Active Directory User Reports
This page provides a list of Active Directory User reports including in the Active Directory Pro Toolkit. These are pre-built PowerShell scripts that enable administrators to quickly generate reports on users from Active Directory.
User reports provide administrators with important information about their Active Directory environment. From general user reports to security and compliance needs the AD Reporting Tool provides a comprehensive list of reports that are ready to run or can be fully customized to extract the exact user details you need.
Reports can be exported to CSV or HTML, see example reports below. Send me feedback on reports you would like to see included.
List of Built in Active Directory User Reports
1. All users
Get all users accounts in the domain. Includes first name, last name, logon name, street address, company, state, manager, email and job title.
Get-ADUser -filter * -properties * | select @{name='First Name'; expression={$_.givenname}},@{name='Last Name'; expression={$_.surname}},@{name='Logon Name'; expression={$_.SamAccountName}},@{name='Street Address'; expression={$_.streetaddress}},@{name='State/Province'; expression={$_.st}},manager,@{name='Email'; expression={$_.mail}},@{name='Job Title'; expression={$_.title}},company
2. All users from an organizational unit
Get all users from an organizational unit. Includes user first name, last name, logon name, street address, company, state, manager, email and job title.
3. All users organizational unit
Get all enabled users and list their organizational unit. Includes first name, last name, logon name and Parent Container OU.
4. All users email and proxyAddresses
Get all users mail and proxyaddresses. Includes first name, last name, logon name, mail and proxyaddresses.
5. Users allowed to dial-in
Get all users that have dial in set to “Allow access”. Includes user first name, last name, logon name and msNPAllowDialin attribute.
6. Users not allowed to dial-in
Get all users that are not allowed to dial in. Includes user first name, last name, logon name and msNPAllowDialin attribute
7. Users with a home drive directory
Get all users that have a home directory set. Includes user first name, last name, logon name, homedirectory attribute.
8. Users with logon script
Get all users that have a logon script set. Includes user first name, last name, logon name, scriptpath attribute.
9. Users without logon script
Get all users that do not have a logon script, scriptpath attribute is null. Includes user first name, last name, logon name, scriptpath attribute.
10. Users without managers
Get all users that do not have a manager assigned to them. Includes user first name, last name, logon name and manager.
11. Users with managers
Get all users that have a manager assigned. Manager attribute is null. Includes user first name, last name, logon name and manager.
12. User Account Control value for all users
Get all users and the UserAccountControl attribute value. Includes user first name, last name, logon name and useraccountcontrol attribute.
13. User Account Control is not 512 (Normal Account)
Most user accounts are set to normal (512), this will list all accounts that are not set to 512. Includes user first name, last name, logon name and useraccountcontrol attribute.
14. User Principal Name value for all users
Get all users and the user principal name. Includes user first name, last name, logon name and userprincipalname attribute.
15. EmployeeID & EmployeeNumber for all users
Get all users and the employeeID & employeenumber. Includes user first name, last name, logon name, employeeID and employeeNumber attribute.
15.Find user accounts keyword search by name
Get user account by a wildcard keyword search, searches user name. Includes first name, last name, logon name and name attribute
Account Status
16. Disabled Users
Get all disabled user accounts. Includes user fist name, last name, logon name, enabled, created, modified attributes.
17. Enabled Users
Get all enabled user accounts. Includes user fist name, last name, logon name, enabled, created, modified attributes.
18. Locked out users
Get all locked user accounts. Includes user fist name, last name, logon name, enabled, created, modified attributes.
19. Users created in the last 30 days
Get users accounts created in the last 30 days. Seach is based on the whenCreated attribute.
20. Users created in the last 60 days
Get user accounts created in the last 60 days
21. Users created in the last 90 days
Get user accounts created in the last 90 days
22. Users modified in the last 30 days
Get user accounts modified in the last 30 days. Search is based on the modified attribute.
23. Users modified in the last 60 days
Get user accounts modified in the last 60 days
24. Users modified in the last 7 days
Get user accounts modified in the last 7 days
25. Users with account that does not expire
Get user accounts that do expire. Includes user fist name, last name, logon name, created and accountexpirationdate attribute.
26. Users with an account that will expire in the next 7 days
Get all user accounts that will expire in the next 7 days. Includes user name and AccountExpirationDate attribute.
27. Users with an account that will expire in the next 30 days
Get all user accounts that will expire in the next 30 days. Includes user name and AccountExpirationDate attribute.
28. Users with an expired account
Get all user accounts that have expired. Includes user name and AccountExpirationDate attribute.
