DSQUERY FOR USERS

I need a script that does the following:

-Generate a list of all users my domain and save to a text file
-It must NOT list the user account that have been disabled

I am not too concerned with how pretty the output file looks as I will use Excel to import it into a workbook.  So the following format is ok:
"CN=Charles Ross,CN=Users,DC=mogan,DC=local"

Open in new window

LVL 4
every1isevil2Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MightySWCommented:
Hi, you will need an AD export script.

Try this site:

http://www.visualbasicscript.com/m_29830/tm.htm

Copy the text and then save it as a .vbs file

They have a great example that will go to excel.

HTH
0
MightySWCommented:
Wow, I just tried this.  It is AWESOME!  It will do everything you ask and more.  You can edit the fields as necessary.
0
MightySWCommented:
Ok, I see you have the disabled disclaimer in there.  Let me see what I can do.
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

every1isevil2Author Commented:
Thank you for the fast reply.

After looking at the code, which is quite nice, I am afraid that it does not meet either of my requirements.  I need it to send it to: a) text file and b) leave out disabled user accounts.

Please submit syntax/code.
0
MightySWCommented:
Ok, here you go.

Just wrote it out and tested.

Works great.  You may want to remove the disabled = no column.  

What happens is the query looks for disable accounts being set to 'yes' and filters them with dsget.

HTH



@echo off & Setlocal EnableDelayedExpansion
title Users that have not changed their password for at least 80 days.
 
:: note, Useraccounts that are Disabled 
:: are filtered out and these users do not appear on the list. 
 
:: There is also a disabled column.  You can remove that as necessary
 
:: Set the strOU to your applicable domain name and root  (domain.com) would be DC=domain,DC=com  (no spaces)
 
:: Will send txt file to C:\getusers.txt.  
 
:: There is not a limit on this query.
 
Set "strOU=DC=FQDN_DOMAIN_NAME_Suffix,DC=com"
 
echo/QUERYING (incl. sub-OUs):
echo/%strOU%
echo/
 
Set /a iCnt=0
For /f "skip=1 delims=" %%a in ( 
	'dsquery.exe user "%strOU%" -name * -limit 0 -stalepwd 0 ^| dsget user -disabled -dn ^|Findstr /iv "\<yes\>" ^|Findstr /iv "\<dsget\>" ^> c:\getUsers.txt'
	) DO (
   	echo %%a 
    	)
 
echo/&echo/&echo/finished.&pause>nul

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MightySWCommented:
Its actually set for stalepassword of 0, so it will get everybody.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Programming

From novice to tech pro — start learning today.