Get-ADUser PowerShell to List All Active Directory Users

Quick Answer: To list all Active Directory users, run: Get-ADUser -Filter * — this retrieves every user account in your domain.

Prerequisites

Before running the Get-ADUser cmdlet, ensure you have:

RSAT (Remote Server Administration Tools) installed
Active Directory module imported (Import-Module ActiveDirectory)
Appropriate domain permissions to query AD
PowerShell 3.0 or later (Windows Server 2008 R2 SP1 and later)

How to List All Active Directory Users with PowerShell

Run the following script changing the export path:

$ExportPath = 'c:\adusers_list.csv’
Get-ADUser -Filter * | Select-object DistinguishedName,Name,UserPrincipalName | Export-Csv -NoType $ExportPath

This PowerShell script does the following:

Creates a variable “$ExportPath” and sets its value to the file path “c:\adusers_list.csv”.
Uses the “Get-ADUser” cmdlet to retrieve all AD user accounts.
Select the properties “DistinguishedName”, “Name”, and “UserPrincipalName” of each user.
Exports the selected properties to a CSV file using the “Export-Csv” cmdlet, with the “-NoType” switch to exclude the type information in the file.
The final file will be saved at the specified path in the “$ExportPath” variable.

Open the CSV file generated from the script in Excel to see the results:

Get-ADUser PowerShell Command

Common Get-ADUser Parameters

Parameter	Description	Example
-Filter	Specifies a query to filter AD objects	Get-ADUser -Filter {Enabled -eq $true}
-SearchBase	Defines the AD path to search	Get-ADUser -Filter * -SearchBase “OU=Sales,DC=domain,DC=com”
-Properties	Retrieves additional user attributes	Get-ADUser -Filter * -Properties EmailAddress,LastLogonDate
-SearchScope	Sets search depth (Base, OneLevel, Subtree)	Get-ADUser -Filter * -SearchScope OneLevel

Common Variations

Use Case	Example
List only enabled users	Get-ADUser -Filter {Enabled -eq $true}
List only disabled users	Get-ADUser -Filter {Enabled -eq $false}
Filter users by OU	Get-ADUser -Filter * -SearchBase “OU=Marketing,DC=domain,DC=com”
Retrieve additional properties (email, last logon)	Get-ADUser -Filter * -Properties EmailAddress,LastLogonDate \| Select-Object Name,EmailAddress,LastLogonDate
Export to CSV with additional properties	Get-ADUser -Filter * -Properties EmailAddress \| Select-Object Name,EmailAddress \| Export-Csv -NoType “c:\users.csv”

How Lepide Change Reporter for Active Directory (Free Tool) Helps

An alternative, more straightforward solution to the native method is to use Lepide Change Reporter for Active Directory, a free tool that lists all current Active Directory users.. All AD users report

Frequently Asked Questions

What module is required for Get-ADUser?

The ActiveDirectory module, included with RSAT, is required. Import it using Import-Module ActiveDirectory.

How do I export AD users to CSV?

Pipe Get-ADUser output to Export-Csv: Get-ADUser -Filter * | Export-Csv -NoType "c:users.csv

What permissions are needed to run Get-ADUser?

Standard domain user accounts can run Get-ADUser for basic queries; elevated permissions may be needed for certain attributes.

Which Windows Server versions support Get-ADUser?

Get-ADUser is supported on Windows Server 2008 R2 and later, and Windows 7/8/10/11 with RSAT installed.

Why Monitor Active Directory Users?

As an administrator, it is essential to always be looking for any activity that deviates from normal as this could be indicative of an attack. Users with sufficient administrative rights can create any number of user accounts in Active Directory and these accounts can then be used to manipulate or steal sensitive data. It is, therefore, crucial to regularly monitor and track Active Directory account activity to prevent malicious users from causing a data breach.

Related Articles

In This Article

List All Active Directory Users with PowerShell How Lepide Free Tool Helps FAQs Why Monitor Active Directory Users?

List Active Directory Users with Lepide Change Reporter (Free Tool).

Fill in the rest of the form to
download the free tool