How to List Users in Active Directory (AD)

By /

Listen to this Post

Active Directory (AD) is a critical component in managing users, computers, and other resources in a Windows environment. One common task for IT administrators is listing users in AD. This article will guide you through the process using PowerShell commands and provide additional insights into managing AD effectively.

You Should Know:

1. PowerShell Command to List Users in AD:

The most straightforward way to list users in AD is by using the `Get-ADUser` cmdlet in PowerShell. This command retrieves user objects from Active Directory.

Get-ADUser -Filter * -Properties DisplayName, SamAccountName, EmailAddress | Select-Object DisplayName, SamAccountName, EmailAddress
  • -Filter *: Retrieves all user objects.
  • -Properties: Specifies additional properties to retrieve, such as DisplayName, SamAccountName, and EmailAddress.
  • Select-Object: Filters the output to display only the specified properties.
  1. List Users in a Specific Organizational Unit (OU):
    If you want to list users in a specific OU, you can use the `-SearchBase` parameter.
Get-ADUser -Filter * -SearchBase "OU=Users,DC=domain,DC=com" -Properties DisplayName, SamAccountName, EmailAddress | Select-Object DisplayName, SamAccountName, EmailAddress
  • -SearchBase: Specifies the distinguished name (DN) of the OU to search.

3. Export Users to a CSV File:

You can export the list of users to a CSV file for further analysis or reporting.

Get-ADUser -Filter * -Properties DisplayName, SamAccountName, EmailAddress | Select-Object DisplayName, SamAccountName, EmailAddress | Export-Csv -Path "C:\AD_Users.csv" -NoTypeInformation
  • Export-Csv: Exports the output to a CSV file.

4. List Disabled Users:

To list disabled user accounts, you can use the `-Filter` parameter with the `Enabled` property.

Get-ADUser -Filter {Enabled -eq $false} -Properties DisplayName, SamAccountName, EmailAddress | Select-Object DisplayName, SamAccountName, EmailAddress

5. List Users with Expired Passwords:

You can also list users whose passwords have expired.

Get-ADUser -Filter {PasswordExpired -eq $true} -Properties DisplayName, SamAccountName, EmailAddress | Select-Object DisplayName, SamAccountName, EmailAddress

6. List Users by Group Membership:

To list users who are members of a specific group, you can use the `Get-ADGroupMember` cmdlet.

Get-ADGroupMember -Identity "GroupName" -Recursive | Get-ADUser -Properties DisplayName, SamAccountName, EmailAddress | Select-Object DisplayName, SamAccountName, EmailAddress
  • -Identity: Specifies the group name.
  • -Recursive: Retrieves all members of the group, including nested groups.

What Undercode Say:

Active Directory is a powerful tool for managing users and resources in a Windows environment. The ability to list users, filter them based on specific criteria, and export the data for further analysis is essential for IT administrators. The PowerShell commands provided in this article are just the tip of the iceberg. There are many more advanced techniques and scripts that can be used to manage AD effectively.

Expected Output:

[plaintext]
DisplayName SamAccountName EmailAddress

John Doe jdoe [email protected]
Jane Smith jsmith [email protected]

[/plaintext]

For more detailed information and advanced techniques, you can refer to the official Microsoft documentation on Active Directory and PowerShell.

URLs:

References:

Reported By: Desec Security – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: