Export AD Users to CSV with PowerShell

In this tutorial, you will learn how to export Active Directory users to CSV with PowerShell.

I’ll also show you how to export users from an OU, and get specific user attributes like last logon, email addresses, state, city, and so on.

To run the commands from this guide you need to make sure PowerShell is up to date and you have the RSAT tools installed. For this demo, I’m using a Windows 10 computer and using PowerShell version 5.1.

Export AD Users to CSV With PowerShell

Step 1: Open PowerShell as Administrator.

Step 2: To get a list of all active directory users, use this command.

get-aduser -filter * -Properties * | select displayname, city, company, department, EmailAddress, telephonenumber | format-table

Below is a screenshot from my domain.

Step 3. To export the list of users to CSV use this command.

get-aduser -filter * -Properties * | select displayname, city, company, department, EmailAddress, telephonenumber | export-csv -path c:\temp\export-all.csv

Option #2 AD User Export Tool

In this example, I’ll use the AD User Export Tool from the AD Pro Toolkit. This tool makes it very easy to export all users, users from an OU or group.

Step 1: Click run to get a list of all users. Optionally click browse to select an OU or group. You can also click columns to add and remove user attributes.

Step 2. Click export.

The AD User Export Tool is 1 of 19 tools included in the AD Pro Toolkit.

How to Export Active Directory Users to CSV

Here are the steps to export Active Directory users to CSV.

Step 1: Get-ADUser PowerShell Command

To export users with PowerShell, the Get-ADUser cmdlet is used. This command will get user accounts from Active Directory and display all or selected attributes. It’s important to know how this command works so you can export the data you need.

The most important thing to remember is how to display all the user attributes. This will come in useful when you want to export only specific account details.

The below command will get all user attributes for a single user.

get-aduser -identity username -Properties *

Change the “username” to a user in your domain.

Pay attention to the left column. These are the user attribute names and the values on the right. In example 4, I’ll show you how to select specific attributes to include in the export.

Related: How to bulk modify user attributes

Step 2: Export to CSV command

Add “export-CSV -path” to the end of the command to export to a CSV file. See the below example, I’m exporting all the properties for this user to c:\temp\export.csv.

get-aduser -identity username -Properties * | export-csv -path c:\temp\export.csv

You should now have a CSV export of all user properties for a single user.

Step 3: Export specific user attributes

If you don’t want to export all user attributes then use the “select-object” command and enter only the attributes you need. If you have followed along from the beginning then you know how to find the attribute names, if not then jump to example 2.

In the below example I’ll export the DisplayName, City and State.

get-aduser -identity username -Properties * | select DisplayName, City, State | export-csv -path c:\temp\export.csv

Step 4: How to export all users

To export all users remove (-identity) and add (-filter *) to the command. In the below example I’m exporting all users and selecting displayname, city, company, department, EmailAddress, and telephonenumber.

get-aduser -filter * -Properties * | select displayname, city, company, department, EmailAddress, telephonenumber | export-csv -path c:\temp\export-all.csv

Here is what this looks like in Powershell.

Here is the CSV.

Step 5: Export Users from a specific OU

To export users from specific OUs use the “-SearchBase” command and the “distinguishedName” value of the OU.

In the below example I’m getting all the users in my accounting OU.

Get-ADUser -Filter * -Properties * -SearchBase "OU=Accounting,OU=ADPRO Users,DC=ad,DC=activedirectorypro,DC=com" | select displayname, DistinguishedName, Enabled

Here is the PowerShell output.

Then add export-csv -path to the end to export this to CSV.

Get-ADUser -Filter * -Properties * -SearchBase "OU=Accounting,OU=ADPRO Users,DC=ad,DC=activedirectorypro,DC=com" | select displayname, DistinguishedName, Enabled | export-csv -path c:\temp\export-ou.csv

At this point, you should be able to export single, all users, or users from a specific OU. I also showed you how to export all or specific user attributes.

Below are a few more PowerShell examples.

Export only enabled users

To get just the enabled user accounts you need to add a filter that searches for enabled = true.

Get-ADUser -Filter {Enabled -eq $true} -properties * | select-object samaccountname,givenname,surname,Enabled | export-csv -path c:\export\exportusers.csv

Export users to CSV with last logon date

get-aduser -Filter *  -Properties * | select displayname, LastLogonDate | export-csv -path c:\temp\export_lastlogon.csv

Export Users With the GUI AD Export Tool

In this example, I’ll use the AD User Export Tool from the AD Pro Toolkit. This tool makes it very easy to export all users, users from an OU or group.

Step 1. Download the AD Pro Toolkit.

Click here to download a free trial

You can install the tool on your local computer or a server.

Step 2. Click on the Export Users Tool.

From the list of tools click on Export Users.

Step 3. Choose Paths and click Run.

In the search criteria box pick where you want to export from, you can pick the following:

  • Entire Domain – This will export all users in your domain
  • Select OU or Group – This allows you to select one or multiple OUs or groups to export.

