🎉 Our Microsoft 365 Reporting & Management Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Active Directory

How to Export Active Directory Users

As an organization grows, the continuous addition of new users can make manual user management inefficient and error-prone. Exporting Active Directory users addresses these challenges by allowing you to manage the expanding user base. It streamlines bulk updates and ensures users are assigned to the appropriate groups and roles. This guide will help you export all Active Directory users, making large-scale user management more efficient and reliable.

Solution 1
Solution 2
Solution 3
Important Tips
Errors and Resolution Steps
FAQs

Get All Users in AD Using Active Directory Users and Computers Console

Active Directory Permission Required
Domain Users Least Privilege
Administrators Most Privilege
  • In the Active Directory Users and Computers console, right-click on Saved Queries in the left pane and select New»Query.
  • Enter the name, and an optional description. Ensure the Include subcontainers is checked, and click Define Query.
  • Select "Custom Search" from the Find drop-down menu. Then, switch to the Advanced tab and enter the following LDAP query: 
    (objectClass=user)(objectCategory=person)
  • Click OK to save the query, then click "OK" again to close the configuration window. The Active Directory users will be listed in the right pane.
    export-users-in-active-directory
  • Use the Export List option from the toolbar to export all Active Directory users to a CSV or text file.
    export-active-directory-users

Export List of AD User Accounts Using Windows PowerShell

Active Directory Permission Required
Domain Users Least Privilege
Administrators Most Privilege
  • First, import the Active Directory module using the following cmdlet.
  • Windows PowerShell Windows PowerShell 
     Import-Module ActiveDirectory
  • Then, run the below cmdlet to export the Active Directory users.
  • Windows PowerShell Windows PowerShell 
     Get-ADUser -filter * | Export-Csv -path <FilePath> -NoTypeInformation
  • This will export Active Directory users to a CSV file with details like names, SIDs, distinguished names, etc.
    export-active-directory-users-powershell
  • NOTE: Make sure to replace <FilePath> with the file path where you want to save the report.
AdminDroid Active Directory Reporting

Unlock the potential of AdminDroid to manage users in Active Directory!

AdminDroid’s Active Directory reporting tool offers detailed insights into user activities through a suite of built-in reports, such as user password reports, group membership reports, account status reports, etc. With these insights, you can quickly forecast future needs and ensure proactive protection for your network.

Track Users Without Managers to Address Oversight Gaps

Identify users without managers in Active Directory to address unmanaged users, ensuring proper accountability and task delegation.

Track Disabled Users to Mitigate Unauthorized Access

Revoke the permissions of disabled AD users to prevent unintended access to critical resources and mitigate the risk of unauthorized access.

Secure User Accounts with Strong Password Expiration Policy

Enforce maximum password age for users who have never changed their passwords, as such accounts are highly vulnerable to compromise.

Uncover Security Risks with Locked-Out User Insights

The locked-out user accounts report helps you monitor accounts with repeated failed login attempts, which may indicate security threats like password spraying or brute-force attacks.

Ensure Access Permission by Tracking User’s Group Memberships

Monitor users' group memberships to ensure they have the necessary permissions for accessing resources, as groups play a key role in access management.

Enhance Security by Tracking Unused User Accounts

Utilize the never logged in users report to identify and manage inactive Active Directory user accounts that could be exploited by malicious actors.

Overall, AdminDroid’s Active Directory management tool empowers you to perform key actions such as managing users, their group memberships, password changes, and more. It also enables you to track critical admin activities, ensuring thorough oversight that enhances security and compliance.

Explore a full range of reporting options
Download Live Demo

Important Tips

Identify inactive AD users and then disable or remove them to ensure your directory remains secure and up to date.

Organize users into OUs by departments, roles, etc., making it easier to apply group policies and manage permissions.

To reduce the attack surface, avoid adding users to highly privileged groups like Domain Admins unless necessary.

Common Errors and Resolution Steps

The following are the possible errors and troubleshooting hints while exporting Active Directory users.

Error The term ‘Get-ADUser’ is not recognized as the name of a cmdlet, function, script file or operable program.

This error can occur in PowerShell if the Active Directory module is not loaded in DC, or if the command is run on a system that is not a domain controller.

Fix If you're running the cmdlet on a domain controller, import the Active Directory module using the following cmdlet. 
Import-Module ActiveDirectory
If you're not running the cmdlet on a domain controller, install the Remote Server Administration Tools (RSAT) on your system.

Error Get-ADUser : Directory object not found.

This error occurs in PowerShell when the cmdlet is used with an incorrect OU distinguished name.

Fix Verify the specified OU’s distinguished name is correct by running the following cmdlet: 
Get-ADOrganizationalUnit -Filter *

Error A user account with username 'X' already exists in Active Directory.

This error occurs in PowerShell when trying to create a user account with a username that already exists in Active Directory.

Fix To resolve this issue, create the user with a different SAMAccountName to avoid conflicts with existing usernames.

Error You cannot check both User must change password at next logon and User cannot change password for the same user.

This error occurs in ADUC when setting both User must change password at next logon and User cannot change password simultaneously, as these options are mutually exclusive.

Fix Ensure that only one of these options is set for the user.

