Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Need help creating a list from AD

Posted on 2014-11-20
15
Medium Priority
?
96 Views
Last Modified: 2014-11-21
Im running a 2008R2 domain controller. We have an audit coming up and they requested a "listing of all active directory user accounts (name, username, last login, active status, ou group). How can I generate this from AD?
0
Comment
Question by:bankadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 4
15 Comments
 
LVL 35

Expert Comment

by:YZlat
ID: 40456183
What technology or language are you using? .NET? Powershell?
0
 

Author Comment

by:bankadmin
ID: 40456186
How can I find that out?
0
 
LVL 35

Expert Comment

by:YZlat
ID: 40456193
you can use whatever you want.

Here is a sample Powershell Script:

#New Blank Array to hold all the AD users
$MasterArray = @()

$root=([ADSI]"").distinguishedName
$Group = [ADSI]("LDAP://....,"+ $root)
$members = $Group.Member
foreach ($member in $members)
{
    $adUser = [adsi]"LDAP://$member"
      
      #Write to host which user is being processed. Useful to see if script is processing users properly.
      Write-Host -ForeGroundColor "Yellow" "Processing Member: $($adUser.Mail)"
      
    $Sam = $adUser.sAMAccountName
    $cn = $adUser.cn
    $mail = $adUser.mail
      
      #New Blank Array created again every time a user is processed. Add whichever fields you want into the list.
      $TempArray = @()
      $TempArray = "" | Select SamAccountName, CN, Mail

      #Populate the fields in the Temp Array.
      #Add any other attributes you want as long as the Value has been added to the list in the line above.
      [string]$TempArray.SamAccountName = $Sam
      [string]$TempArray.CN = $cn
      [string]$TempArray.Mail = $mail
      
      #Copy the contents of the TempArray into the MasterArray. The TempArray is renewed for the next user.
      $MasterArray += $TempArray
}

#Export the MasterArray to host and CSV file. Do whichever you want.
$MasterArray | Out-Host
$MasterArray | Export-CSV "C:\ADUserList.csv" -NoType
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 35

Expert Comment

by:YZlat
ID: 40456195
save the above in a file with .ps1 extension and run it - it will write all AD users to a csv file on your C:\ drive
0
 

Author Comment

by:bankadmin
ID: 40456209
I copied it to a notepad and saved it with the PS1 extension and it shows type as PS1 but it is defaulted to open with notepad. What should I change the file assoication to for this file?
0
 
LVL 35

Expert Comment

by:YZlat
ID: 40456231
Do you have Powershell installed? Which version of windows are you using? If you arfe using Windows 64-bit system. associate your ps1 files with the following exe:

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe

If you are using 32-bit, then

C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe

P.S> you might want to include those AD fields:

displayName
lastLogon
lastLogonTimestamp
memberOf
0
 

Author Comment

by:bankadmin
ID: 40457210
YZ, thanks for the help but Im not familiar enough with programing to know where to add those feilds in the sample script you posted.
0
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 2000 total points
ID: 40457281
Here is a simplified version for powershell.

It will provide

Name,UserName, Account Enabled (True or False), Last Logon (Readable Format), and OU they are in (Only one level up)

Import-Module ActiveDirectory
Get-ADUser -filter * -properties Name,SamAccountName,Enabled,lastLogon,CanonicalName | Select Name,SamAccountName,Enabled,@{Name="Last Logon";Expression={[datetime]::FromFileTime($_.lastlogon)}},@{Name="OU";Expression={($_.canonicalname -Split "/")[-2]}} | Export-CSV C:\UserList.csv -nti

Open in new window

0
 

Author Comment

by:bankadmin
ID: 40457401
I saved the text in your last post to a notepad file and saved it as a PS1 file and ran it. I got a quick flash of a command prompt then it goes away but a file in the C drive is never created.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40457430
Do you have the active directory tool installed on your computer? Search your programs for Powershell ISE

snip.PNG
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40457443
If you do not, follow this link to install RSAT for Windows 7 and choose the options in the post. Also choose AD DS Tools and AD LDS Snap-ins and Command-line Tools.

http://blogs.msdn.com/b/rkramesh/archive/2012/01/17/how-to-add-active-directory-module-in-powershell-in-windows-7.aspx

snip2.PNG
You can also install WMF 4.0 to update your powershell to 4.0 and install the ISE (Integrated Scripting Environment)

http://www.microsoft.com/en-us/download/details.aspx?id=40855
0
 

Author Comment

by:bankadmin
ID: 40457479
I do have Active Directory Module for Windows Powershell listed under administrative tools
0
 
LVL 16

Assisted Solution

by:Joshua Grantom
Joshua Grantom earned 2000 total points
ID: 40457491
Instead of double-clicking the .ps1 file, open a powershell command prompt and the drag the .ps1 file into the window, then hit enter. This will allow you to see if there is an error.
0
 

Author Comment

by:bankadmin
ID: 40457551
When I opened the powershell it was running from the U: drive (thats users private drive on our network). I changed it to C: then ran it and it worked.. Thanks
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40457558
Glad to help.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question