VB Script to output AD details to CSV/Notepad

Posted on 2010-09-20
Last Modified: 2012-05-10
Hi Guys,
            I am after a single vbs script that can perform an export of Data from Active Directory for the entire domain, to either a CSV or txt file, I don't really mind which format as long as it is readable (seperate columns or tab seperated txt etc).

I am after the following:

Full Name
User Names
Created Date
Status (active/disabled/expired etc)
Last Logon Date
List of Groups the user is a member of

 I have researched on MS's technet script repository and numerous other sites, but none can give me what I am after or within 1 script/file.

We have numerous clients that have requested this type of information so it would be extremely helpful if you can provide any assistance.


Question by:KiandraSS
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 57

Accepted Solution

Mike Kline earned 500 total points
ID: 33721696
I like adfind for this sort of thing

Joe Richards created adfind

That will give you enabled, take away the ! before useraccountcontrol for disabled users

adfind -default -bit -f "&(objectcategory=person)(objectclass=user)(!userAccountControl:AND:=2)"  samaccountname sn givenname lastlogontimestamp whencreated memberof -csv -tdca > c:\UsersExport.csv

So I only pulled certain attributes but you can pull/export whatever you want.  A good page with what the attribute names are is here

powershell is another good method for pulling reports, some examples in the link below (I also used adfind to help there)



Author Comment

ID: 33722012
Hi Mike,
               awesome solution mate!  worked a treat :)  give that man his points!



Author Closing Comment

ID: 33722014

Expert Comment

ID: 33722134
If you want a VBS, here you go.  Let me know if I missed any fields.
On Error Resume Next

Set oFS = WScript.CreateObject("Scripting.FileSystemObject")
Set oFile = oFS.CreateTextFile("All Users with Data.txt", True) 

oFile.WriteLine "First Name" & vbTab & "Last Name" & vbTab & "Logon Name" & vbTab & "Display Name" & _
                vbTab & "Created Date" & vbTab & "Enabled/Disabled" & vbTab & "Expiration Date" & _
                vbTab & "Last Logon" & vbTab & "Groups"

Call EnumerateObjects(GetObject("LDAP://" & GetObject("LDAP://RootDSE").Get("DefaultNamingContext")))

Set oFS = Nothing
WScript.Echo "Finished"

Sub EnumerateObjects(oContainer)
    On Error Resume Next

    For Each oObject In oContainer
        Select Case LCase(oObject.Class)
               Case "user"
                   For Each oGroup in oObject.MemberOf
                       sGroups = sGroups & GetObject("LDAP://" & oGroup).sAMAccountName & ","
                   tAccountExpiration = oObject.AccountExpirationDate 
                   If err.number = -2147467259 Or (datediff("d","01/01/1970",dtmAccountExpiration)<=0) Then 
                       sExpiration = "Not specified" 
                       sExpiration = oObject.AccountExpirationDate 
                   End If

                   sGroups = Left(sGroups, Len(sGroups) - 1)
                   If oObject.userAccountControl = 512 Then
                       oFile.WriteLine oObject.givenName & vbTab & & vbTab & oObject.sAMAccountName & vbTab & _
                                       oObject.DisplayName & vbTab & oObject.whenCreated & vbTab & "Enabled" & vbTab & _
                                       sExpiration & vbTab & Integer8Date(oObject.lastLogonTimeStamp) & vbTab & sGroups
                       oFile.WriteLine oObject.givenName & vbTab & & vbTab & oObject.sAMAccountName & vbTab & _
                                       oObject.DisplayName & vbTab & oObject.whenCreated & vbTab & "Disabled" & vbTab & _
                                       sExpiration & vbTab & Integer8Date(oObject.lastLogonTimeStamp) & vbTab & sGroups
                   End If
               Case "organizationalunit", "container"
                   Call EnumerateObjects(oObject)
        End Select
End Sub

Function Integer8Date(objDate)
    intpwdLastSet = objDate.HighPart*(2^32) + objDate.LowPart
    intpwdLastSet = intpwdLastSet / (60*10000000)
    intpwdLastSet = intpwdLastSet / 1440 + #1/1/1601#
    Integer8Date = CDate(intpwdLastSet)
End Function

Open in new window

LVL 57

Expert Comment

by:Mike Kline
ID: 33722493
thanks a lot man, and a lot of credit to Joe Richard's for adfind,  also make sure to look at all the cool shortcuts in adfind

adfind -sc /??

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question