[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Need help creating a list from AD

Posted on 2014-11-20
15
Medium Priority
?
98 Views
Last Modified: 2014-11-21
Im running a 2008R2 domain controller. We have an audit coming up and they requested a "listing of all active directory user accounts (name, username, last login, active status, ou group). How can I generate this from AD?
0
Comment
Question by:bankadmin
  • 6
  • 5
  • 4
15 Comments
 
LVL 35

Expert Comment

by:YZlat
ID: 40456183
What technology or language are you using? .NET? Powershell?
0
 

Author Comment

by:bankadmin
ID: 40456186
How can I find that out?
0
 
LVL 35

Expert Comment

by:YZlat
ID: 40456193
you can use whatever you want.

Here is a sample Powershell Script:

#New Blank Array to hold all the AD users
$MasterArray = @()

$root=([ADSI]"").distinguishedName
$Group = [ADSI]("LDAP://....,"+ $root)
$members = $Group.Member
foreach ($member in $members)
{
    $adUser = [adsi]"LDAP://$member"
      
      #Write to host which user is being processed. Useful to see if script is processing users properly.
      Write-Host -ForeGroundColor "Yellow" "Processing Member: $($adUser.Mail)"
      
    $Sam = $adUser.sAMAccountName
    $cn = $adUser.cn
    $mail = $adUser.mail
      
      #New Blank Array created again every time a user is processed. Add whichever fields you want into the list.
      $TempArray = @()
      $TempArray = "" | Select SamAccountName, CN, Mail

      #Populate the fields in the Temp Array.
      #Add any other attributes you want as long as the Value has been added to the list in the line above.
      [string]$TempArray.SamAccountName = $Sam
      [string]$TempArray.CN = $cn
      [string]$TempArray.Mail = $mail
      
      #Copy the contents of the TempArray into the MasterArray. The TempArray is renewed for the next user.
      $MasterArray += $TempArray
}

#Export the MasterArray to host and CSV file. Do whichever you want.
$MasterArray | Out-Host
$MasterArray | Export-CSV "C:\ADUserList.csv" -NoType
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 35

Expert Comment

by:YZlat
ID: 40456195
save the above in a file with .ps1 extension and run it - it will write all AD users to a csv file on your C:\ drive
0
 

Author Comment

by:bankadmin
ID: 40456209
I copied it to a notepad and saved it with the PS1 extension and it shows type as PS1 but it is defaulted to open with notepad. What should I change the file assoication to for this file?
0
 
LVL 35

Expert Comment

by:YZlat
ID: 40456231
Do you have Powershell installed? Which version of windows are you using? If you arfe using Windows 64-bit system. associate your ps1 files with the following exe:

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe

If you are using 32-bit, then

C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe

P.S> you might want to include those AD fields:

displayName
lastLogon
lastLogonTimestamp
memberOf
0
 

Author Comment

by:bankadmin
ID: 40457210
YZ, thanks for the help but Im not familiar enough with programing to know where to add those feilds in the sample script you posted.
0
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 2000 total points
ID: 40457281
Here is a simplified version for powershell.

It will provide

Name,UserName, Account Enabled (True or False), Last Logon (Readable Format), and OU they are in (Only one level up)

Import-Module ActiveDirectory
Get-ADUser -filter * -properties Name,SamAccountName,Enabled,lastLogon,CanonicalName | Select Name,SamAccountName,Enabled,@{Name="Last Logon";Expression={[datetime]::FromFileTime($_.lastlogon)}},@{Name="OU";Expression={($_.canonicalname -Split "/")[-2]}} | Export-CSV C:\UserList.csv -nti

Open in new window

0
 

Author Comment

by:bankadmin
ID: 40457401
I saved the text in your last post to a notepad file and saved it as a PS1 file and ran it. I got a quick flash of a command prompt then it goes away but a file in the C drive is never created.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40457430
Do you have the active directory tool installed on your computer? Search your programs for Powershell ISE

snip.PNG
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40457443
If you do not, follow this link to install RSAT for Windows 7 and choose the options in the post. Also choose AD DS Tools and AD LDS Snap-ins and Command-line Tools.

http://blogs.msdn.com/b/rkramesh/archive/2012/01/17/how-to-add-active-directory-module-in-powershell-in-windows-7.aspx

snip2.PNG
You can also install WMF 4.0 to update your powershell to 4.0 and install the ISE (Integrated Scripting Environment)

http://www.microsoft.com/en-us/download/details.aspx?id=40855
0
 

Author Comment

by:bankadmin
ID: 40457479
I do have Active Directory Module for Windows Powershell listed under administrative tools
0
 
LVL 16

Assisted Solution

by:Joshua Grantom
Joshua Grantom earned 2000 total points
ID: 40457491
Instead of double-clicking the .ps1 file, open a powershell command prompt and the drag the .ps1 file into the window, then hit enter. This will allow you to see if there is an error.
0
 

Author Comment

by:bankadmin
ID: 40457551
When I opened the powershell it was running from the U: drive (thats users private drive on our network). I changed it to C: then ran it and it worked.. Thanks
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40457558
Glad to help.
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

611 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question