Solved

Active Directory Query Question - Query Only Enabled Users

Posted on 2016-08-29
10
23 Views
Last Modified: 2016-08-29
I am looking to find a way to be able to to either DSGET, DSQUERY a list of all of the enabled users in a particular OU. More specifically, if you are looking at my screenshot, I need a query of all of the enabled users in the 1575 OU and the disabled users to be excluded.
2016-08-29-09_32_48-NEWSECGXDC---Rem.png
0
Comment
Question by:Jonathan DiVincenzo
  • 5
  • 5
10 Comments
 
LVL 16

Accepted Solution

by:
FOX earned 500 total points
ID: 41774758
Use powershell, right-click run as administrator
1st command     Import-Module ActiveDirectory
2nd command    Get-ADuser -filter "Enabled -eq 'True'" -searchbase "Ou=ouname,ou=ouname,dc=domain,dc-com" | ft samaccountname, DisplayName | out-file c:\temp\Enabledusers.csv


**To get the path to the OU in question Make sure your view in ActiveDirectory users and computers  has Advance Features checked and User, contacts, groups and computers as containters checked.
Right-click the OU in question, click properties, click the attribute tab, sroll down to distinguishedName, highlight it and click view then do a ctrl c for your copy and then paste after -searchbase in the command above. Make sure the OU path is in quotes " "
0
 

Author Comment

by:Jonathan DiVincenzo
ID: 41774918
Thanks Foxluv,

The commands provided did populate an entire list of all the Enabled users in our domain, but what I need for my client is a concentrated automated list of just the enabled users in 1575 Users OU.
0
 
LVL 16

Expert Comment

by:FOX
ID: 41774927
Did you read the bottom part of my instructions?  Get the OU from the distinguished name and put it in the -searchbase part of the command
0
 

Author Comment

by:Jonathan DiVincenzo
ID: 41774934
Ok wow, that was honestly not there when I was looking at that a little bit ago. But since I just reloaded the page, the bottom part appeared. I'll give it a try and see what happens. Thanks!
0
 

Author Comment

by:Jonathan DiVincenzo
ID: 41774965
Awesome, that looks great! Just one little problem. Even though the Display Name perimeter is filled out in AD, the final csv output does not display the Display Name. Any idea what that's all about? See screenshot if needed.
2016-08-29-11_44_29-Microsoft-Excel-.png
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 16

Assisted Solution

by:FOX
FOX earned 500 total points
ID: 41774971
Try this one, make sure you add in your OU again.

Get-ADuser -filter "Enabled -eq 'True'" -searchbase "Ou=ouname,ou=ouname,dc=domain,dc-com" | ft samaccountname,GivenName,Surname,DisplayName | out-file c:\temp\Enabledusers.csv
0
 

Author Comment

by:Jonathan DiVincenzo
ID: 41775081
Foxluv, you definitely get to take the cake in this one! Thanks a lot!
0
 
LVL 16

Expert Comment

by:FOX
ID: 41775083
Good work
0
 

Author Closing Comment

by:Jonathan DiVincenzo
ID: 41775084
For whatever reason, Display Name was not working so I removed that value from my command. Otherwise, perfect solution!
0
 
LVL 16

Expert Comment

by:FOX
ID: 41775230
Jon,
Sorry about the displayname.  If you need it try this.  (put in your OU again)

Get-ADuser -properties * -filter "Enabled -eq 'True'" -searchbase "Ou=ouname,ou=ouname,dc=domain,dc-com" | ft samaccountname,GivenName,Surname,DisplayName | out-file c:\temp\Enabledusers.csv
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now