In this example, I’m going to export all users from the Accounting and HR OUs.

Click Browse to select an OU or group.

When you click run the results will be displayed in the results area.

Step 4. Export Users to CSV

To export the results to CSV click the export button and choose your format.

Here is an example export.

If you want to add or remove user fields click on the Columns button

The attribute picker has over 50 attributes you can easily add or remove to the export.

Include Users Group Membership in the CSV

One nice feature of the GUI tool is it will include the user’s group membership.

Below is an example from my export. So for each user, it will show you which security groups they are a member of. Of course, you can just uncheck “memberOf” in the columns picker if you don’t want to see this info.

The graphical user export tool makes it easy for anyone to export user information to CSV. If you don’t want to mess with complicated PowerShell scripts then I recommend checking it out.

Export Users with Active Directory Users and Computers

This method uses the Active Directory Users and Computers console to export users. If you need a very basic export with limited user fields then this option is for you. The one problem is it is limited to a single folder.

Step 1: Open Active Directory Users and Computers

Step 2: Browse to the container that has the users you want to export.

In my test environment, I’ll be exporting the users from the HR container.

Step 3: Click the export button

Now just browse to where you want to save the file, name it and change save as type to CSV.

I’ll open the CSV file in excel to verify it was exported.

Yes, it worked.

How Do You Export All Users to CSV?

The problem with exporting users from ADUC (Active Directory Users and Computers Console)is that it only exports users from a specific folder. If you have users organized into many different folders, you would have to export from each one of them.

To Export all Users you have two options.

  1. User Export GUI Tool
  2. PowerShell

Using the GUI tool you just select “Entire Domain” and click run.

With PowerShell, the below command will export all users to CSV. This will just export the user’s name, you will need to add additional attributes as needed.

Get-ADUser -Filter * -Properties * | Select-Object name | export-csv -path c:\export\allusers.csv

Related Content

56 thoughts on “Export AD Users to CSV with PowerShell”

  1. Hi Robert,
    In Powershell this works.
    Get-ADUser -Filter * -Properties * -SearchBase “OU=Accounting,OU=ADPRO Users,DC=ad,DC=activedirectorypro,DC=com” | select displayname, DistinguishedName, Enabled | export-csv -path c:\temp\export-ou.csv

    But what if I want to list all users in ‘Accounting’ regrdless if they are in ‘ADPRO users” or not.
    Can’t find a way to do this.
    Thanks in advance, Gideon.

    Reply
    • Hi,

      You can use a filter to list users in a specific department. For example, to get all users in the Purchasing department use this command.

      get-aduser -Filter {department -eq “Purchasing”} -properties department | Select sAMAccountName, department

      Reply
  2. This has helped immensely. I need help with applying filters to include only records where specific fields are not blank. For example mail or givenName are not blank or empty. For something like CSVDE in the past I’ve used -r “(&(mail=*)(givenName=*)”.
    TIA

    Reply
  3. Hi Robert,

    I need some help from you Please check the below cmdlet.

    Get-ADUser -filter * -Properties MemberOf, LastLogonDate, Canonicalname, name, WhenCreated, description |Select-Object MemberOf, Canonicalname, name, whenCreated, description | Format-Table

    when i run this above command it showed me proper in Powershell windows but when i export this csv format in memberof column i am getting this type of message Microsoft.ActiveDirectory.Management.ADPropertyValueCollection
    rest all data output in proper way can please help me to get the correct command.
    Thanks

    Reply
  4. Is there a way to update the users from the exported CSV file?

    I have successfully exported a CSV with all the attributes required but now I want to update the CSV with phone numbers job titles etc. then run a powershell cmd that will update each users attributes.

    #TYPE Selected.Microsoft.ActiveDirectory.Management.ADUser
    “displayname”,”samaccountname”,”givenname”,”surname”,”description”,”title”,”city”,”company”,”department”,”EmailAddress”,”userprincipalname”,”telephonenumber”,”mobile”

    Thanks!

    Reply
    • Hi, try this command.

      Get-ADObject -IncludeDeletedObjects -Filter {objectClass -eq “user” -and IsDeleted -eq $True} -Properties displayname, whencreated,whenchanged | select -Property displayname, whencreated,whenchanged

      Reply
  5. We get requests like this. Give John Doe the same permissions and access as Jane Doe.

    Is there a way to see permissions and access by user rather than looking at the properties of each folder?

    We are starting with a list of unknown folders because we can’t see everything that Jane Doe has access to. So we have to ask the requester to provide a list of folders they want them to have access to.

    Reply
    • The best way to do this is to grant permissions to groups rather than users. The groups should have a naming convention and describe exactly what they are used for. This way you can look at a users group membership and quickly determine what they have access to. If you are not setup this way you will need to scan the folders to analyze the permissions.

      You can check folder permissions with PowerShell or a GUI tool. Refer to the article List List NTFS Permissions on all folders for details.

