Solved

VB Script to output AD details to CSV/Notepad

Posted on 2010-09-20
5
697 Views
Last Modified: 2012-05-10
Hi Guys,
            I am after a single vbs script that can perform an export of Data from Active Directory for the entire domain, to either a CSV or txt file, I don't really mind which format as long as it is readable (seperate columns or tab seperated txt etc).

I am after the following:

Full Name
User Names
Created Date
Status (active/disabled/expired etc)
Last Logon Date
List of Groups the user is a member of

 I have researched on MS's technet script repository and numerous other sites, but none can give me what I am after or within 1 script/file.

We have numerous clients that have requested this type of information so it would be extremely helpful if you can provide any assistance.

thanks!

dan
0
Comment
Question by:KiandraSS
  • 2
  • 2
5 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 33721696
I like adfind for this sort of thing

Joe Richards created adfind  http://www.joeware.net/freetools/tools/adfind/index.htm

That will give you enabled, take away the ! before useraccountcontrol for disabled users

adfind -default -bit -f "&(objectcategory=person)(objectclass=user)(!userAccountControl:AND:=2)"  samaccountname sn givenname lastlogontimestamp whencreated memberof -csv -tdca > c:\UsersExport.csv

So I only pulled certain attributes but you can pull/export whatever you want.  A good page with what the attribute names are is here   http://www.selfadsi.org/user-attributes-w2k3.htm

powershell is another good method for pulling reports, some examples in the link below (I also used adfind to help there)

http://www.experts-exchange.com/Database/LDAP/Q_26253451.html

Thanks

Mike
0
 

Author Comment

by:KiandraSS
ID: 33722012
Hi Mike,
               awesome solution mate!  worked a treat :)  give that man his points!

thanks

dan
0
 

Author Closing Comment

by:KiandraSS
ID: 33722014
awesome
0
 
LVL 8

Expert Comment

by:spinzr0
ID: 33722134
If you want a VBS, here you go.  Let me know if I missed any fields.
On Error Resume Next



Set oFS = WScript.CreateObject("Scripting.FileSystemObject")

Set oFile = oFS.CreateTextFile("All Users with Data.txt", True) 



oFile.WriteLine "First Name" & vbTab & "Last Name" & vbTab & "Logon Name" & vbTab & "Display Name" & _

                vbTab & "Created Date" & vbTab & "Enabled/Disabled" & vbTab & "Expiration Date" & _

                vbTab & "Last Logon" & vbTab & "Groups"



Call EnumerateObjects(GetObject("LDAP://" & GetObject("LDAP://RootDSE").Get("DefaultNamingContext")))



oFile.Close

Set oFS = Nothing

WScript.Echo "Finished"



Sub EnumerateObjects(oContainer)

    On Error Resume Next



    For Each oObject In oContainer

        Select Case LCase(oObject.Class)

               Case "user"

                   For Each oGroup in oObject.MemberOf

                       sGroups = sGroups & GetObject("LDAP://" & oGroup).sAMAccountName & ","

                   Next

                   tAccountExpiration = oObject.AccountExpirationDate 

                   If err.number = -2147467259 Or (datediff("d","01/01/1970",dtmAccountExpiration)<=0) Then 

                       sExpiration = "Not specified" 

                   Else 

                       sExpiration = oObject.AccountExpirationDate 

                   End If



                   sGroups = Left(sGroups, Len(sGroups) - 1)

                   If oObject.userAccountControl = 512 Then

                       oFile.WriteLine oObject.givenName & vbTab & oObject.sn & vbTab & oObject.sAMAccountName & vbTab & _

                                       oObject.DisplayName & vbTab & oObject.whenCreated & vbTab & "Enabled" & vbTab & _

                                       sExpiration & vbTab & Integer8Date(oObject.lastLogonTimeStamp) & vbTab & sGroups

                   Else

                       oFile.WriteLine oObject.givenName & vbTab & oObject.sn & vbTab & oObject.sAMAccountName & vbTab & _

                                       oObject.DisplayName & vbTab & oObject.whenCreated & vbTab & "Disabled" & vbTab & _

                                       sExpiration & vbTab & Integer8Date(oObject.lastLogonTimeStamp) & vbTab & sGroups

                   End If

               Case "organizationalunit", "container"

                   Call EnumerateObjects(oObject)

        End Select

    Next

End Sub



Function Integer8Date(objDate)

    intpwdLastSet = objDate.HighPart*(2^32) + objDate.LowPart

    intpwdLastSet = intpwdLastSet / (60*10000000)

    intpwdLastSet = intpwdLastSet / 1440 + #1/1/1601#

    Integer8Date = CDate(intpwdLastSet)

End Function

Open in new window

0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33722493
thanks a lot man, and a lot of credit to Joe Richard's for adfind,  also make sure to look at all the cool shortcuts in adfind

adfind -sc /??
0

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now