?
Solved

Powershell syntax to export AD users

Posted on 2014-09-11
11
Medium Priority
?
258 Views
Last Modified: 2014-09-16
I'm trying to export all users in our AD structure using powershell.  I don't want to export the student OU (I work for a school district).  I only need to export their name (either using displayName or sn and givenName attributes)
I want to export this to a CSV file.  I've attached my attempts, the second one didn't throw any errors but didn't produce any output either.
The examples in the attachments were from an internet search but since neither of these helped, I'm reaching out to the experts that usually get me on the right track.
I'm relatively OK with powershell but the syntax usually chokes me up.  I was using powershell mostly for Exchange so switching to AD gives a little bit of a new learning curve.
As always,  thanks
Examples.txt
0
Comment
Question by:skbarnard
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
11 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40318248
Try this:
Get-ADUser -ResultPageSize 0  -SearchBase "DC=domain,DC=us" | select-Object DisplayName,sAMAccountname,sn,givenname | Export-Csv c:\Users\username\Desktop ADusers.csv

Open in new window

0
 

Author Comment

by:skbarnard
ID: 40318275
I'm running the command above - however, it errored out because there wasn't a -Filter in the command (actually it started running but was requiring input for the filter).  I'm using -Filter * but I believe that will include the student OU as well.  I see KB being added to the file so I know data is being exported but the command is still running so I don't want to bother opening the file.
Since I have to put the -Filter object in the command, would it work to use -Filter {!("District Students")}?
0
 

Author Comment

by:skbarnard
ID: 40318280
****Update*****
The command finished.  It's not filling in the displayName for staff or sn.  It's including computers and as I thought, students.  So my question above is still valid but now I need to ask --- how do I exclude computers as well?
0
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

 
LVL 40

Expert Comment

by:footech
ID: 40318296
Get-ADUser only returns users - it won't output computers.

Are all your users that you want in an OU branch that is separate from the Students branch?  Or put another way, if you specify a specific OU as a searchbase which will contain all your desired users, is that OU also a parent (or grandparent, etc.) of your students OU?  If not then the following should work.
Get-ADUser -Filter * -SearchBase "OU=notstudents,DC=domain,DC=us" -Properties DisplayName | Select-Object DisplayName,sAMAccountname,surname,givenname | Export-Csv c:\Users\username\Desktop ADusers.csv

Open in new window


Otherwise, we would have to filter through the various OUs one at a time in order to exclude the students' OU.
0
 
LVL 40

Accepted Solution

by:
footech earned 2000 total points
ID: 40318303
...and that would be something like
$OUs = Get-ADOrganizationalUnit -Filter * | ? {$_.name -ne 'District Students'} | Select -expand DistinguishedName
$OUs | ForEach { Get-Aduser -filter * -searchBase $_ -SearchScope OneLevel -Properties DisplayName } | Select-Object DisplayName,sAMAccountname,surname,givenname | Export-Csv c:\Users\username\Desktop ADusers.csv

Open in new window

0
 

Author Comment

by:skbarnard
ID: 40320253
This looks like it's going to get me on the right track - one other thing though, is there a way to add another OU to the exclusion?  I have an OU that is all our disabled accounts and I don't need to include those either.
I tried doing {$_.name -ne 'disabled accounts'} right after the other curly bracket entry and it errored out on me.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40320258
Yes you can update the line to read
{$_.name -ne 'District Students' -and $_.name -ne "other OU"}

Open in new window


etc... etc...
0
 

Author Comment

by:skbarnard
ID: 40320259
Sorry - I found the syntax to exclude multiple groups.  The command is currently running and I see data being added to the CSV file.  I'll report back in a little bit on whether this got me what  needed.
0
 

Author Comment

by:skbarnard
ID: 40320275
One last thing, I really would like to have the user's location be exported as well.  I just tried using the 'physicalDeliveryOfficeName' attribute.  That field didn't populate and what's really weird is students now are on the list.  What attribute do I need to use to show their office location?
0
 
LVL 40

Expert Comment

by:footech
ID: 40320364
If you want other attributes of the accounts, you need to specify them with the -properties parameter of Get-ADUser, and then also include it in the Select-Object command.
0
 

Author Closing Comment

by:skbarnard
ID: 40326592
The command selected as the solution did the lion's share of the work for me but all the other commands in this thread contributed to me being able to export just the staff members from our AD structure.  Thanks to all who contributed
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question