29. Users protected by AdminSDHolder
Get all users protected by AdminSDHolder. Includes user first name, last name and logon name.
30. Users protected from accidental deletion
Get all users protected from accidental deletion. Includes user first name, last name logon name and ProtectedFromAccidentalDeletion attribute.
31. Users not protected from accidental deletion
Get all users not protected from accidental deletion. Includes user first name, last name logon name and ProtectedFromAccidentalDeletion attribute.
32. Account is sensitive and cannot be delegated
Get user accounts that AccountNotDelegated is set to true. Includes user name and AccountNotDelegated attribute.
33. Users with account set to “Do not require Kerberos perauthentication”
Get all user account that are set to “Do not require Kerberos perauthentication”. Includes user fist name, last name, logon name, and DoesNotRequirePreAuth attribute.
Password Reports
34. Get Domain Password Policy
Get the domain password policy details.
35. Users that must change password at next logon
Gets users that must change password at next logon. Includes user first name, last name, logon name, user must change password value.
36. Users that changed their password in the last 30 days
Get all users that changed their passwords in the last 30 days. Includes user first name, last name, logon name and passwordlastset attribute.
37. Users that changed their password in the last 60 days
Get all users that changed their passwords in the last 60 days
38. Users that don’t require a password
Get all users that do not require a password. Includes user first name, last name, logon name and passwordnotrequired attribute.
39. Users that cannot change their password
Get all users that cannot change their password is set. Includes user first name, last name, logon name and cannotchangepassword attribute.
40. All users password expiration date
Get all users and their password expiration date. Includes user displayname and password expiration date.
41. Users with password that expires in 7 days
Get users that require a password change in the next 7 days. Includes user first name, last name, logon name and passwordlastset attribute.
42. Users with Password that expires in 1 day
Get users that require a password change in the next 1 days. Includes user first name, last name, logon name and passwordlastset attribute.
43. Users set with a password never expire
Get all users that are configured with a password that will never expire. Includes user first name, last name, logon name and passwordneverexpires attribute.
44. Users with expired passwords
Get all users accounts that their password has expired. Includes user first name, last name, logon name and passwordexpired attribute.
45. Users with bad password attempts in the last 30 days
Get users with bad password attempts in the last 30 days. Includes user first name, last name, logon name and LastBadPasswordAttempt attribute.
46. Users with bad password attempts in the last 7 days
Get users with bad password attempts in the last 7 days. Includes user first name, last name, logon name and LastBadPasswordAttempt attribute.
47. Users with bad password attempt int last 1 day
Get users with bad password attempts in the last 1 days. Includes user first name, last name, logon name and LastBadPasswordAttempt attribute.
48. Users with password stored using reversible encryption
Get all users that are configured with “Store password using reversible encryption”. Includes user name
49. Users last bad password attempt date/time
Get all users last bad password date and time. Includes user first name, last name, logon name and LastBadPasswordAttempt attribute
Logon Reports
50. Inactive users (lastlogontimestamp is blank)
Get all user accounts that have no value for the lastlogontimestamp attribute. These are most likely accounts that have never been used. Searches both enabled and disabled accounts.
51. Inactive users who are enabled
Get all user accounts that have no value for the lastlogontimestamp attribute. Searches only enabled accounts
52. Users that require a smart card for logon
Get all users that are set to “Smart card is required for interactive logon”. Includes user first name, last name, logon name, UserAccountControl attribute.
53. Users who can log on to all computers
Get users who can log on to all computers. Includes user first name, last name, logon name and logonworkstations attribute.
54. Users who can log on to selected computers (Log on to)
Get users that are configured to log on to selected computers. Includes user first name, last name, logon name and logonworkstations attribute.
55. Users who logged on last 30 days
Get users that have logged on in the last 30 days. Includes user first name, last name, logon name and LastLogonDate attribute.
56. Users who logged on last 7 days
Get users that have logged on in the last 7 days
57. Users who logged on today
Get users that have logged on in the last day
58. Users who logged last 24 hours
Users that have logged on in the last 24 hours
59. Users and their last logon date
Get all users and list their last logon date. Includes user first name, last name, logon name and LastLogonDate attribute.
This utility was designed to Monitor Active Directory and other critical applications. It will quickly spot domain controller issues, prevent replication failures, track failed logon attempts and much more.
What I like best about SAM is it's easy to use dashboard and alerting features. It also has the ability to monitor virtual machines and storage.Download Your Free Trial of SolarWinds Server & Application Monitor.
