VB Script to output AD details to CSV/Notepad

Posted on 2010-09-20
Last Modified: 2012-05-10
Hi Guys,
            I am after a single vbs script that can perform an export of Data from Active Directory for the entire domain, to either a CSV or txt file, I don't really mind which format as long as it is readable (seperate columns or tab seperated txt etc).

I am after the following:

Full Name
User Names
Created Date
Status (active/disabled/expired etc)
Last Logon Date
List of Groups the user is a member of

 I have researched on MS's technet script repository and numerous other sites, but none can give me what I am after or within 1 script/file.

We have numerous clients that have requested this type of information so it would be extremely helpful if you can provide any assistance.


Question by:KiandraSS
  • 2
  • 2
LVL 57

Accepted Solution

Mike Kline earned 500 total points
ID: 33721696
I like adfind for this sort of thing

Joe Richards created adfind

That will give you enabled, take away the ! before useraccountcontrol for disabled users

adfind -default -bit -f "&(objectcategory=person)(objectclass=user)(!userAccountControl:AND:=2)"  samaccountname sn givenname lastlogontimestamp whencreated memberof -csv -tdca > c:\UsersExport.csv

So I only pulled certain attributes but you can pull/export whatever you want.  A good page with what the attribute names are is here

powershell is another good method for pulling reports, some examples in the link below (I also used adfind to help there)



Author Comment

ID: 33722012
Hi Mike,
               awesome solution mate!  worked a treat :)  give that man his points!



Author Closing Comment

ID: 33722014

Expert Comment

ID: 33722134
If you want a VBS, here you go.  Let me know if I missed any fields.
On Error Resume Next

Set oFS = WScript.CreateObject("Scripting.FileSystemObject")
Set oFile = oFS.CreateTextFile("All Users with Data.txt", True) 

oFile.WriteLine "First Name" & vbTab & "Last Name" & vbTab & "Logon Name" & vbTab & "Display Name" & _
                vbTab & "Created Date" & vbTab & "Enabled/Disabled" & vbTab & "Expiration Date" & _
                vbTab & "Last Logon" & vbTab & "Groups"

Call EnumerateObjects(GetObject("LDAP://" & GetObject("LDAP://RootDSE").Get("DefaultNamingContext")))

Set oFS = Nothing
WScript.Echo "Finished"

Sub EnumerateObjects(oContainer)
    On Error Resume Next

    For Each oObject In oContainer
        Select Case LCase(oObject.Class)
               Case "user"
                   For Each oGroup in oObject.MemberOf
                       sGroups = sGroups & GetObject("LDAP://" & oGroup).sAMAccountName & ","
                   tAccountExpiration = oObject.AccountExpirationDate 
                   If err.number = -2147467259 Or (datediff("d","01/01/1970",dtmAccountExpiration)<=0) Then 
                       sExpiration = "Not specified" 
                       sExpiration = oObject.AccountExpirationDate 
                   End If

                   sGroups = Left(sGroups, Len(sGroups) - 1)
                   If oObject.userAccountControl = 512 Then
                       oFile.WriteLine oObject.givenName & vbTab & & vbTab & oObject.sAMAccountName & vbTab & _
                                       oObject.DisplayName & vbTab & oObject.whenCreated & vbTab & "Enabled" & vbTab & _
                                       sExpiration & vbTab & Integer8Date(oObject.lastLogonTimeStamp) & vbTab & sGroups
                       oFile.WriteLine oObject.givenName & vbTab & & vbTab & oObject.sAMAccountName & vbTab & _
                                       oObject.DisplayName & vbTab & oObject.whenCreated & vbTab & "Disabled" & vbTab & _
                                       sExpiration & vbTab & Integer8Date(oObject.lastLogonTimeStamp) & vbTab & sGroups
                   End If
               Case "organizationalunit", "container"
                   Call EnumerateObjects(oObject)
        End Select
End Sub

Function Integer8Date(objDate)
    intpwdLastSet = objDate.HighPart*(2^32) + objDate.LowPart
    intpwdLastSet = intpwdLastSet / (60*10000000)
    intpwdLastSet = intpwdLastSet / 1440 + #1/1/1601#
    Integer8Date = CDate(intpwdLastSet)
End Function

Open in new window

LVL 57

Expert Comment

by:Mike Kline
ID: 33722493
thanks a lot man, and a lot of credit to Joe Richard's for adfind,  also make sure to look at all the cool shortcuts in adfind

adfind -sc /??

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question