Need help with exporting only ACTIVE/ENABLED users from Active Directory
I'm having difficulty actually exporting only active/enabled users from Active Directory. I dont want disabled objects, and i dont want custom contact objects, only standard user accounts.
here's what I've tried
- basic AD export from the ADUC utility, right clicking on the OU
> this exports disabled objects
- DoveStone Suite AD Bulk Export
> this exports disabled objects
- using the LDIFDE utility per this technet article http://technet.microsoft.com/en-us/library/bb727091.aspx
> this also exports disabled users and it also exports contacts (perhaps i'm missing the right syntax on excluding contacts
- using dsquery
> used this which also grabbed disabled users and contacts
- using csvde
> used this query, but throws WAY too much garbage, and also contacts
i've found some useful dsquery commands that filter out stalepwds, inactive accounts, but I need a way to export the active user accounts (with their emails) and exclude contacts and deliver them to a txt or csv file
Anyone got any ideas?
Many thanks in advance
here's what I've tried
- basic AD export from the ADUC utility, right clicking on the OU
> this exports disabled objects
- DoveStone Suite AD Bulk Export
> this exports disabled objects
- using the LDIFDE utility per this technet article http://technet.microsoft.com/en-us/library/bb727091.aspx
> this also exports disabled users and it also exports contacts (perhaps i'm missing the right syntax on excluding contacts
- using dsquery
> used this which also grabbed disabled users and contacts
dsquery * -filter "(&(objectCategory=person)(objectClass=user)(mail=*))" -attr mail displayname -limit 0 > email_addresses.txt- using csvde
> used this query, but throws WAY too much garbage, and also contacts
csvde -f adusers2.csv -r objectClass=personi've found some useful dsquery commands that filter out stalepwds, inactive accounts, but I need a way to export the active user accounts (with their emails) and exclude contacts and deliver them to a txt or csv file
Anyone got any ideas?
Many thanks in advance
Should have added this to may last response, if you like the GUI nice free tool here
http://cjwdev.co.uk/Software/ADReportingTool/Info.html
adinfo
screenshots from my lab attached.
Thanks
Mike
adinfo1.jpg
adinfo2.jpg
http://cjwdev.co.uk/Software/ADReportingTool/Info.html
adinfo
screenshots from my lab attached.
Thanks
Mike
adinfo1.jpg
adinfo2.jpg
ASKER
@mkline71
hey thanks for the quick response. I've actually used Adfind before -- but forgot about it this time.
I tried what you suggested, but it choked on the (objectclass)
I had to take out the (&) and then it didnt give the same error, but then it complained about the domain controller
hey thanks for the quick response. I've actually used Adfind before -- but forgot about it this time.
I tried what you suggested, but it choked on the (objectclass)
(objectclass was unexpected at this time.
I had to take out the (&) and then it didnt give the same error, but then it complained about the domain controller
C:\>adfind -default -bit -f "(objectcategory=person)(objectclass =user)(!us erAcc
ountControl:AND:=2)" samaccountname givenname sn mail -nodn -csv > c:\enabledUs
ers.csv
ldap_get_next_page_s: [lc-dc03.mydomain.com] Error 0x34 (52) - Unavailable
You forgot the & at the beginning, look at the sample again...very close
Give it a try again.
Thanks
Mike
Give it a try again.
Thanks
Mike
What happened when you left the & in?
ASKER
Yeh, i just copied the line from your first text directly into the cmd window:
C:\>adfind -default -bit -f "&(objectcategory=person)(objectclass=user)(!userAc
countControl:AND:=2)" samaccountname givenname sn mail -nodn -csv > c:\enabledU
sers.csv
[b](objectclass was unexpected at this time.[/b]
in Powershell using the ActiveDirectory module:
Get-ADUser -Filter {enabled -eq $true} -properties mail -SearchBase "OU=MY OU,DC=MYDOMAIN,DC=COM" | select mail > C:\USERS.TXT
Get-ADUser -Filter {enabled -eq $true} -properties mail -SearchBase "OU=MY OU,DC=MYDOMAIN,DC=COM" | select mail > C:\USERS.TXT
That is very odd
Just try
adfind -default -f "&(objectcategory=person)(
that will spit out all users then we go from there
screenshots of both attached
adfind-all-users.jpg
adfind-enabled-users.jpg
Just try
adfind -default -f "&(objectcategory=person)(
that will spit out all users then we go from there
screenshots of both attached
adfind-all-users.jpg
adfind-enabled-users.jpg
ASKER
@zouleous
installed Powershell via this exe : WindowsServer2003-KB968930
Perhaps I need the ADWS on the server?