1. How to export users from the specific organizational unit in Active Directory?

Managing user attributes like job titles or departments in Active Directory can be time-consuming. In such cases, exporting users from a specific Organizational Unit (OU) simplifies bulk updates, supports reporting, and streamlines management. Since users in the same OU often share common attributes, this approach eliminates the need for individual changes, saving time and effort.

Export all users from a specific OU in Active Directory

  • Open Active Directory Users and Computers console.
  • Click "Filter" from the toolbar and choose Users by selecting ‘Show only the following types of objects’.
  • Click OK and locate the specified OU from the left pane to display all users from that OU.
  • Select the Export List option from the toolbar to export the list of users in that OU in your preferred format.
    ad-users-in-ou-aduc

Get the list of users in a specific OU using PowerShell

While the previous method retrieves users only from the top-level OU, it misses those in nested OUs. Fortunately, PowerShell provides a solution to retrieve users from the main OU and its nested OUs.

  • Run the following command to export the list of Active Directory users from a specific OU and its nested OUs. 
    Get-ADUser -Filter * -SearchBase '<OU Distinguished Name>' | Export-Csv -path <FilePath> -NoTypeInformation
    ad-users-in-ou-powershell

Note: Replace <OU Distinguished Name> with the correct distinguished name of the OU and <FilePath> with the location where you want to save the output report.

If you are unsure of the OU’s distinguished name or encounter an error related to it, you can use the following command to retrieve it. 

Get-ADOrganizationalUnit -Filter * | Select Name, DistinguishedName

2. How to manage Active Directory users?

Managing user accounts in Active Directory is essential for maintaining an organized and secure environment. From user creation to deletion, each step ensures that access is controlled as users join or leave the organization. Refer to the following section for guidance on creating, disabling, and deleting users in Active Directory.

How to create a user in Active Directory?

When new users join your organization, creating user accounts for them in Active Directory is essential to ensure secure and efficient access management.

  • Right-click the desired OU in the ADUC console and select New»User.
  • Enter the user’s information and click Next.
  • Set a strong password and configure the options based on your needs.
  • Click Next, then Finish to add the Active Directory user.
create-active-directory-users

How to disable an Active Directory user?

When a user leaves the organization, promptly disabling their account is crucial for proper offboarding practices. This action keeps user data secure while preventing their access.

  • Navigate to the respective OU and right-click on the user you wish to disable.
  • Select Disable Account to block the sign-in of the user.
disable-ad-user

How to delete a user in Active Directory?

When a user account or any dependencies related to it are no longer required, the account can be deleted to clean up Active Directory resources.

  • Locate the user you wish to delete in the relevant OU and right-click on it.
  • Click Delete and select ‘Yes’ in the confirmation prompt to remove the AD user.
delete-ad-user
  • NOTE: You can’t delete users who are protected from accidental deletion unless the protection is disabled.

Simplify the AD user management with the user reports offered by AdminDroid!

  • The user administrative events report provides a comprehensive overview of user management activities, including user creation, deletion, disabling, lockouts , etc.
  • The user reports allow you to easily manage users, such as enabling, disabling, deleting, resetting passwords, protecting users from accidental deletion, and more, by simply selecting the users.
  • This report enables you to pinpoint when and where specific actions occurred and identify who performed them.
ad-admin-activities-droid

3. How to create bulk users in Active Directory?

Onboarding a large batch of new hires into your Active Directory environment one by one is an extremely time-consuming task that significantly increases your workload. Instead of manually creating each account, adding users in bulk can save you valuable time and streamline the process.

How to add multiple users in Active Directory

  • Create a CSV file with the necessary details for the users you want to add as shown in the image below. However, ensure the fields such as SamAccountName, DisplayName, Password, and OU (distinguished name) are included.
    add-multiple-ad-users
  • Run the below script to process the CSV file and add multiple users to the Active Directory. Replace <FilePath> with the path of the CSV file. 
    Import-CSV '<FilePath>' | ForEach-Object {
$password = ConvertTo-SecureString $_.Password -AsPlainText -Force
try {
    New-ADUser -Name $_.Name -Initials $_.Initial -GivenName $_.FirstName -Surname $_.LastName -DisplayName $_.DisplayName -SamAccountName $_.Username -EmailAddress $_.EmailAddress -UserPrincipalName $_.UPN -StreetAddress $_.StreetAddress -City $_.City -PostalCode $_.PostalCode -State $_.State -Country $_.Country -Department $_.Department -AccountPassword $password -MobilePhone $_.MobilePhone -Title $_.JobTitle -Company $_.Company -Path $_.OrganizationalUnit -Enabled $true
    Write-Host 'Successfully created the user: $($_.Username)' -ForegroundColor Green
} catch {
    Write-Warning 'Failed to create user $($_.Username): $($_.Exception.Message)'
}
    add-bulk-users-powershell
  • After running the script, verify that the users were created successfully by checking the Active Directory Users and Computers snap-in.

Get instant clarity on all user creation events in AD with AdminDroid!

  • Track Active Directory user account creations with the created users report, which offers a comprehensive record of all users added to AD, including bulk creations.
  • It provides key details such as who created the user, the creation timestamp, the computer where the event was logged, etc., ensuring full accountability.
    created-users-in-ad

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
Active Directory
How to Export Active Directory Users
Active Directory Guides
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo