Export Active Directory User Information to CSV Using PowerShell

Table of Contents

Estimated reading time: 3 minutes

Introduction

For administrators working with Active Directory, exporting user information to a CSV file can be a powerful way to gather and analyze data.

Using PowerShell, you can perform an LDAP search to retrieve details such as usernames, email addresses, last logon times, and more.

Here’s a PowerShell script that defines a search filter, specifies the attributes to retrieve, and outputs the data to a CSV file.

PowerShell Script to Export AD User Information

Below is the PowerShell script to perform an LDAP search on Active Directory and export the results to a CSV file. Copy and paste this code into PowerShell to run the script.

# Define LDAP filter to specify the criteria for the search
$filter = "*"

# Define the properties (attributes) to retrieve
$properties = "CanonicalName", "Description", "DisplayName", "lastlogontimestamp", "mail", "manager", "pwdlastset", "samaccountname", "useraccountcontrol", "userprincipalname", "whencreated"

# Specify the LDAP search scope (such as "Subtree" to search the entire directory)
$scope = "Subtree"

# Specify the base distinguished name (DN) where the search will start
$baseDN = "DC=contoso,DC=com"

# Perform the LDAP query
$results = Get-ADUser -Filter $filter -Properties $properties -SearchScope $scope -SearchBase $baseDN

# Output the results to CSV file with converted timestamps
$outputPath = "C:\CSV\ADInfo.csv"
$results | Select-Object @{Name='CanonicalName';Expression={$_.CanonicalName}},
                         @{Name='Description';Expression={$_.Description}},
                         @{Name='DisplayName';Expression={$_.DisplayName}},
                         @{Name='lastlogontimestamp';Expression={[datetime]::FromFileTime($_.lastlogontimestamp)}},
                         @{Name='mail';Expression={$_.mail}},
                         @{Name='manager';Expression={$_.manager}},
                         @{Name='pwdlastset';Expression={[datetime]::FromFileTime($_.pwdlastset)}},
                         @{Name='samaccountname';Expression={$_.samaccountname}},
                         @{Name='useraccountcontrol';Expression={$_.useraccountcontrol}},
                         @{Name='userprincipalname';Expression={$_.userprincipalname}},
                         @{Name='whencreated';Expression={$_.whencreated}} |
Export-Csv -Path $outputPath -NoTypeInformation

Write-Host "Query completed successfully. Results exported to $outputPath."

Script Explanation

Filter: The filter is set to "*" to retrieve all user accounts.

Properties: Specifies the attributes to retrieve for each user, such as DisplayName, mail, lastlogontimestamp, and more.
Scope: Set to "Subtree" to search the entire directory.
BaseDN: The base distinguished name where the search starts (e.g., "DC=contoso,DC=com").

CSV Export: The output is formatted with timestamp conversions and exported to a CSV file at the path specified in $outputPath.

Running the Script

To execute this script:

Open PowerShell with appropriate permissions.

Copy and paste the code into the PowerShell console.
Check the output path (in this case, C:\CSV\ADInfo.csv) for the exported CSV file with the retrieved AD user information.

Conclusion

This PowerShell script is a valuable tool for administrators who need to retrieve and export Active Directory user information. By modifying the $filter or $baseDN, you can customize the search to target specific users or organizational units. Feel free to adjust the $properties to include additional attributes as needed.

Let me know if you have questions or suggestions for other PowerShell scripts related to Active Directory management!

Click to rate this post!

[Total: 1 Average: 5]

Share this content: