. Note that it uses domainroot as the startnode, instead of forestroot what we need.
Reference 3:
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/c6fc3826-78e1-48fd-ab6f-690378e0f787/
List all last login times for all users, regardless of whether they are disabled.
dsquery * -filter "(&(objectCategory=user)(objectClass=user))" -limit 0 -attr givenName sn sAMAccountName lastLogon >>c:last_logon_for_all.txt
Explanation/Reference:
Practically the same question as K/Q43.
I find this one a bit tricky, as both the Get-ADUser cmdlet and the Dsquery tool seem to get the job done, I think. The other two options play no role here:
Export-CSV cannot perform queries. It is used to save queries that have been piped through.
Net User is too limited for our question.
Get-ADUser
References:
https://devcentral.f5.com/weblogs/Joe/archive/2009/01/09/powershell-abcs—o-is-for-output.aspx
http://social.technet.microsoft.com/Forums/en-US/winserverpowershell/thread/8d8649d9-f591-4b44-b838- e0f5f3a591d7
http://kpytko.wordpress.com/2012/07/30/lastlogon-vs-lastlogontimestamp/
Export-Csv
Reference:
http://technet.microsoft.com/en-us/library/ee176825.aspx Saving Data as a Comma-Separated Values File
The Export-Csv cmdlet makes it easy to export data as a comma-separated values (CSV) file; all you need to do is call Export-Csv followed by the path to the CSV file. For example, this command uses Get-Process to grab information about all the processes running on the computer, then uses Export-Csv to write that data to a file named C:ScriptsTest.txt:
Get-Process | Export-Csv c:scriptstest.txt.
Net User
Reference:
http://technet.microsoft.com/en-us/library/cc771865.aspx
Adds or modifies user accounts, or displays user account information.
DSQUERY
Reference 1:
http://technet.microsoft.com/en-us/library/cc754232.aspx
Parameters
{<StartNode> | forestroot | domainroot}
Specifies the node in the console tree where the search starts. You can specify the forest root (forestroot), domain root (domainroot), or distinguished name of a node as the start node <StartNode>. If you specify forestroot, AD DS searches by using the global catalog.
-attr {<AttributeList> | *}
Specifies that the semicolon separated LDAP display names included in <AttributeList> for each entry in the result set. If you specify the value of this parameter as a wildcard character (*), this parameter displays all attributes that are present on the object in the result set. In addition, if you specify a *, this parameter uses the default output format (a list), regardless of whether you specify the -l parameter. The default
<AttributeList> is a distinguished name.
Reference 2:
http://social.technet.microsoft.com/Forums/eu/winserverDS/thread/dda5fcd6-1a10-4d47-9379-02ca38aaa65b
Gives an example of how to find a user with certain attributes using Dsquery. Note that it uses domainroot as the startnode, instead of forestroot what we need.
Reference 3:
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/c6fc3826-78e1-48fd-ab6f-690378e0f787/
List all last login times for all users, regardless of whether they are disabled.
dsquery * -filter "(&(objectCategory=user)(objectClass=user))" -limit 0 -attr givenName sn sAMAccountName lastLogon >>c:last_logon_for_all.txt