The concept of default and extended properties available with the PowerShell Active Directory cmdlets are defined in the Wiki article "Active Directory: PowerShell AD Module Properties" linked in the "See Also" section below.
The PowerShell Get-ADUser cmdlet supports the default and extended properties in the following table. Many can be assigned values with the Set-ADUser cmdlet. In the table, default properties are shown with the property name highlighted in red. Extended properties are highlighted in blue.
| Property | Syntax | R/RW | lDAPDisplayName |
| AccountExpirationDate | DateTime | RW | accountExpires, converted to local time |
| AccountLockoutTime | DateTime | RW | lockoutTime, converted to local time |
| AccountNotDelegated | Boolean | RW | userAccountControl (bit mask 1048576) |
| AllowReversiblePasswordEncryption | Boolean | RW | userAccountControl (bit mask 128) |
| BadLogonCount | Int32 | R | badPwdCount |
| CannotChangePassword | Boolean | RW | nTSecurityDescriptor |
| CanonicalName | String | R | canonicalName |
| Certificates | ADCollection | RW | userCertificate |
| ChangePasswordAtLogon | Boolean | W | If pwdLastSet = 0 |
| City | String | RW | l |
| CN | String | R | cn |
| Company | String | RW | company |
| Country | String | RW | c (2 character abbreviation) |
| Created | DateTime | R | whenCreated |
| Deleted | Boolean | R | isDeleted |
| Department | String | RW | department |
| Description | String | RW | description |
| DisplayName | String | RW | displayName |
| DistinguishedName | String (DN) | RW | distinguishedName |
| Division | String | RW | division |
| DoesNotRequirePreAuth | Boolean | RW | userAccountControl (bit mask 4194304) |
| EmailAddress | String | RW | |
| EmployeeID | String | RW | employeeID |
| EmployeeNumber | String | RW | employeeNumber |
| Enabled | Boolean | RW | userAccountControl (bit mask not 2) |
| Fax | String | RW | facsimileTelephoneNumber |
| GivenName | String | RW | givenName |
| HomeDirectory | String | RW | homeDirectory |
| HomedirRequired | Boolean | RW | userAccountControl (bit mask 8) |
| HomeDrive | String | RW | homeDrive |
| HomePage | String | RW | wWWHomePage |
| HomePhone | String | RW | homePhone |
| Initials | String | RW | initials |
| LastBadPasswordAttempt | DateTime | R | badPasswordTime, converted to local time |
| LastKnownParent | String (DN) | R | lastKnownParent |
| LastLogonDate | DateTime | R | lastLogonTimeStamp, converted to local time |
| LockedOut | Boolean | RW | msDS-User-Account-Control-Computed (bit mask 16) |
| LogonWorkstations | String | RW | userWorkstations |
| Manager | String (DN) | RW | manager |
| MemberOf | ADCollection | R | memberOf |
| MNSLogonAccount | Boolean | RW | userAccountControl (bit mask 131072) |
| MobilePhone | String | RW | mobile |
| Modified | DateTime | R | whenChanged |
| Name | String | R | cn (Relative Distinguished Name) |
| ObjectCategory | String | R | objectCategory |
| ObjectClass | String | RW | objectClass, most specific value |
| ObjectGUID | Guid | RW | objectGUID converted to string |
| Office | String | RW | physicalDeliveryOfficeName |
| OfficePhone | String | RW | telephoneNumber |
| Organization | String | RW | o |
| OtherName | String | RW | middleName |
| PasswordExpired | Boolean | RW | msDS-User-Account-Control-Computed (bit mask 8388608) (see Note below) |
| PasswordLastSet | DateTime | RW | pwdLastSet, local time |
| PasswordNeverExpires | Boolean | RW | userAccountControl (bit mask 65536) |
| PasswordNotRequired | Boolean | RW | userAccountControl (bit mask 32) |
| POBox | String | RW | postOfficeBox |
| PostalCode | String | RW | postalCode |
| PrimaryGroup | String | R | Group with primaryGroupToken |
| ProfilePath | String | RW | profilePath |
| ProtectedFromAccidentalDeletion | Boolean | RW | nTSecurityDescriptor |
| SamAccountName | String | RW | sAMAccountName |
| ScriptPath | String | RW | scriptPath |
| ServicePrincipalNames | ADCollection | RW | servicePrincipalName |
| SID | Sid | RW | objectSID converted to string |
| SIDHistory | ADCollection | R | sidHistory |
| SmartcardLogonRequired | Boolean | RW | userAccountControl (bit mask 262144) |
| State | String | RW | st |
| StreetAddress | String | RW | streetAddress |
| Surname | String | RW | sn |
| Title | String | RW | title |
| TrustedForDelegation | Boolean | RW | userAccountControl (bit mask 524288) |
| TrustedToAuthForDelegation | Boolean | RW | userAccountControl (bit mask 16777216) |
| UseDESKeyOnly | Boolean | RW | userAccountControl (bit mask 2097152) |
| UserPrincipalName | String | RW | userPrincipalName |
The Get-ADUser cmdlet exposes the PasswordExpired extended property, which is a boolean indicating if the password is expired. It is based on the msDS-User-Account-Control-Computed attribute. However, you cannot filter with this property. This is probably because the attribute is operational.
Active Directory: PowerShell AD Module Properties
Active Directory PowerShell Cmdlet Properties
Active Directory: Get-ADComputer Default and Extended Properties
Active Directory: Get-ADGroup Default and Extended Properties
Active Directory: Get-ADObject Default and Extended Properties
Active Directory: Get-ADOrganizationalUnit Default and Extended Properties