Export local Active Directory information with PowerShell

Need to get a list of users in your domain? Or perhaps an inventory list of computers, or security groups?

PowerShell is your friend! 🤝

Requirements and installation

For first time and one-time setup you need to do the following:

  1. Download Remote Server Administration Tools for Windows 10 from Microsoft and install it. Make sure you choose the one appropriate for your operating system.
  2. In Windows run OptionalFeatures.exe and turn on Remote Server Administration Tools.
  3. In PowerShell you will have to run Import-Module ActiveDirectory.

Usage

Here are some common use cases. If you want more you can check out the official documentation.

Export all users in AD with all attributes to a csv file.

Make sure you Set-Location -Path or cd to the export path first.

Get-ADUser -Filter * -Properties * | output.csv -Encoding unicode

Export users of a specific organizational unit:

If your domain is adatum.local then you should write DC=adatum,DC=local. For some strange reason the list of OU’s and DCs must be listed in a reverse order like this:

Get-ADUser -Credential abc.local\Administrator -server servername.abc.local -filter * -SearchBase "OU=Finance,OU=Users,OU=Adatum,DC=adtm,DC=local" -Properties "DisplayName","EmailAddress" | select DisplayName,EmailAddress

But we could make it tidier by setting the list of OU and DC as variables. We can also make a variable with attributes. This makes it easier to change or adapt the script to different tasks.

$list = "OU=Finance,OU=Users,OU=Adatum,DC=adtm,DC=local"
$attributes = "DisplayName","EmailAddress"
Get-ADUser -Credential abc.local\Administrator -server servername.abc.local -filter * -SearchBase $list -Properties $attributes | select $attributes

Export users that are actually human employees

A lot of times you might have some service-accounts, test accounts or similar.

If you just want to export a list of actual employees you can filter the results by using any attribute such as the employee number or employeeID.

Get-ADUser -Filter 'employeeID -like "*"' -properties DisplayName,mobile,EmailAddress | select DisplayName,mobile,EmailAddress

Get all disabled users that have an employee number

Get-ADUser -Filter {employeeID -like "*" -AND enabled -eq $false} -properties DisplayName,EmailAddress | select DisplayName,EmailAddress

Export memberships of users with employee number

Find all employees with employee number and export their respective memberships to individual text files.

# Find all users in AD with employee number and export a text file for each user with their respective memberships.

$users = Get-ADUser -Credential abc.local\Administrator -server servername.abc.local -Filter 'employeeID -like "*"'
foreach ($user in $users) {
    $filename = $(get-date -f yyyy-MM-dd-HH-mm-ss) + ' - ' + $user.Name     
    (Get-ADUser -Credential abc.local\Administrator -server servername.abc.local –Identity $user –Properties MemberOf).MemberOf | Out-File C:\your_folder\$filename.txt
}

Export all attributes of users with employee number

Find all employees with employee number and export their all their respective attributes to individual text files:

# Find all users in AD with emplyee number and export a text file for each user with their respective memberships.

$users = Get-ADUser -Credential abc.local\Administrator -server servername.abc.local -Filter 'employeeID -like "*"'
foreach ($user in $users) {
    $filename = $(get-date -f yyyy-MM-dd-HH-mm-ss) + ' - ' + $user.Name
    (Get-ADUser –Identity $user –Properties *) | Out-File C:\your_folder\$filename.txt
}

Export a TXT file for each user with containing attributes of your choice

# Search the "whole shebang" or filter specific attributes?

In this example, it exports TXT files containing mobile number from AD.


$variable1 = Get-ADUser -Credential abc.local\Administrator -server servername.abc.local -Filter 'employeeID -like "*"'
# Make output folder if it does not exist
$path = "$home\Desktop\PowerShell-export\" ; md $path -Force
# For each - do this
foreach ($user in $variable1) {
    # How should each file be named?
    $filename = $user.Name
    # What would you like each file to contain and where to save them?
    (Get-ADUser -Credential abc.local\Administrator -server servername.abc.local –Identity $user –Properties mobile).mobile | Out-File "$path\$filename.txt"
}

There is a billion things you can do with these commands. Knock yourself out! 😜

Leave a Reply

Your email address will not be published. Required fields are marked *