      Reply
  6. I have a list of users in csv, but I need to export certain AD attributes for each user.
    Any idea how to put it in PowerShell string?

    Thanks!

    Reply
  7. Thanks for this. Just one typo in your command right above the summary.
    Get-ADUser -Filter * -Properties * | Select-Object name | export-csv -path c:\export\allusers.scv should be .csv at the end.

    Reply
  8. Hi, question from support perspective.
    If you’re exporting all users and an extension attribute within an organization, would this have any impact on the users at all? Is it possible to slow down the system enough to impact users logging into the same servers?

    Reply
    • With the AD Pro Toolkit, I exported about 3000 users and it took 10 seconds. While it was running the domain controller CPU went from 7% to 30% for those 10 seconds. My test server has 1 CPU with 2GB ram, a very small server. In production, I would recommend 2 CPUs and at least 4GB ram.

      PowerShell uses very little CPU but took about 1 minute to export 3k users.

      Neither option should impact users logging in but that depends on the CPU/Mem usage before its run. What does your CPU/Mem usage show before running an export?

      Reply
    • Hi
      I would need to export all users who do not have the extensionAttribue1 “Azuresync” what is the powershell command

      Tanks

      Reply
  9. Hey Robert,

    I tried using the command, but my syntax may be wrong. Can you take a look?

    Get-AdUser -Filter * -SearchBase “OU=Digicel,OU=Bermuda,OU=Users,DC=BMU-DC-001,DC=digicelgroup,DC=local” -Property * | select-ObjectName, SamAccountName, PasswordExpired, PasswordLastSet, LastLogonDate, Enabled, DistinguishedName, DisplayName, GivenName, SurName|export-csv C:\Documents\output.csv

    Thanks,

    Reply
    • You’re missing -Properties * and you need a space after Select-Object and before the Export. FYI- the path for Documents is not in C:\ unless you actually have a folder called Documents under the C drive. Use the C:\Temp if unsure.
      Try this:-

      Get-AdUser -Filter * -Properties * -SearchBase “OU=Digicel,OU=Bermuda,OU=Users,DC=BMU-DC-001,DC=digicelgroup,DC=local” -Property * | Select-Object Name, SamAccountName, PasswordExpired, PasswordLastSet, LastLogonDate, Enabled, DistinguishedName, DisplayName, GivenName, SurName | export-csv C:\Temp\output.csv

      Reply
      • Just noticed your properties * was in a different place…

        Use this one instead:-

        Get-AdUser -Filter * -Properties * -SearchBase “OU=Digicel,OU=Bermuda,OU=Users,DC=BMU-DC-001,DC=digicelgroup,DC=local” | Select-Object Name, SamAccountName, PasswordExpired, PasswordLastSet, LastLogonDate, Enabled, DistinguishedName, DisplayName, GivenName, SurName | export-csv C:\Temp\output.csv

        Reply
  10. Hi,

    Can you please tell me where I gone wrong with “Get-ADUser -Filter * -property * | Select-object Name, Title -SearchBase “OU=O365,OU=Users,DC=danielx64,DC=com,DC=au” | export-csv -path c:\export\allusers.csv”?

    Cheers

    Reply
    • Daniel,

      The -searchbase is in the wrong place. Try this

      Get-ADUser -Filter * -SearchBase “OU=O365,OU=Users,DC=danielx64,DC=com,DC=au” -property * | Select-object Name, Title | export-csv -path c:\export\allusers.csv

      Reply
  11. this was very useful, however I would like to get the unix attributes, such as uid and gid. These show up as {username} rather then the number when I use get-aduser username -properties *

    Reply
  12. Actually that script isnt what I was looking for.
    What I am referring to is when you open up the properties of a user and select the “account” tab, there is a button that says “log on to” and it shows what machines on the domain that that user is allowed to log on to.

    Reply
  13. I am trying to export a list of our AD users as well as their “Log On To” permissions to a CSV file. How could I do this?

    Reply
    • CH, I think that is the logonWorkstation attribute. Try this

      Get-ADUser -Filter * -Properties * | select name, logonworkstation

      Reply
  14. Do you have video on import LDAP users in to AD?. I am trying to import our LDAP users to AD then to Azure. I am able to migrate from AD to Azure AD just need to work on the LDAP to AD part 🙂

    Reply
  15. Hey Robert,

    Thanks for putting this up. I’m curious if there is a way to list all users and all associated groups or organizational units in a single spread sheet?

    I’ve got some software that needs to auto-group users by AD Group or OU but operates outside Microsoft Active Directory. I’d love to be able to have a user generate a CSV that has person/user in a column and then what groups or OU’s they are associated with.

    Thx,

    Dave

    Reply
    • It helped me immensely today as well. I don’t have access to the AD server, but I can ‘read’ AD with the MMC app. This was the first tutorial of several I had reviewed that got me exactly what I needed. Thank you, Mr. Robert Allen!

      Reply

Leave a Reply to CH Cancel reply