#DSQuery
dsquery user -name “*” -limit 0 | dsget user -samid -hmdir -hmdrv -profile >c:\temp\usersV2.txt
#PowerShell # More flexibility # Includes the state of the computer account (Enable or Disabled)
Get-ADUser -Filter * -Property Name,CanonicalName,CN,DisplayName,DistinguishedName,HomeDirectory, HomeDrive,SamAccountName,UserPrincipalName | export-csv -path (Join-Path $pwd HomeDrive.csv) -encoding ascii -NoTypeInformation
import-module activedirectory
#List all users in the domain
# Display Name and Email Address
get-aduser -Filter * -SearchBase “dc=Test,dc=com” -Properties Displayname,emailaddress | select displayname ,emailaddress | Export-Csv C:\temp\users_and_email.csv
# Get a list of users which have logged on to the domain in the last 7 days
$Date = (Get-Date).AddDays(-7)
Get-ADUser -Filter {LastLogonDate -gt $Date} | Select distinguishedName
# script to find all AD users who have the “cannot change password” box checked in a specific OU
# Windows Server 2016
# Powershell
Get-ADUser -Filter * -Properties CannotChangePassword -SearchBase “OU=specificOU,DC=TEST,DC=com” | where { $_.CannotChangePassword -eq “true” } | Format-Table Name, DistinguishedName
How to get a list of computer objects in an active directory OU ( tested against Windows 2016 Active Directory )
A quick PowerShell script using Get-ADComputer command, a wild card filter and a search base pointing to a specific OU
First import modules for active directory in powershell
Copy and edit the script below:
## cmd
## dsquery computer -name servername (server name in the OU to get the OU path)
#Example lists domain controller in test.com
#Export list of names to CSV
Get-ADComputer -Filter * -SearchBase “OU=Domain Controllers,DC=test,DC=com” | Select Name | export-csv C:\temp\DCs.csv
( Like the post click and advert of interest to give us support)
#Import AD modules
import-module servermanager
Add-WindowsFeature -Name “RSAT-AD-PowerShell” -IncludeAllSubFeature
#List AD user accounts and show DisplayName, Email, Title and export to CSV
Get-ADUser -Filter * -Properties DisplayName, EmailAddress, Title | select DisplayName, EmailAddress, Title | Export-CSV “C:\temp\Email_Addresses.csv”
#List AD user accounts and show DisplayName, Email, Title and export to CSV. Advanced filter to show ENABLED accounts only
Get-ADUser -Filter {Enabled -eq $true} -Properties DisplayName, SamAccountName, EmailAddress, Enabled, DistinguishedName | select DisplayName, SamAccountName, EmailAddress, Enabled, DistinguishedName | Export-CSV “C:\temp\Email_Addresses_allusers.csv”
#List AD user accounts and show DisplayName, Email, Title and export to CSV. Advanced filter to show ENABLED accounts only and email address ending @test.com
Get-ADUser -Filter {(Enabled -eq $true) -And (EmailAddress -Like “*@test.com”)} -Properties DisplayName, SamAccountName, EmailAddress, Enabled, DistinguishedName | select DisplayName, SamAccountName, EmailAddress, Enabled, DistinguishedName | Export-CSV “C:\temp\Email_Addresses_testdomain.csv”
# Inactive computers ( this will include systems not regularly used)
# Launch command prompt as administrator and run the following commands
Dsquery computer -inactive 12 -limit 500
# Lists computers inactive for over 12 weeks and returns a limit of 500 results
Dsquery computer -inactive 12 -limit 500 | dsmod computer -disabled
# Lists computers inactive for over 12 weeks and returns a limit of 500 results and disables the computer accounts
# Similar command can be done for users.
# Trying to work out is servers, laptops or desktops have been decommissioned
# Try this script
# Get a list of active computers which have logged on to the domain in the last 7 days
$Date = (Get-Date).AddDays(-7)
Get-ADComputer -Filter {LastLogonDate -gt $Date} | Select distinguishedName
# Credit to Richard Mueller – MVP Enterprise Mobility (Directory Services)