In this tutorial, you will learn how to export Active Directory users to CSV with PowerShell.
I’ll also show you how to export users from an OU, and get specific user attributes like last logon, email addresses, state, city, and so on.
To run the commands from this guide you need to make sure PowerShell is up to date and you have the RSAT tools installed. For this demo, I’m using a Windows 10 computer and using PowerShell version 5.1.
Export AD Users to CSV With PowerShell
Step 1: Open PowerShell as Administrator.
Step 2: To get a list of all active directory users, use this command.
get-aduser -filter * -Properties * | select displayname, city, company, department, EmailAddress, telephonenumber | format-tableBelow is a screenshot from my domain.
Step 3. To export the list of users to CSV use this command.
get-aduser -filter * -Properties * | select displayname, city, company, department, EmailAddress, telephonenumber | export-csv -path c:\temp\export-all.csvOption #2 AD User Export Tool
In this example, I’ll use the AD User Export Tool from the AD Pro Toolkit. This tool makes it very easy to export all users, users from an OU or group.
Step 1: Click run to get a list of all users. Optionally click browse to select an OU or group. You can also click columns to add and remove user attributes.
Step 2. Click export.
The AD User Export Tool is 1 of 19 tools included in the AD Pro Toolkit.
How to Export Active Directory Users to CSV
Here are the steps to export Active Directory users to CSV.
Step 1: Get-ADUser PowerShell Command
To export users with PowerShell, the Get-ADUser cmdlet is used. This command will get user accounts from Active Directory and display all or selected attributes. It’s important to know how this command works so you can export the data you need.
The most important thing to remember is how to display all the user attributes. This will come in useful when you want to export only specific account details.
The below command will get all user attributes for a single user.
get-aduser -identity username -Properties *Change the “username” to a user in your domain.
Pay attention to the left column. These are the user attribute names and the values on the right. In example 4, I’ll show you how to select specific attributes to include in the export.
Related: How to bulk modify user attributes
Step 2: Export to CSV command
Add “export-CSV -path” to the end of the command to export to a CSV file. See the below example, I’m exporting all the properties for this user to c:\temp\export.csv.
get-aduser -identity username -Properties * | export-csv -path c:\temp\export.csv
You should now have a CSV export of all user properties for a single user.
Step 3: Export specific user attributes
If you don’t want to export all user attributes then use the “select-object” command and enter only the attributes you need. If you have followed along from the beginning then you know how to find the attribute names, if not then jump to example 2.
In the below example I’ll export the DisplayName, City and State.
get-aduser -identity username -Properties * | select DisplayName, City, State | export-csv -path c:\temp\export.csvStep 4: How to export all users
To export all users remove (-identity) and add (-filter *) to the command. In the below example I’m exporting all users and selecting displayname, city, company, department, EmailAddress, and telephonenumber.
get-aduser -filter * -Properties * | select displayname, city, company, department, EmailAddress, telephonenumber | export-csv -path c:\temp\export-all.csvHere is what this looks like in Powershell.
Here is the CSV.
Step 5: Export Users from a specific OU
To export users from specific OUs use the “-SearchBase” command and the “distinguishedName” value of the OU.
In the below example I’m getting all the users in my accounting OU.
Get-ADUser -Filter * -Properties * -SearchBase "OU=Accounting,OU=ADPRO Users,DC=ad,DC=activedirectorypro,DC=com" | select displayname, DistinguishedName, EnabledHere is the PowerShell output.
Then add export-csv -path to the end to export this to CSV.
Get-ADUser -Filter * -Properties * -SearchBase "OU=Accounting,OU=ADPRO Users,DC=ad,DC=activedirectorypro,DC=com" | select displayname, DistinguishedName, Enabled | export-csv -path c:\temp\export-ou.csvAt this point, you should be able to export single, all users, or users from a specific OU. I also showed you how to export all or specific user attributes.
Below are a few more PowerShell examples.
Export only enabled users
To get just the enabled user accounts you need to add a filter that searches for enabled = true.
