Active Directory (AD) objects have many attributes stored in, but most PowerShell cmdlets show only a default subset when you query them.
The -Properties parameter lets you specify which additional attributes you want to retrieve.
Default Behavior
When you run a cmdlet without -Properties PowerShell returns only default properties.
You can specify additional attributes with -Properties:
# User example
Get-ADUser -Filter * -Properties EmailAddress, Department
# Group example
Get-ADGroup -Filter * -Properties Description, ManagedBy, Members
This retrieves the requested properties along with the default ones.
Retrieve All Properties
To get every attribute stored in AD for an object:
# User example
Get-ADUser -Identity <UserName> -Properties *
# Group example
Get-ADGroup -Identity <GroupName> -Properties *
Warning:
Using
-Properties * can be slow in large environments because it retrieves all attributes.