' ExportADUsers.vbs ' Sample VBScript to Find and Export AD users into CSV file . ' Author: http://www.morgantechspace.com/ ' ------------------------------------------------------' Option Explicit ' Initialize required constants. Const ADS_UF_ACCOUNTDISABLE = 2 Const ForWriting = 2 ' Initialize required variables. Dim adoCommand, adoConnection Dim varBaseDN, varFilter, varAttributes Dim objRootDSE, varDNSDomain, strQuery, adoRecordset Dim objFSO, objCSVFileUsers, objCSVFileUsersGroupMemberships, objCSVFileGroupsGroupMemberships Dim objShell, lngBiasKey, lngBias Dim aValue, d, m, y Function WhatEver(num) If(Len(num)=1) Then WhatEver="0"&num Else WhatEver=num End If End Function Function myDateFormat(myDate) d = WhatEver(Day(myDate)) m = WhatEver(Month(myDate)) y = Year(myDate) myDateFormat = d & "-" & m & "-" & y End Function Function TwoDigits(t) TwoDigits = Right("00" & t,2) End Function Function ConvertDate(aField) Dim lngHigh, lngLow On Error Resume Next ConvertDate = "" If IsEmpty(aField.Value) Then lngHigh = 0 lngLow = 0 ElseIf IsNull(aField.Value) Then lngHigh = 0 lngLow = 0 Else lngHigh = aField.Value.HighPart lngLow = aField.Value.LowPart End If If (lngLow < 0) Then lngHigh = lngHigh + 1 End If If (lngHigh = 0) And (lngLow = 0) Then ConvertDate = "" 'This should be never Else ConvertDate = myDateFormat(#1/1/1601# + (((lngHigh * (2 ^ 32)) + lngLow)/600000000 - lngBias)/1440) End If End Function Function EnabledAccount(aField) IF aField.Value AND ADS_UF_ACCOUNTDISABLE Then objCSVFileUsers.Write "Disabled" Else objCSVFileUsers.Write "Enabled" End If End Function ' Obtain local Time Zone bias from machine registry. ' This bias changes with Daylight Savings Time. Set objShell = CreateObject("Wscript.Shell") lngBiasKey = objShell.RegRead("HKLM\System\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias") If (UCase(TypeName(lngBiasKey)) = "LONG") Then lngBias = lngBiasKey ElseIf (UCase(TypeName(lngBiasKey)) = "VARIANT()") Then lngBias = 0 For k = 0 To UBound(lngBiasKey) lngBias = lngBias + (lngBiasKey(k) * 256^k) Next End If ' Setup ADO objects. Set adoCommand = CreateObject("ADODB.Command") Set adoConnection = CreateObject("ADODB.Connection") adoConnection.Provider = "ADsDSOObject" adoConnection.Open "Active Directory Provider" Set adoCommand.ActiveConnection = adoConnection ' Search entire Active Directory domain. ' varBaseDN is Domain DN, you can give your own OU DN instead of getting from "defaultNamingContext" ' like varBaseDN = "" Set objRootDSE = GetObject("LDAP://RootDSE") varDNSDomain = objRootDSE.Get("defaultNamingContext") varBaseDN = "" '------------------------------------------------------------ Query all Users and their GroupMembership --------------------------------------------------' varFilter = "(&(objectCategory=person)(objectClass=user))" ' Comma delimited list of attribute values to retrieve. varAttributes = "name,sAMAccountName,distinguishedname,mail,createTimeStamp,accountExpires,pwdLastSet,lastLogon,lastLogonTimeStamp,logonCount,CN,UserAccountControl,primaryGroupID,description,memberOf" ' Construct the LDAP syntax query. strQuery = varBaseDN & ";" & varFilter & ";" & varAttributes & ";subtree" adoCommand.CommandText = strQuery adoCommand.Properties("Page Size") = 1000 adoCommand.Properties("Timeout") = 300 adoCommand.Properties("Cache Results") = False ' Run the query. Set adoRecordset = adoCommand.Execute ' Create CSV files Set objFSO = CreateObject("Scripting.FileSystemObject") Set objCSVFileUsers = objFSO.CreateTextFile("ADUsers.csv", ForWriting, True) Set objCSVFileUsersGroupMemberships = objFSO.CreateTextFile("ADUsersGroupMemberships.csv", ForWriting, True) ' Write