Categories: Windows Server

SOLVED: Simple PowerShell To List All Active Users in ActiveDirectory & When They Last Logged On

It’s not uncommon to find poorly kept active directories. The more administrators there are and the more time that has elapsed it is common to find very poor active directory hygiene. One thing that a lot of administrators like to do is leave old accounts as disabled, scattered throughout the entire active directory. This makes auditing difficult.

Here we provide two easy to understand and modify scripts administrators can use to find all the details they need on their users.

Powershell Script to Display All Active Users

Get-ADUser -Filter {Enabled -eq $true -and ObjectClass -eq "user"} -Properties Name, GivenName, Name, Mail, Title, LastLogonDate, WhenCreated, LogonCount |
Format-Table Name, GivenName, Name, Title, Mail, LastLogonDate, WhenCreated, LogonCount -AutoSize

Powershell Script to Display All Disabled Users

Get-ADUser -Filter {Enabled -eq $false -and ObjectClass -eq "user"} -Properties Name, GivenName, Name, Mail, Title, LastLogonDate, WhenCreated, LogonCount |
Format-Table Name, GivenName, Name, Title, Mail, LastLogonDate, WhenCreated, LogonCount -AutoSize

How To Add Other Fields To the Output

It’s straightforward to remove columns from this script but a little more challenging to know what fields to add. In particular you probably don’t know the attribute names that you’re looking for. Fortunately they are is easily displayed:

  1. Open ACTIVE DIRECTORY USERS AND COMPUTER
  2. Click VIEW > ADVANCED OPTIONS
  3. Double click on ANY user
  4. Select the ATTRIBUTE EDITOR tab

The ATTRIBUTE column displays the name of all the attributes users have in Active Directory.

To make this easier to sort through you might want to click the FILTER button and select SHOW ONLY ATTRIBUTES THAT HAVE VALUES


Published by
Ian Matthews

This website uses cookies.