How to List All Users in Active Directory


This article will offer you two straightforward ways to list and export all Active Directory users in your environment. I’ll show you how to do that using the graphical user interface (GUI) and the Active Directory Users and Computers applications, and I’ll also explain how you can narrow down the list using various filters available in PowerShell.

How to list all users in Active Directory using the GUI

There are several methods you, as an IT pro, can use the Active Directory Users and Computers (ADUC) application to find all your user accounts in Active Directory. Let me first start with some simple searches to find user accounts.

The different ‘UserAccountControl‘ types

One important aspect to keep in mind is the dizzying number of ‘UserAccountControl‘ types. Here is a table that shows all the available types.

Property flagValue in hexadecimalValue in decimal
SCRIPT0x00011
ACCOUNTDISABLE0x00022
HOMEDIR_REQUIRED0x00088
LOCKOUT0x001016
PASSWD_NOTREQD0x002032
PASSWD_CANT_CHANGE

You can’t assign this permission by directly modifying the UserAccountControl attribute. For information about how to set the permission programmatically, see the Property flag descriptions section.

0x004064
ENCRYPTED_TEXT_PWD_ALLOWED0x0080128
TEMP_DUPLICATE_ACCOUNT0x0100256
NORMAL_ACCOUNT0x0200512
INTERDOMAIN_TRUST_ACCOUNT0x08002048
WORKSTATION_TRUST_ACCOUNT0x10004096
SERVER_TRUST_ACCOUNT0x20008192
DONT_EXPIRE_PASSWORD0x1000065536
MNS_LOGON_ACCOUNT0x20000131072
SMARTCARD_REQUIRED0x40000262144
TRUSTED_FOR_DELEGATION0x80000524288
NOT_DELEGATED0x1000001048576
USE_DES_KEY_ONLY0x2000002097152
DONT_REQ_PREAUTH0x4000004194304
PASSWORD_EXPIRED0x8000008388608
TRUSTED_TO_AUTH_FOR_DELEGATION0x100000016777216
PARTIAL_SECRETS_ACCOUNT0x0400000067108864
All the mind-numbing account types in Active Directory

As account attributes are modified, these values ​​get assigned to the user account itself. You can use the adsiedit.msc snap-in if you want to view these. But, let’s do some searches now.

Searching for Active Directory user accounts in ADUC

  • Open Active Directory Users and Computers from Administrative Tools.
Active Directory Users and Computers (ADUC)
  • Right-click on the domain root (reinders.local) and click Find…
Searching for new Active Directory user accounts
Searching for user accounts
  • Click Find Now and then sort the ‘Type‘column until’User‘ is displayed. You will then see all your true user accounts.
Sorting all Users, Groups and Contacts by User...
Sorting all Users, Groups and Contacts by User…

Using the Saved Queries feature in ADUC

Next, let’s use the very helpful ‘Saved Queries‘ feature in ADUC:

  • Right-click on Saved Queries above your domain root object in the tree and click New -> Query.
  • Type in a Name and Description. Then, click Define Query…
Creating a New Query to find objects in Active Directory
Creating a New Query to find objects in Active Directory
  • In the ‘Name:’ field, choose ‘Has a value.’
Defining a query for users
Defining a query for users
  • Click OK and click OK a second time. Here is the result of our query definition.
Our always-accessible query for active users
Our always-accessible query for active users

There we go! We’ve now created an always-accessible query for active users in our Active Directory.

Defining a custom LDAP query for our search

Let’s use a different custom query.

  • Start another New Query.Choose a Name and Descriptionthen click Define Query… again.
  • In the ‘Find:‘ box at the top, choose ‘Custom Search.’
  • Next, click the Advanced tab and enter this LDAP query:
(&(&(objectCategory=user)(userAccountControl=512)))
Defining a custom LDAP query for our search
  • Click OK twice and voila!
Our special ‘512’ users

As you can see, only very ‘basic’ or vanilla users will be listed here. Only user accounts that have NO special attributes will be listed in this query.

Remember that table at the beginning of this article? If any account has any of those other attributes or states, they won’t show up here. It’s actually a nice tool to have.

How to list all users in Active Directory using PowerShell

Let’s look at the other main method to find all our users in Active Directory – PowerShell, or, more accurately, the Active Directory Module for Windows PowerShell (yes, I love that name, thank you Microsoft!)

In Administrative Tools, we have the Active Directory Module for Windows PowerShell
In Administrative Tools, we have the Active Directory Module for Windows PowerShell

Finding all Active Directory users with the Get-AdUser cmdlet

First off, let’s try finding all users, and format them in table format with the Get-AdUser command

Get-ADUser -filter * | ft
Finding all users in AD
Finding all users in AD

We used the ‘-filter‘ command and chose ‘*’ for all. Then, we ‘piped’ | the output to Format-Table (ft) format.

Filtering results with PowerShell

Now, let’s filter for all the wonderful people in the Reinders clan. We only need the Name and SamAccountName for each, so we’ll add attributes at the end, meaning we ONLY want to see those items.

Get-ADUser -Filter "Name -like "*Reinders*"' | ft Name,SamAccountName
The Reinders Family...in Active Directory
The Reinders Family…in Active Directory

Piece of cake. Let’s get a list of all disabled accounts. We’ll use the following command:

Get-ADUser -Filter {(Enabled -eq $False)} | ft Name,SamAccountName
Listing of all disabled accounts
Listing of all disabled accounts

Checking attributes for user accounts in Active Directory

In case you’re unaware, there are dozens of attributes in each user account. Let’s get a glimmer of those for Billy Reinders with another variation.

Get-ADUser -Identity breinders -Properties *
All (mostly) the attributes for Billy Reinders
All (mostly) the attributes for Billy Reinders

That is about half of them. One nice thing you can do when desiring specific output is to use wildcard characters for what attributes you want.

How about any attribute to do with ‘name’?

Get-ADUser -Identity breinders -Properties *Name*
This outputs the core attributes and the ones with ‘Name’ in them

Conclusion

I hope you found some nice nuggets of information here to assist you in discovering all your users in Active Directory. There are a lot of methods you can use, and each one has its own strengths and weaknesses. Finding the right balance, the right tool in each situation helps immensely, especially when trying to hit a deadline from a security directive.

Please feel free to leave a comment below if you have any questions!



Source link

admin

Leave a Reply