Get-ADUser -Filter {Enabled -eq $true} -properties * | select-object samaccountname,givenname,surname,Enabled | export-csv -path c:\export\exportusers.csvExport users to CSV with last logon date
get-aduser -Filter * -Properties * | select displayname, LastLogonDate | export-csv -path c:\temp\export_lastlogon.csvExport Users With the GUI AD Export Tool
In this example, I’ll use the AD User Export Tool from the AD Pro Toolkit. This tool makes it very easy to export all users, users from an OU or group.
Step 1. Download the AD Pro Toolkit.
Click here to download a free trial
You can install the tool on your local computer or a server.
Step 2. Click on the Export Users Tool.
From the list of tools click on Export Users.
Step 3. Choose Paths and click Run.
In the search criteria box pick where you want to export from, you can pick the following:
- Entire Domain – This will export all users in your domain
- Select OU or Group – This allows you to select one or multiple OUs or groups to export.
In this example, I’m going to export all users from the Accounting and HR OUs.
Click Browse to select an OU or group.
When you click run the results will be displayed in the results area.
Step 4. Export Users to CSV
To export the results to CSV click the export button and choose your format.
Here is an example export.
If you want to add or remove user fields click on the Columns button
The attribute picker has over 50 attributes you can easily add or remove to the export.
Include Users Group Membership in the CSV
One nice feature of the GUI tool is it will include the user’s group membership.
Below is an example from my export. So for each user, it will show you which security groups they are a member of. Of course, you can just uncheck “memberOf” in the columns picker if you don’t want to see this info.
The graphical user export tool makes it easy for anyone to export user information to CSV. If you don’t want to mess with complicated PowerShell scripts then I recommend checking it out.
Export Users with Active Directory Users and Computers
This method uses the Active Directory Users and Computers console to export users. If you need a very basic export with limited user fields then this option is for you. The one problem is it is limited to a single folder.
Step 1: Open Active Directory Users and Computers
Step 2: Browse to the container that has the users you want to export.
In my test environment, I’ll be exporting the users from the HR container.
Step 3: Click the export button
Now just browse to where you want to save the file, name it and change save as type to CSV.
I’ll open the CSV file in excel to verify it was exported.
Yes, it worked.
How Do You Export All Users to CSV?
The problem with exporting users from ADUC (Active Directory Users and Computers Console)is that it only exports users from a specific folder. If you have users organized into many different folders, you would have to export from each one of them.
To Export all Users you have two options.
- User Export GUI Tool
- PowerShell
Using the GUI tool you just select “Entire Domain” and click run.
With PowerShell, the below command will export all users to CSV. This will just export the user’s name, you will need to add additional attributes as needed.
Get-ADUser -Filter * -Properties * | Select-Object name | export-csv -path c:\export\allusers.csv
Hi Robert,
In Powershell this works.
Get-ADUser -Filter * -Properties * -SearchBase “OU=Accounting,OU=ADPRO Users,DC=ad,DC=activedirectorypro,DC=com” | select displayname, DistinguishedName, Enabled | export-csv -path c:\temp\export-ou.csv
But what if I want to list all users in ‘Accounting’ regrdless if they are in ‘ADPRO users” or not.
Can’t find a way to do this.
Thanks in advance, Gideon.
Hi,
You can use a filter to list users in a specific department. For example, to get all users in the Purchasing department use this command.
get-aduser -Filter {department -eq “Purchasing”} -properties department | Select sAMAccountName, department
This has helped immensely. I need help with applying filters to include only records where specific fields are not blank. For example mail or givenName are not blank or empty. For something like CSVDE in the past I’ve used -r “(&(mail=*)(givenName=*)”.
TIA
Hi Robert,
I need some help from you Please check the below cmdlet.
Get-ADUser -filter * -Properties MemberOf, LastLogonDate, Canonicalname, name, WhenCreated, description |Select-Object MemberOf, Canonicalname, name, whenCreated, description | Format-Table
when i run this above command it showed me proper in Powershell windows but when i export this csv format in memberof column i am getting this type of message Microsoft.ActiveDirectory.Management.ADPropertyValueCollection
rest all data output in proper way can please help me to get the correct command.
Thanks
Here is a possible solution.
