Active Directory Audit

Posted on 2010-01-05
Last Modified: 2012-05-08

We are having a bit of an audit at work and the 3rd Party want me to provide them with some information.

This information is things like:

System Generated List of Users
System Generated List of Users and the Groups they are in
System Generated List of User Accounts Disabled.

What is the best way to get this sort of thing?

Is there a 3rd Party piece of software?


Question by:essexboy80
    LVL 14

    Expert Comment

    LVL 57

    Accepted Solution

    There are a lot of good ways to do this, you could use adfind by Joe Richards for this
    In my examples I'm creating a csv file on your C drive for the results
    System Generated List of Users
    adfind -default -f "&(objectcategory=person)(objectclass=user)" samaccountname displayname -csv > c:\users.csv
     System Generated List of Users and the Groups they are in
    adfind -default -f "&(objectcategory=person)(objectclass=user)" samaccountname displayname memberof -csv > c:\usersGroups.csv  
    System Generated List of User Accounts Disabled.
    adfind -default  -bit -f &(objectcategory=person)(objectclass=user)(userAccountControl:AND:=2) samaccountname displayname -csv > c:\disabledUsers.csv
    LVL 18

    Expert Comment

    For 3rd party product, we use ESR from scriptlogic. Here's a capture to give you some idea what you can do.
    LVL 1

    Author Comment

    still trying to achieve this

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Suggested Solutions

    At some point in your work you may run into a need to globally assign a specific file type to open using a specific program. I recently was tasked with completing this objective. In my case it was setting the TSV file association to open with Excel.…
    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now