installed Powershell via this exe : WindowsServer2003-KB968930
PS U:\> Get-ADUser -Filter {enabled -eq $true} -properties mail -SearchBase "OU=SF Corp,DC=lesconcierges,DC=com" | selec
t mail > C:\ADExport-test.txt
The term 'Get-ADUser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:11
+ Get-ADUser <<<< -Filter {enabled -eq $true} -properties mail -SearchBase "OU=SF Corp,DC=lesconcierges,DC=com" | sele
ct mail > C:\ADExport-test.txt
+ CategoryInfo : ObjectNotFound: (Get-ADUser:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Perhaps I need the ADWS on the server?
ASKER
@mkline71
was able to run the first command and got a big list of users spat out. Wanted to run that second command you posted, but the line wrap looks like it cut off part of the command.
was able to run the first command and got a big list of users spat out. Wanted to run that second command you posted, but the line wrap looks like it cut off part of the command.
ok good if the first command worked then that is all users just need to modify it a bit
adfind -default -bit -f “&(objectcategory=person)(
adfind -default -bit -f “&(objectcategory=person)(
Yes...if you don't have a 2008 R2 domain controller then you will need to install the Active Directory Web Service.
http://www.microsoft.com/download/en/details.aspx?id=2852
It sounds like the reason you got error you got is because you don't have the cmdlet available though. That means you didn't import the Active Directory module in to your current Powershell session. Make sure it's installed like the screenshot shows. Once it's installed you can run it from Administrative Tools or simply type the following line in a powershell session:
import-module ActiveDirectory
ActiveDirectoryPSM.jpg
http://www.microsoft.com/download/en/details.aspx?id=2852
It sounds like the reason you got error you got is because you don't have the cmdlet available though. That means you didn't import the Active Directory module in to your current Powershell session. Make sure it's installed like the screenshot shows. Once it's installed you can run it from Administrative Tools or simply type the following line in a powershell session:
import-module ActiveDirectory
ActiveDirectoryPSM.jpg
By the way I don't have a 2008 R2 Domain Controller so I had to install the web service on a Server 2003 R2 Domain Controller. It's a pretty easy install and also allows you to use the new "Active Directory Administrative Center" tool even without Server 2008 R2 - nothing amazing, but it's kinda cool. Once you install it you can administer remotely using RSAT (Remote Server Administration Tools for Windows 7) from your Windows 7 client after you check the box in the screenshot.
Then whenever you run the powershell command "import-module ActiveDirectory" it will look for a domain controller with the web service running. If one is not available you will get an error that says it couldn't find any available domain controller running ADWS.
Then whenever you run the powershell command "import-module ActiveDirectory" it will look for a domain controller with the web service running. If one is not available you will get an error that says it couldn't find any available domain controller running ADWS.
ASKER
@mkline71
the export tool from cjwdev (ADInfoFreeEdition) seems to be working pretty good. Considering I've got some mgmt all frazzled b/c of an upcoming audit, and I've got some other bigger fish to fry -- I think this will work for now.
I ran the last command you gave me and it just spat out the column headers, so I went and tried the ADInfoFreeEdition, and it worked swimmingly.
@Zouleous.
for time sakes, I'm going to come back to the ADWS tool, and try that later. I'm doing all this RDP to a server,which is win2k3, and I dont feel like booting up the Win7 VM right now, and dealing with it. I'm on mac so its just easier to move on right now.
Thanks both to you for your help
the export tool from cjwdev (ADInfoFreeEdition) seems to be working pretty good. Considering I've got some mgmt all frazzled b/c of an upcoming audit, and I've got some other bigger fish to fry -- I think this will work for now.
I ran the last command you gave me and it just spat out the column headers, so I went and tried the ADInfoFreeEdition, and it worked swimmingly.
@Zouleous.
for time sakes, I'm going to come back to the ADWS tool, and try that later. I'm doing all this RDP to a server,which is win2k3, and I dont feel like booting up the Win7 VM right now, and dealing with it. I'm on mac so its just easier to move on right now.
Thanks both to you for your help
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Adfind turns out to be a good tool.
So here it is using adfind by MVP Joe Richards for this
http://www.joeware.net/freetools/tools/adfind/index.htm
adfind -default -bit -f “&(objectcategory=person)(
Notice I only exported a few attributes, you can add to that list, good page will all the attribute names here http://www.selfadsi.org/user-attributes-w2k3.htm
Thanks
mike