[fake_usa]

Could someone please tell me how to create a list of all the users on my Domain Controller which would include the description field.

I tried the net users command in a DOS window but this only list all the accounts (No Description Field)


Thanks,

Eric

This post has been edited by fake_usa: 16 May 2006 - 07:15 AM

[fake_usa]

I found an awesome FREEWARE utility to pull this info out of NT4 or AD.

http://www.systemtools.com/free.htm

Direct Link to Program.
http://www.systemtoo...ad/exporter.zip

I just wanted the USER info so I made a copy of the export.ini then editied the original export.ini file to look like this:

Quote

[Export]Verbose=1
VeryVerbose=0
ExportDomain=**************YOUR DOMAIN's Name***************
ExportTitles=1
Append=1
SkipUnix=1
ExportCmd=.\exporter.exe
Delimiter=
ExportUsers=1
ExportUserFile=c:\users.txt
ExportDomainUsers=1
ExportBDCUsers=0
ExportServerUsers=1

Run the exporter.exe from CMD then it will drop a USER.txt file to your c:

Open it up with excell you you get he following info.

DomainName
ServerType
ServerName
UserName
HomeDir
Comment
FullName
PwdAge
PwdLife
LastLogon
LastLogoff
NoChgPwd
NoExpirePwd
Disabled
LockOut
PwdNotReqd
PwdExpired
RAS
PrimaryGroup

Hope this helps anyone who would need this info.

Big Ups to SystemTools for the Freeware.

[Interface]

Hi,
This is my way ......

Copy this to WhatEverYouLike.vbs and double click. Remainng is its power.
For me it create a DomUinfo.txt file and your domain is on that file.......
You can challange this script ot import any feild on teh Active Directory Users and Computers seperalely.......
But you have to modify some lnels.......try it ......................

'********************************************************************
'*
'* File:			  DomainUinfo.vbs
'* Created:		September 2005
'* Version:		2k510.03
'*
'* ' Sample Script For Listing All The User Related Infomations In The Domain.   
'*
'*  Main Function:   Listing All The User Related Infomations In The Domain.									   
'*
'*  Syntax  Domain Name
'*
'* Copyright (C) 2005 N Nattiala
'*
'********************************************************************
' Description - This portion of the script will attach to the domain using the
' WinNt provider and filter out a list of every computer object's 
' name and write them to DomUinfo.txt. If the file already exists it will
' overwrite, otherwise it will  create the file.
'-------------------------------------------------
' Insert WARNING here...
Msgbox " This script will collect all the Computers,Domain User and Group related information and"_
			& vbcrlf & vbcrlf & " store in DOMUINFO.TXT. Please input your Domain name according to your environment" _
			& vbcrlf & vbcrlf & "							 Created and Completed By: N Nattiala. ",48,"WARNING"
		 


' Check for the existence of DomUinfo.txt.
' and open for Writing. 

Dim myComputer, objUser, objGroup 
Dim myDomain
Set fsoObject = WScript.CreateObject("Scripting.FileSystemObject")
If (fsoObject.FileExists("DomUinfo.txt")) Then
Set open_File = fsoObject.OpenTextFile("DomUinfo.txt", 2)
Else
Set open_File = fsoObject.OpenTextFile("DomUinfo.txt", 2, "True")
End If

' Get Domain Name
myDomain = Inputbox ("Please Enter Your Domain Name: "_
& vbcrlf & vbcrlf & "				  Take Care")

msgbox" Your Domain Name is :" &mydomain _
& vbcrlf & vbcrlf &"This is the LAST STAGE TO STOP MY SCRIPT",vbYesNo,"Warning"


' Attach to the domain and search for all
' computer objects. Dump the names into 
' DomUinfo.txt.

Set myComputer = GetObject ( "WinNT://"& mydomain )
myComputer.Filter = Array("computer")
For Each item in myComputer
open_File.Writeline (item.Name)
Next
myComputer.Filter = Array("user")
For Each objuser in myComputer
open_File.Writeline (",User Name," & objUser.Name & " ,Full Name," & objuser.fullname & " ,Description," & objuser.description )
Next
myComputer.Filter = Array("group")
For Each objGroup In myComputer
For Each objUser In objGroup.Members
open_File.Writeline (",Group, " & objGroup.Name & ",Member, " & objUser.Name)
Next
Next
' Closes the file
open_File.Close()

Believe The Force....

[Mr Snrub]

A quick note about LastLogon - I assume this is still the case, but I know for a fact that in a Windows 2000 AD a couple of years ago you had to query every DC for its version of the LastLogon field as it's not replicated and is per-authenticating-DC.

So if you only query DC1 and it says a user hasn't logged on since January you may be missing that they have been authenticating every day since then against DC2 and mistakenly assume them to be idle accounts.

We noticed this as the company I worked for used NDS which has a single replicated field for every user's last logon date so it didn't matter which server you ran the LDAP query against - but we wanted to achieve the same result in AD and found this little quirk.