As an administrator, it is essential to always be looking for any activity that deviates from normal as this could be indicative of an attack. Users with sufficient administrative rights can create any number of user accounts in Active Directory and these accounts can then be used to manipulate or steal sensitive data. It is, therefore, crucial to regularly monitor and track Active Directory account activity to prevent malicious users from causing a data breach.
Generating a list of user accounts can be done natively, by running PowerShell cmdlets but this can be complex and time-consuming and requires a good knowledge of PowerShell scripting. An alternative solution is to use the Lepide Auditor for Active Directory and run the All Users Report.
Let’s look at two ways to generate a list of user accounts created in Active Directory:
- Using a PowerShell script
- Using the Lepide Auditor for Active Directory
List All Active Directory Users with PowerShell
Run the following script changing the export path:
$ExportPath = ‘c:\adusers_list.csv’
Get-ADUser -Filter * | Select-object DistinguishedName,Name,UserPrincipalName | Export-Csv -NoType $ExportPath
This PowerShell script does the following:
- Creates a variable “$ExportPath” and sets its value to the file path “c:\adusers_list.csv”.
- Uses the “Get-ADUser” cmdlet to retrieve all AD user accounts.
- Select the properties “DistinguishedName”, “Name”, and “UserPrincipalName” of each user.
- Exports the selected properties to a CSV file using the “Export-Csv” cmdlet, with the “-NoType” switch to exclude the type information in the file.
- The final file will be saved at the specified path in the “$ExportPath” variable.
Open the CSV file generated from the script in Excel to see the results:
How to List AD Users using Lepide Auditor for Active Directory
An alternative, more straightforward, the solution to this native method is to use the All Users Report from the Lepide Auditor for Active Directory. This report lists all current Active Directory users:
- Click the User & Entity Behavior Analytics and select Active Directory Reports, Active Directory State Reports, All Users
- Click Generate Report
- The report can be sorted, filtered, grouped, saved, and exported