How to Export All Contacts from Active Directory

A contact object in Active Directory represents individuals whose contact information needs to be stored within your organization, without granting login access. Unlike user objects, contact objects in AD only contain a GUID and attributes such as name, email address, phone number, and minimal details . These objects are primarily used to store non-employee contact details and serve as reference points for users within your organization.

Key purposes of contact objects in Active Directory

Users and contacts in Active Directory may appear similar since both store information about individuals in your environment. However, they serve distinct purposes and have different functionalities. Treating them the same, without understanding their differences, can lead to a disorganized AD structure and complicate management tasks.

To manage them effectively and avoid common pitfalls, let’s break down the key difference between contacts and users in Active Directory.

To create contacts in Active Directory for storing someone's information, you can use either the Active Directory Users and Computers console or PowerShell. Here’s how to create contacts using both methods, whether for a single contact or multiple contacts at once.

Create an Active Directory contact using ADUC

Follow the steps below in the Active Directory Users and Computers to create a contact in Active Directory.

• Right-click the Organizational Unit where you want to create the contact, then choose New»Contact.
• Enter the First name. Optionally, fill in Initials, Last name, Full name, and Display name.
• Click OK to create the Active Directory contact.

Create Active Directory contacts using PowerShell

Run the below cmdlet to create AD contacts through PowerShell.

New-ADObject -Name "<ContactName>" -Type contact -Path "<OrganizationalUnit>" -OtherAttributes @{'mail'="<MailAddress>"; 'TelephoneNumber'="<PhoneNumber>"}

Replace <ContactName> with the name of the contact and <OrganizationalUnit> with the distinguished name of the OU where you wish to create the AD contact object. Also, replace <MailAddress> and <PhoneNumber> with the respective contact details.

Creating contacts in Active Directory PowerShell individually can be time-consuming when you need to add many. To create multiple contacts in bulk in less time, follow the steps below.

$contacts = Import-Csv "<FilePath>"
foreach ($contact in $contacts) {
New-ADObject -Name "$($contact.FirstName) $($contact.LastName)" -Type contact -Path "$($contact.OrganizationalUnit)" -OtherAttributes @{
		'displayName' = $contact.DisplayName;
		'mail' = $contact.Email;
		'telephoneNumber' = $contact.Phone;
	}
}

Now you’ve learned how to create contacts in Active Directory, but it's important to keep them up-to-date as contact details can change over time. Moreover, when a contact object is created via ADUC, only basic details are entered, and attributes related to the contact may need to be updated accordingly.

Additionally, when a contact is no longer needed, it should be removed from the directory to maintain a clean directory.

How to modify a contact detail in Active Directory?

Follow the steps below in ADUC to update an Active Directory contact.

• Right-click the contact you want to update and select Properties.
• In the General tab, update the Telephone number, Email, Web page, Office name, etc.
• Add the contact's address in the Address tab and office details in the Organization tab.
• Store additional phone numbers under the Telephones tab and click OK to save all changes.

You can also use the Set-ADObject cmdlet as below to update the properties of an Active Directory contact using PowerShell.

Set-ADObject -Identity "<ContactDistinguishedName>" -Replace @{Mail="<NewMailAddress>"; TelephoneNumber="<NewPhoneNumber>"}

Note: This command updates only the mail address and telephone number. To modify other attributes, just add them to the -Replace hashtable of the Set-ADObject cmdlet.

How to remove a contact in Active Directory?

Outdated contact details can create confusion and clutter in Active Directory. When a contact is no longer needed, such as after switching vendors, follow these steps to delete the Active Directory contact.

• Open Active Directory Users and Computers snap-in.
• Right-click the contact you want to remove and choose Delete.
• Click Yes in the confirmation prompt to remove the contact from Active Directory.

You can use the Remove-ADObject cmdlet below to delete a contact in Active Directory with PowerShell.

Remove-ADObject -Identity "<ContactDistinguishedName>"

• With AdminDroid’s contact reports, like recently created, modified, and deleted contacts, you get complete visibility into every contact change in your organization.
• You can instantly track when a contact is created, modified, or deleted, with details such as the contact name, OU name, office name, mail, telephone number, etc

Handy Tip: If you found something unusual, you can easily remove, edit, or restore the contacts in Active Directory directly from the report with just a few clicks.

Effective communication is crucial for any organization, especially when collaborating with external partners, vendors, or clients. Instead of manually emailing each external contact, adding them to a distribution group in Active Directory (AD) and emailing the group ensures seamless communication.

Although contacts can also be added to security groups, they serve no functional purpose since contacts cannot be used for permission-based access. Therefore, it is best to add contacts only to distribution groups.

Add a contact to a distribution group using Active Directory Users and Computers

• Open Active Directory Users and Computers and navigate to the OU where the contact is stored.
• Right-click the contact and select Properties. Then, go to the Member Of tab and click Add...
• In the Enter the object names to select field, type the group name.
• If unsure of the exact name, type the beginning of the name and click Check Names to verify. Select the correct group from the list and click "OK".
• Click Apply, then OK to save the changes and add the Active Directory contact to the distribution group.

Add contacts to groups using Active Directory PowerShell

In the cmdlet below, replace <ContactName> with the contact’s distinguished name and <GroupName> with the distribution group display name where the contact should be added. Then, run the cmdlet to add AD contacts to a group with PowerShell

Set-ADGroup "<GroupName>" -Add @{'member'= '<ContactName>'}

You can also add multiple contacts using the above cmdlet by separating their distinguished names with commas. For example, the below cmdlet adds Alexia Vendors and Amy Thomas to the HR Team Leads group.

Set-ADGroup "HR Team Leads" -Add @{'member'= ‘CN=Alexia Vendors,OU=USA marketing,DC=contoso,DC=local', ‘CN=Amy Thomas,OU=European Marketing,DC=contoso,DC=local’} 

Handy Tip: To add many contacts to a group, first create a CSV file with all contact DNs under the column name “ContactDN” and run the following script.

$contacts = Import-Csv "<FilePath>"
foreach ($contact in $contacts) {
	Set-ADGroup -Identity "<GroupName>" -Add @{member=$contact.ContactDN}
}