locked
how to get list of active users with the details like samaccountname, name, department, job tittle, email in active directoy? RRS feed

  • Question

  • how to get list of active users with the details like samaccountname, name, department, job tittle, email in active directoy?
    Friday, April 13, 2012 1:46 PM

Answers

  • I you are not comfortable with the command line there is a free tool called adinfo that you may like
    http://www.cjwdev.co.uk/Software/ADReportingTool/Info.html


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    • Marked as answer by Gautam Ji Friday, April 13, 2012 8:13 PM
    Friday, April 13, 2012 2:45 PM
  • There are many options, such as VBScript or PowerShell. Following is a dsquery statement that can be run at the command prompt of a domain controller:

    dsquery * -filter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))" -attr sAMAccountName name title department mail -limit 0 > users.txt

    This creates the text file Users.txt in the current directory with the information. For more scripting solutions, ask your question in the Scripting Guys forum:

    http://social.technet.microsoft.com/Forums/en-US/ITCG/threads


    Richard Mueller - MVP Directory Services

    • Marked as answer by Gautam Ji Friday, April 13, 2012 8:12 PM
    Friday, April 13, 2012 1:58 PM
  • You can use third party software True Last Logon 2.9.You can export the file in excel for report creation.You can use the trial version this will achieve what you are looking for.

    True Last Logon displays the following Active Directory information:
    --Users real name and logon name
    --Detailed account status
    --Last Logon Date & Time
    --Last Logon Timestamp (Replicated value)
    --Account Expiry Date & Time
    --Enabled or Disabled Account
    --Locked Accounts
    --Password Expires
    --Password Last Set Date & Time
    --Logon Count
    --Bad Password Count
    --Expiry Date
    --You can also query for any other attribute (Example: Description, telephone Number, custom attibutes etc)

    Refer the below link for trial version:
    http://www.dovestones.com/products/True_Last_Logon.asp


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    • Marked as answer by Gautam Ji Friday, April 13, 2012 8:13 PM
    Friday, April 13, 2012 2:20 PM
  • You can also use quest ad cmdlets.

    get-qaduser -sizelimit 0 | Select Name, samaccountname,......... passwordlastset | export-csv c:\temp\users.csv

    Download the PDFs from Quest

    http://www.quest.com/powershell/activeroles-server.aspx

    Then use help within powershell for some examples

    help get-qaduser
    help set-qaduser

    You have to download and install the Quest cmdlets (free)
    http://www.quest.com/powershell/activeroles-server.aspx


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.


    • Edited by Sandesh Dubey Friday, April 13, 2012 2:44 PM
    • Proposed as answer by VenkatSP Friday, April 13, 2012 6:30 PM
    • Marked as answer by Gautam Ji Friday, April 13, 2012 8:13 PM
    Friday, April 13, 2012 2:21 PM
  • Hi

    You can also run the command to the export the detail in LDF file.

    Pls refer the given link.

    http://www.petri.co.il/using-csvde-ldifde-export-active-directory-snapshots-windows-server-2008.htm

    Ajay sharma.

    • Marked as answer by Gautam Ji Friday, April 13, 2012 8:13 PM
    Friday, April 13, 2012 2:22 PM

All replies

  • There are many options, such as VBScript or PowerShell. Following is a dsquery statement that can be run at the command prompt of a domain controller:

    dsquery * -filter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))" -attr sAMAccountName name title department mail -limit 0 > users.txt

    This creates the text file Users.txt in the current directory with the information. For more scripting solutions, ask your question in the Scripting Guys forum:

    http://social.technet.microsoft.com/Forums/en-US/ITCG/threads


    Richard Mueller - MVP Directory Services

    • Marked as answer by Gautam Ji Friday, April 13, 2012 8:12 PM
    Friday, April 13, 2012 1:58 PM
  • You can use third party software True Last Logon 2.9.You can export the file in excel for report creation.You can use the trial version this will achieve what you are looking for.

    True Last Logon displays the following Active Directory information:
    --Users real name and logon name
    --Detailed account status
    --Last Logon Date & Time
    --Last Logon Timestamp (Replicated value)
    --Account Expiry Date & Time
    --Enabled or Disabled Account
    --Locked Accounts
    --Password Expires
    --Password Last Set Date & Time
    --Logon Count
    --Bad Password Count
    --Expiry Date
    --You can also query for any other attribute (Example: Description, telephone Number, custom attibutes etc)

    Refer the below link for trial version:
    http://www.dovestones.com/products/True_Last_Logon.asp


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    • Marked as answer by Gautam Ji Friday, April 13, 2012 8:13 PM
    Friday, April 13, 2012 2:20 PM
  • You can also use quest ad cmdlets.

    get-qaduser -sizelimit 0 | Select Name, samaccountname,......... passwordlastset | export-csv c:\temp\users.csv

    Download the PDFs from Quest

    http://www.quest.com/powershell/activeroles-server.aspx

    Then use help within powershell for some examples

    help get-qaduser
    help set-qaduser

    You have to download and install the Quest cmdlets (free)
    http://www.quest.com/powershell/activeroles-server.aspx


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.


    • Edited by Sandesh Dubey Friday, April 13, 2012 2:44 PM
    • Proposed as answer by VenkatSP Friday, April 13, 2012 6:30 PM
    • Marked as answer by Gautam Ji Friday, April 13, 2012 8:13 PM
    Friday, April 13, 2012 2:21 PM
  • Hi

    You can also run the command to the export the detail in LDF file.

    Pls refer the given link.

    http://www.petri.co.il/using-csvde-ldifde-export-active-directory-snapshots-windows-server-2008.htm

    Ajay sharma.

    • Marked as answer by Gautam Ji Friday, April 13, 2012 8:13 PM
    Friday, April 13, 2012 2:22 PM
  • I you are not comfortable with the command line there is a free tool called adinfo that you may like
    http://www.cjwdev.co.uk/Software/ADReportingTool/Info.html


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    • Marked as answer by Gautam Ji Friday, April 13, 2012 8:13 PM
    Friday, April 13, 2012 2:45 PM
  • As mentioned by previous people PowerShell is a great way to do these kinds of queries.

    However, if you are not a PowerShell expert, the Active Directory Admin Center is an awesome GUI tool that can do powerful searches with ease.

    Friday, April 13, 2012 5:42 PM
  • hi,

    You can take all attributes from AD powershell

    And the command is

    Get-ADuser -Filter * -Properties * | FT SamAccountName,UserPrincipleName,EmailAddress,Department >C:\list.tx

    you can include the required field after the pipeline.

    Regards,

    Jeeva

    Monday, January 20, 2014 7:26 AM
  • Hi,

    how about if we want to export for First Name, Last Name, Display Name, SAM Account Name (User Login ID), Primary SMTP Address, Proxy Addresses, TargetAddress and Distinguished Name.

    Regards

    Muthu


    Thanks Muthu

    Tuesday, November 18, 2014 8:32 PM
  • The tools and scripts mentioned above can be used. The attributes that correspond to the fields you mention are: givenName, sn, displayName, sAMAccountName, mail, proxyAddresses, and distinguishedName. But I don't know about Target Address. An Exchange property?


    Richard Mueller - MVP Directory Services

    Tuesday, November 18, 2014 9:44 PM
  • Hi Can you provide the exact cmd in dsquery or in ps Thanks Muthu

    Thanks Muthu

    Thursday, November 20, 2014 2:17 AM
  • A dsquery solution:

    dsquery * -Filter "(&(objectCategory=person)(objectClass=user))" -Attr givenName sn displayName sAMAccountName mail proxyAddresses distinguishedName > AllUsers.txt

    A PowerShell solution using the AD module cmdlet:

    Get-ADUser -Filter * -Properties givenName, sn, displayName, sAMAccountName, mail, proxyAddresses, distinguishedName | ft givenName, sn, displayName, sAMAccountName, mail, proxyAddresses, distinguishedName > .\AllUsers.txt


    Richard Mueller - MVP Directory Services

    Thursday, November 20, 2014 4:14 AM
  • Get all Active Directory users list.

    open windows powershell on Active Directory server.


    Import-Module ac* 
    get-aduser -filter * -Properties displayname, emailaddress | select displaname, emailaddress |export-csv c:\userwithemailaddress.csv

    Wednesday, February 15, 2017 1:04 PM
  • Thank you very much Richard Mueller.  This worked for what I needed. =)


    Friday, July 21, 2017 8:58 PM
  • You are welcome. Glad to help.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Friday, July 21, 2017 10:27 PM
  • Hi Sandesh, the Dovestones URL returns a 404.

    Here is the updated link: https://dovestones.com/active-directory-last-logon-tool/

    Sunday, August 4, 2019 12:48 AM