Estimated reading time: 3 minutes
Introduction
For administrators working with Active Directory, exporting user information to a CSV file can be a powerful way to gather and analyze data.
Using PowerShell, you can perform an LDAP search to retrieve details such as usernames, email addresses, last logon times, and more.
Here’s a PowerShell script that defines a search filter, specifies the attributes to retrieve, and outputs the data to a CSV file.
PowerShell Script to Export AD User Information
Below is the PowerShell script to perform an LDAP search on Active Directory and export the results to a CSV file. Copy and paste this code into PowerShell to run the script.
# Define LDAP filter to specify the criteria for the search
$filter = "*"
# Define the properties (attributes) to retrieve
$properties = "CanonicalName", "Description", "DisplayName", "lastlogontimestamp", "mail", "manager", "pwdlastset", "samaccountname", "useraccountcontrol", "userprincipalname", "whencreated"
# Specify the LDAP search scope (such as "Subtree" to search the entire directory)
$scope = "Subtree"
# Specify the base distinguished name (DN) where the search will start
$baseDN = "DC=contoso,DC=com"
# Perform the LDAP query
$results = Get-ADUser -Filter $filter -Properties $properties -SearchScope $scope -SearchBase $baseDN
# Output the results to CSV file with converted timestamps
$outputPath = "C:\CSV\ADInfo.csv"
$results | Select-Object @{Name='CanonicalName';Expression={$_.CanonicalName}},
@{Name='Description';Expression={$_.Description}},
@{Name='DisplayName';Expression={$_.DisplayName}},
@{Name='lastlogontimestamp';Expression={[datetime]::FromFileTime($_.lastlogontimestamp)}},
@{Name='mail';Expression={$_.mail}},
@{Name='manager';Expression={$_.manager}},
@{Name='pwdlastset';Expression={[datetime]::FromFileTime($_.pwdlastset)}},
@{Name='samaccountname';Expression={$_.samaccountname}},
@{Name='useraccountcontrol';Expression={$_.useraccountcontrol}},
@{Name='userprincipalname';Expression={$_.userprincipalname}},
@{Name='whencreated';Expression={$_.whencreated}} |
Export-Csv -Path $outputPath -NoTypeInformation
Write-Host "Query completed successfully. Results exported to $outputPath."
Script Explanation
- Filter: The filter is set to
"*"to retrieve all user accounts. - Properties: Specifies the attributes to retrieve for each user, such as
DisplayName,mail,lastlogontimestamp, and more. - Scope: Set to
"Subtree"to search the entire directory. - BaseDN: The base distinguished name where the search starts (e.g.,
"DC=contoso,DC=com"). - CSV Export: The output is formatted with timestamp conversions and exported to a CSV file at the path specified in
$outputPath.
Running the Script
To execute this script:
- Open PowerShell with appropriate permissions.
- Copy and paste the code into the PowerShell console.
- Check the output path (in this case,
C:\CSV\ADInfo.csv) for the exported CSV file with the retrieved AD user information.
Conclusion
This PowerShell script is a valuable tool for administrators who need to retrieve and export Active Directory user information. By modifying the $filter or $baseDN, you can customize the search to target specific users or organizational units. Feel free to adjust the $properties to include additional attributes as needed.
Let me know if you have questions or suggestions for other PowerShell scripts related to Active Directory management!
Share this content: