Avatar of talltree
talltree asked on

Read only copy of Active Directory

Hi Experts,

I need to pull a copy of all active directory users. I have read access with no DC access or tools. I was using get-aduser commands from powershell but was thinking I need to add the  -server and -credentials parameters to retrieve the data and I not sure of the syntax etc.

Thank you

Active DirectoryPowershell

Avatar of undefined
Last Comment

8/22/2022 - Mon

The AD cmdlets will choose a DC automatically and use your logged on credentials.  No need to specify the -Server or -Credential parameters unless you need to use something different.
As a quick test, just run
Get-ADUser -Filter *

Open in new window

which should return a default set of properties for all users.  You can specify just one account as well for a test.
Get-ADUser yourusername

Open in new window

You can see the syntax and examples for Get-ADUser by looking the help (either downloaded or online).

What data are you looking to extract?
Username, sids, group membership, hashed password.

What is the end goal you want to get to?

arnold's question is a good one.  In my mind, a "read-only copy of AD (or just its users)" is much different than exporting select data for user accounts (however you might define those).  Exporting the data also has to account for what the end format is going to be, as many attributes in AD don't easily go into something like a .CSV.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.

Hi guys,
I need username, user email address, location and status, disabled or active.

Get-aduser will be a way to extract some
From additional location.
There are references on pulling additional data...

Specify which AD attributes you want with the -Properties parameter of Get-ADUser.  Put in the ldapDisplayName of each attribute.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

Using Poweshell from my laptop I receive Get-ADUser is not recognized as the name of a cmdlet.

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Thanks guys