by Jod_Lan at 2013-02-22 13:26:20
I need a Powershell script that will export users of a specific security group into a csv file. The only 2 pieces of information I need are the logon name, and whether they are active or disabled. I found the following script, which works, but I’m not sure how to narrow it down to just the 2 pieces of info I need, and have it run against a specific global security group, rather than all users in the domain:by DexterPOSH at 2013-02-23 22:11:22
$NumDays = 0
$LogDir = ".\User-Accounts.csv"
$currentDate = [System.DateTime]::Now
$currentDateUtc = $currentDate.ToUniversalTime()
$lltstamplimit = $currentDateUtc.AddDays(- $NumDays)
$lltIntLimit = $lltstampLimit.ToFileTime()
$adobjroot = [adsi]‘’
$objstalesearcher = New-Object System.DirectoryServices.DirectorySearcher($adobjroot)
$objstalesearcher.filter = "(&(objectCategory=person)(objectClass=user)(lastLogonTimeStamp<=" + $lltIntLimit + "))"
$users = $objstalesearcher.findall() | select<br>@{e={$_.properties.cn};n='Display Name'},
@{e={$.properties.samaccountname};n=‘Username’},<br>@{e={[datetime]]$_.properties.lastlogontimestamp[0])};n='Last Logon'},
@{e={[string]$adspath=$.properties.adspath;$account=[ADSI]$adspath;$account.psbase.invokeget(‘AccountDisabled’)};n=‘Account Is Disabled’}
$users | Export-CSV -NoType $LogDir
Any help is much appreciated. I am as n00b as it gets when it comes to Powershell, but I can follow instructions to the letter.
If the above code works correctly for you then if you are looking only for the 2 piece of information then you need to make the following changes:by Jod_Lan at 2013-02-25 06:24:30
$NumDays = 0
$LogDir = ".\User-Accounts.csv"
$currentDate = [System.DateTime]::Now
$currentDateUtc = $currentDate.ToUniversalTime()
$lltstamplimit = $currentDateUtc.AddDays(- $NumDays)
$lltIntLimit = $lltstampLimit.ToFileTime()
$adobjroot = [adsi]‘’
$objstalesearcher = New-Object System.DirectoryServices.DirectorySearcher($adobjroot)
$objstalesearcher.filter = "(&(objectCategory=person)(objectClass=user)(lastLogonTimeStamp<=" + $lltIntLimit + "))"
$users = $objstalesearcher.findall() | select<br>@{e={$_.properties.samaccountname};n='Username'},
@{e={[string]$adspath=$_.properties.adspath;$account=[ADSI]$adspath;$account.psbase.invokeget(‘AccountDisabled’)};n=‘Account Is Disabled’}
$users | Export-CSV -NoType $LogDir
This is the simplest thing that can get you started, I hope so.
What I have done is removed from the select portion, things that you don’t want .
Hope it helps
Regards,
~Dexter~
That does clean it up, thanks. The one thing I noticed on yours and the original is that the export stops at 1000 rows, minus the top header. There are about 3100 users in the group I’m trying to gather information about. Is there anything in the script that would limit this?by DexterPOSH at 2013-03-07 03:46:07
Also, what will I need to add to the script to narrow it down to a specific security group?
Sorry Jod_Lan it took me a while to look into this,
By default the DirectorySearcher will give you only 1000 objects you need to set a property called the ‘sizelimit’ .
But that may not solve your problem as the documentation saysThe server stops searching after the size limit is reached and returns the results accumulated up to that point.
If you set SizeLimit to a value that is larger than the server-determined default of 1000 entries, the server-determined default is used.
I would advice better to use Quest AD Cmdlets or Microsoft AD Cmdlets to fulfill your purpose.
P.S. - To narrow the script to a specific security group, probably you will have to modify the filter
Hope that helps