VBScript program to document all users in Active Directory. The program uses ADO to retrieve selected
attribute values for all users. The program demonstrates how to handle single-valued string attributes,
multi-valued string attributes, Integer8 values representing dates, and the userAccountControl
flag attribute.
The program outputs one line per user. The values are comma delimited and enclosed in quotes. As with
most administrative scripts, it should be run at a command prompt with the cscript host. The output
should be redirected to a text file, which can be easily read by a spreadsheet program. For example,
the following command at a command prompt produces the file DomainUsers.csv:
cscript //nologo DocumentUsers.vbs > DomainUsers.csv
This assumes you have navigated to the folder where the file DocumentUsers.vbs is saved. Otherwise you
must specify the full path and file name. The file DomainUsers.csv is created in the same folder.
The program documents the following attributes of the user objects:
| distinguishedName | Distinguished Name of user |
| sAMAccountName | NT name of user (pre-Windows 2000 logon name), also called User ID or User Name |
| givenName | First Name |
| sn | Last Name (surname) |
| description | A multi-valued attribute, although there is never more than one value |
| userAccountControl | User flags are determined by testing bits with a bit mask |
| pwdLastSet | Integer8 (64-bit) value representing the date/time when the password was last set (in UTC) |
| telephoneNumber | Single-valued string attribute |
| otherTelephone | Multi-valued string attribute |
The program can be easily modified to document other attributes.
DocumentUsers.txt <<-- Click here to view or download the program
A PowerShell
script with the same functionality is linked below:
PSDocumentUsers.txt <<-- Click here to view or download the program