Exporting multivalued attributes with Export-CSV cmdlet
Is there a way to update the users from the exported CSV file?
I have successfully exported a CSV with all the attributes required but now I want to update the CSV with phone numbers job titles etc. then run a powershell cmd that will update each users attributes.
#TYPE Selected.Microsoft.ActiveDirectory.Management.ADUser
“displayname”,”samaccountname”,”givenname”,”surname”,”description”,”title”,”city”,”company”,”department”,”EmailAddress”,”userprincipalname”,”telephonenumber”,”mobile”
Thanks!
You can update users from a CSV with the set-aduser cmdlet.
There are some examples of updating the proxyAddress in this guide. You can modify the PowerShell command to update other user attributes.
https://activedirectorypro.com/how-to-bulk-update-proxyaddresses-attribute/
Here are some examples of bulk updating user attributes with the AD Pro Toolkit.
https://activedirectorypro.com/how-to-bulk-modify-ad-user-attributes/
Hi Robert,
Thanks for the quick reply. These examples you have provided were exactly what I needed.
What colour is your cape and what is your Hero name?
Thanks!
Hi Roberts, how do i export deleted users to CSV file on Windows server 2016 & 2019
Please, it is very urgent
Hi, try this command.
Get-ADObject -IncludeDeletedObjects -Filter {objectClass -eq “user” -and IsDeleted -eq $True} -Properties displayname, whencreated,whenchanged | select -Property displayname, whencreated,whenchanged
We get requests like this. Give John Doe the same permissions and access as Jane Doe.
Is there a way to see permissions and access by user rather than looking at the properties of each folder?
We are starting with a list of unknown folders because we can’t see everything that Jane Doe has access to. So we have to ask the requester to provide a list of folders they want them to have access to.
The best way to do this is to grant permissions to groups rather than users. The groups should have a naming convention and describe exactly what they are used for. This way you can look at a users group membership and quickly determine what they have access to. If you are not setup this way you will need to scan the folders to analyze the permissions.
You can check folder permissions with PowerShell or a GUI tool. Refer to the article List List NTFS Permissions on all folders for details.
I have a list of users in csv, but I need to export certain AD attributes for each user.
Any idea how to put it in PowerShell string?
Thanks!
Hi Robert,
would like to export reports which shows only administrators only.
Thank you
I’m assuming domain administrators? See the article export active directory groups for steps.
Hi
Any steps on how to do email forwarding to external email in bulk using csv file?
Thanks for the reply
Thanks for this. Just one typo in your command right above the summary.
Get-ADUser -Filter * -Properties * | Select-Object name | export-csv -path c:\export\allusers.scv should be .csv at the end.
Thanks, I have updated it.
thanks for posting It have helpful for today
Hi, question from support perspective.
If you’re exporting all users and an extension attribute within an organization, would this have any impact on the users at all? Is it possible to slow down the system enough to impact users logging into the same servers?
With the AD Pro Toolkit, I exported about 3000 users and it took 10 seconds. While it was running the domain controller CPU went from 7% to 30% for those 10 seconds. My test server has 1 CPU with 2GB ram, a very small server. In production, I would recommend 2 CPUs and at least 4GB ram.
PowerShell uses very little CPU but took about 1 minute to export 3k users.
Neither option should impact users logging in but that depends on the CPU/Mem usage before its run. What does your CPU/Mem usage show before running an export?
Hi
I would need to export all users who do not have the extensionAttribue1 “Azuresync” what is the powershell command
Tanks
kindly send me command to get all users manager name without ou details included
Hello Can you the steps to follow to extract ad users by licence ?
would like to export users based on “Office”
Check out the user export tool I created, it included 26 user attributes that can be included in the export.
Server 2016, I would like to export users and groups they are in for instance “everybody”. Any ideas?
Hi PJ,
I created a GUI tool that makes this super easy, check it out.
https://activedirectorypro.com/reporting/
Thanks, very helpful.
Can we also export password?
No. Active Directory stores them in an encrypted format so they cannot be exported.
Hey Robert,
I tried using the command, but my syntax may be wrong. Can you take a look?
Get-AdUser -Filter * -SearchBase “OU=Digicel,OU=Bermuda,OU=Users,DC=BMU-DC-001,DC=digicelgroup,DC=local” -Property * | select-ObjectName, SamAccountName, PasswordExpired, PasswordLastSet, LastLogonDate, Enabled, DistinguishedName, DisplayName, GivenName, SurName|export-csv C:\Documents\output.csv
Thanks,
You’re missing -Properties * and you need a space after Select-Object and before the Export. FYI- the path for Documents is not in C:\ unless you actually have a folder called Documents under the C drive. Use the C:\Temp if unsure.
Try this:-
Get-AdUser -Filter * -Properties * -SearchBase “OU=Digicel,OU=Bermuda,OU=Users,DC=BMU-DC-001,DC=digicelgroup,DC=local” -Property * | Select-Object Name, SamAccountName, PasswordExpired, PasswordLastSet, LastLogonDate, Enabled, DistinguishedName, DisplayName, GivenName, SurName | export-csv C:\Temp\output.csv
Just noticed your properties * was in a different place…
Use this one instead:-
Get-AdUser -Filter * -Properties * -SearchBase “OU=Digicel,OU=Bermuda,OU=Users,DC=BMU-DC-001,DC=digicelgroup,DC=local” | Select-Object Name, SamAccountName, PasswordExpired, PasswordLastSet, LastLogonDate, Enabled, DistinguishedName, DisplayName, GivenName, SurName | export-csv C:\Temp\output.csv
Hi,
Can you please tell me where I gone wrong with “Get-ADUser -Filter * -property * | Select-object Name, Title -SearchBase “OU=O365,OU=Users,DC=danielx64,DC=com,DC=au” | export-csv -path c:\export\allusers.csv”?
Cheers
Daniel,
The -searchbase is in the wrong place. Try this
Get-ADUser -Filter * -SearchBase “OU=O365,OU=Users,DC=danielx64,DC=com,DC=au” -property * | Select-object Name, Title | export-csv -path c:\export\allusers.csv
this was very useful, however I would like to get the unix attributes, such as uid and gid. These show up as {username} rather then the number when I use get-aduser username -properties *
I wanna to export from a particular active directory not all active directories
Do you mean from a specific OU?
Actually that script isnt what I was looking for.
What I am referring to is when you open up the properties of a user and select the “account” tab, there is a button that says “log on to” and it shows what machines on the domain that that user is allowed to log on to.
That attribute is userWorkstations
Thanks! That worked perfectly!
I am trying to export a list of our AD users as well as their “Log On To” permissions to a CSV file. How could I do this?
CH, I think that is the logonWorkstation attribute. Try this
Get-ADUser -Filter * -Properties * | select name, logonworkstationExcellent thank you much
No problem
Do you have video on import LDAP users in to AD?. I am trying to import our LDAP users to AD then to Azure. I am able to migrate from AD to Azure AD just need to work on the LDAP to AD part 🙂
Yes, I have a complete tutorial with a video
https://activedirectorypro.com/create-bulk-users-active-directory/
Hello, how do I exclude disabled accounts in the query? I only need active users
Hi Lamin,
Here is an example of returning only enabled users.
Get-ADUser -Filter ‘enabled -eq $true’ -Properties * | Select-Object name | export-csv -path c:\export\allusers.scv
Hey Robert,
Thanks for putting this up. I’m curious if there is a way to list all users and all associated groups or organizational units in a single spread sheet?
I’ve got some software that needs to auto-group users by AD Group or OU but operates outside Microsoft Active Directory. I’d love to be able to have a user generate a CSV that has person/user in a column and then what groups or OU’s they are associated with.
Thx,
Dave
hi there
i want to know how do i export all my users in AD with all permissions ??
thanks
What do you mean by all permissions? Are you wanting the security group membership?
Thank you for posting this. It was very helpful for me today.
No problem, glad it was helpful!
It helped me immensely today as well. I don’t have access to the AD server, but I can ‘read’ AD with the MMC app. This was the first tutorial of several I had reviewed that got me exactly what I needed. Thank you, Mr. Robert Allen!