Need help creating a list from AD

Im running a 2008R2 domain controller. We have an audit coming up and they requested a "listing of all active directory user accounts (name, username, last login, active status, ou group). How can I generate this from AD?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

What technology or language are you using? .NET? Powershell?
bankadminAuthor Commented:
How can I find that out?
you can use whatever you want.

Here is a sample Powershell Script:

#New Blank Array to hold all the AD users
$MasterArray = @()

$Group = [ADSI]("LDAP://....,"+ $root)
$members = $Group.Member
foreach ($member in $members)
    $adUser = [adsi]"LDAP://$member"
      #Write to host which user is being processed. Useful to see if script is processing users properly.
      Write-Host -ForeGroundColor "Yellow" "Processing Member: $($adUser.Mail)"
    $Sam = $adUser.sAMAccountName
    $cn = $
    $mail = $adUser.mail
      #New Blank Array created again every time a user is processed. Add whichever fields you want into the list.
      $TempArray = @()
      $TempArray = "" | Select SamAccountName, CN, Mail

      #Populate the fields in the Temp Array.
      #Add any other attributes you want as long as the Value has been added to the list in the line above.
      [string]$TempArray.SamAccountName = $Sam
      [string]$TempArray.CN = $cn
      [string]$TempArray.Mail = $mail
      #Copy the contents of the TempArray into the MasterArray. The TempArray is renewed for the next user.
      $MasterArray += $TempArray

#Export the MasterArray to host and CSV file. Do whichever you want.
$MasterArray | Out-Host
$MasterArray | Export-CSV "C:\ADUserList.csv" -NoType
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

save the above in a file with .ps1 extension and run it - it will write all AD users to a csv file on your C:\ drive
bankadminAuthor Commented:
I copied it to a notepad and saved it with the PS1 extension and it shows type as PS1 but it is defaulted to open with notepad. What should I change the file assoication to for this file?
Do you have Powershell installed? Which version of windows are you using? If you arfe using Windows 64-bit system. associate your ps1 files with the following exe:


If you are using 32-bit, then


P.S> you might want to include those AD fields:

bankadminAuthor Commented:
YZ, thanks for the help but Im not familiar enough with programing to know where to add those feilds in the sample script you posted.
Joshua GrantomSenior Systems AdministratorCommented:
Here is a simplified version for powershell.

It will provide

Name,UserName, Account Enabled (True or False), Last Logon (Readable Format), and OU they are in (Only one level up)

Import-Module ActiveDirectory
Get-ADUser -filter * -properties Name,SamAccountName,Enabled,lastLogon,CanonicalName | Select Name,SamAccountName,Enabled,@{Name="Last Logon";Expression={[datetime]::FromFileTime($_.lastlogon)}},@{Name="OU";Expression={($_.canonicalname -Split "/")[-2]}} | Export-CSV C:\UserList.csv -nti

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bankadminAuthor Commented:
I saved the text in your last post to a notepad file and saved it as a PS1 file and ran it. I got a quick flash of a command prompt then it goes away but a file in the C drive is never created.
Joshua GrantomSenior Systems AdministratorCommented:
Do you have the active directory tool installed on your computer? Search your programs for Powershell ISE

Joshua GrantomSenior Systems AdministratorCommented:
If you do not, follow this link to install RSAT for Windows 7 and choose the options in the post. Also choose AD DS Tools and AD LDS Snap-ins and Command-line Tools.

You can also install WMF 4.0 to update your powershell to 4.0 and install the ISE (Integrated Scripting Environment)
bankadminAuthor Commented:
I do have Active Directory Module for Windows Powershell listed under administrative tools
Joshua GrantomSenior Systems AdministratorCommented:
Instead of double-clicking the .ps1 file, open a powershell command prompt and the drag the .ps1 file into the window, then hit enter. This will allow you to see if there is an error.
bankadminAuthor Commented:
When I opened the powershell it was running from the U: drive (thats users private drive on our network). I changed it to C: then ran it and it worked.. Thanks
Joshua GrantomSenior Systems AdministratorCommented:
Glad to help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.