selected AD Attributes as CSV columns(first line) objCSVFileUsers.Writeline Replace(varAttributes, ",", ";") objCSVFileUsersGroupMemberships.Writeline ("UserDN;GroupDN") ' Enumerate the resulting recordset. Do Until adoRecordset.EOF ' Retrieve values and write into CSV file. objCSVFileUsers.Write adoRecordset.Fields("name").Value & ";" objCSVFileUsers.Write adoRecordset.Fields("samaccountname").Value & ";" objCSVFileUsers.Write adoRecordset.Fields("distinguishedname").Value & ";" objCSVFileUsers.Write adoRecordset.Fields("mail").Value & ";" objCSVFileUsers.Write myDateFormat(adoRecordset.Fields("createTimeStamp")) & ";" objCSVFileUsers.Write ConvertDate(adoRecordset.Fields("accountExpires")) & ";" objCSVFileUsers.Write ConvertDate(adoRecordset.Fields("pwdLastSet")) & ";" objCSVFileUsers.Write ConvertDate(adoRecordset.Fields("lastLogon")) & ";" objCSVFileUsers.Write ConvertDate(adoRecordset.Fields("lastLogonTimeStamp")) & ";" objCSVFileUsers.Write adoRecordset.Fields("logonCount").Value & ";" objCSVFileUsers.Write adoRecordset.Fields("cn").Value & ";" objCSVFileUsers.Write EnabledAccount(adoRecordset.Fields("UserAccountControl")) & ";" objCSVFileUsers.Write adoRecordset.Fields("primaryGroupID").Value & ";" If IsArray(adoRecordset.Fields("description").Value) Then objCSVFileUsers.Write Chr(34) For Each aValue In adoRecordset.Fields("description").Value objCSVFileUsers.Write aValue Next objCSVFileUsers.Write Chr(34) Else objCSVFileUsers.Write Chr(34) & adoRecordset.Fields("description").Value & Chr(34) End IF objCSVFileUsers.Writeline If IsArray(adoRecordset.Fields("memberOf").Value) Then For Each aValue In adoRecordset.Fields("memberOf").Value objCSVFileUsersGroupMemberships.Writeline adoRecordset.Fields("distinguishedname").Value & ";" & aValue Next End IF adoRecordset.MoveNext Loop objCSVFileUsers.Close objCSVFileUsersGroupMemberships.Close adoRecordset.Close '------------------------------------------------------------ Query all AD-Objects and their GroupMembership --------------------------------------------------' varFilter = "(&(objectClass=group))" varAttributes = "distinguishedname,primaryGroupToken,memberOf" ' Construct the LDAP syntax query. strQuery = varBaseDN & ";" & varFilter & ";" & varAttributes & ";subtree" adoCommand.CommandText = strQuery adoCommand.Properties("Page Size") = 1000 adoCommand.Properties("Timeout") = 300 adoCommand.Properties("Cache Results") = False ' Run the query. Set adoRecordset = adoCommand.Execute ' Create CSV files Set objCSVFileGroupsGroupMemberships = objFSO.CreateTextFile("ADGroupsGroupMemberships.csv", ForWriting, True) ' Write selected AD Attributes as CSV columns(first line) objCSVFileGroupsGroupMemberships.Writeline ("GroupDN;primaryGroupToken;MemberOf") ' Retrieve values and write into CSV file. On Error Resume Next Do Until adoRecordset.EOF If adoRecordset.Fields("distinguishedname").Value <> "" Then objCSVFileGroupsGroupMemberships.Writeline adoRecordset.Fields("distinguishedname").Value & ";" & adoRecordset.Fields("primaryGroupToken").Value & ";" & adoRecordset.Fields("distinguishedname").Value If IsArray(adoRecordset.Fields("memberOf").Value) Then For Each aValue In adoRecordset.Fields("memberOf").Value objCSVFileGroupsGroupMemberships.Writeline adoRecordset.Fields("distinguishedname").Value & ";" & adoRecordset.Fields("primaryGroupToken").Value & ";" & aValue Next End If End If adoRecordset.MoveNext Loop objCSVFileGroupsGroupMemberships.Close ' close ado connections. adoRecordset.Close adoConnection.Close ' Active Directory User properties are exported Successfully as CSV File wscript.echo "All required user object data is exported."