As an administrator, it is essential to always be looking for any activity that deviates from normal as this could be indicative of an attack. Users with sufficient administrative rights can create any number of user accounts in Active Directory and these accounts can then be used to manipulate or steal sensitive data. It is, therefore, crucial to regularly monitor and track Active Directory account activity to prevent malicious users from causing a data breach.
List All Active Directory Users with PowerShell
Run the following script changing the export path:
$ExportPath = 'c:\adusers_list.csv’
Get-ADUser -Filter * | Select-object DistinguishedName,Name,UserPrincipalName | Export-Csv -NoType $ExportPath
This PowerShell script does the following:
- Creates a variable “$ExportPath” and sets its value to the file path “c:\adusers_list.csv”.
- Uses the “Get-ADUser” cmdlet to retrieve all AD user accounts.
- Select the properties “DistinguishedName”, “Name”, and “UserPrincipalName” of each user.
- Exports the selected properties to a CSV file using the “Export-Csv” cmdlet, with the “-NoType” switch to exclude the type information in the file.
- The final file will be saved at the specified path in the “$ExportPath” variable.
Open the CSV file generated from the script in Excel to see the results:
