2

I want to retrieve, in a CSV file, all AD users. But every time I run my script the CSV file has a different amount of users.

I know there are up to 4000 users... but retrieved sometimes 500 to 600 results.

I noticed in my CSV file, at the last row something like

"Person Name", "person.name@email.com","person.name","CN=somewhere,OU=USERS,OU=THERE,OU=HERE,OU=SOMEPLACE,OU=ORG,DC= (here is the part where it breaks)

I noticed, always in the final row, the result is break. Is there a limit to my CSV file?

I can't figure out, what is happenning.

$path = ".\Users.csv"

$root = [adsi]''
$searcher = New-Object System.DirectoryServices.DirectorySearcher($root)
$searcher.Filter = "(&(objectClass=user))"
$searcher.PageSize = 5000 #iknow the max is 1000, but when i do it, and count my result, its show up 4000+
$searcher.SizeLimit = 5000


$cols = "cn", "mail", "samaccountname", "distinguishedname"
foreach ($i in $cols) {$searcher.PropertiesToLoad.Add($i)}

$users = $searcher.FindAll() |
  Select-Object @{e={$_.properties.cn};n='DisplayName'},
                @{e={$_.properties.mail};n='Email'},
                @{e={$_.properties.samaccountname};n='sAMAccountName'},
                @{e={$_.properties.distinguishedname};n='distinguishedname'}

$users | Export-Csv $path -Delimiter ";" -Encoding Default #now delimiting using ";" to do have problems with my string with commas
Bruno Gomes
  • 1,435
  • 1
  • 11
  • 14
  • If I count this variable $users, its show me 4192. – Bruno Gomes Jul 14 '15 at 19:27
  • Are you unable to use the Active Directory cmdlets? – Benjamin Hubbard Jul 14 '15 at 19:41
  • No. I started to use this methods because, I wasnt enable to retrieve all users in every OU... and the the Client AD is.a.mass. – Bruno Gomes Jul 14 '15 at 19:47
  • 1
    In a PowerShell console, run `Get-ADUser -Filter *` and see what gets spat out, pay special attention to the last item. It's possible there is bad data in your directory which is causing these tools break when they get there? Also try `Get-AdUser -Filter * | Measure-Object` so get a count of what that cmdlet is returning. – Windos Jul 14 '15 at 21:24
  • 2
    Also, do you have multiple domains/forests/trees? It's possible you're only searching one if that is the case. – Windos Jul 14 '15 at 21:25
  • 2
    [Maybe related](https://msdn.microsoft.com/en-US/library/ms180880%28v=vs.80%29.aspx). – Ansgar Wiechers Jul 14 '15 at 22:15
  • I set this properties both to 1000. But, my result in the last row is break. Thanks, i did not know abou SizeLimit! – Bruno Gomes Jul 15 '15 at 14:14
  • @Windos, Only one domain :0 – Bruno Gomes Jul 15 '15 at 14:38
  • @BenjaminHubbard - you mentioned using AD cmdlets. This is a question I have struggled with for some time now. Is there an advantage/disadvantage to using AD cmdlets vs System.DirectoryServices? I am trying to figure out what is best practice and most efficient for clients of mine. Thanks! – Murf Nov 23 '15 at 21:15
  • 1
    I put my answer in your question: http://stackoverflow.com/questions/33862471/should-i-use-the-active-directory-module-cmdlets-or-directoryservices-net-class/33882218#33882218 – Benjamin Hubbard Nov 23 '15 at 22:55

2 Answers2

3

Use the ActiveDirectory module cmdlets. So much easier. Looks something like this:

$path = ".\Users.csv"
Get-ADUser -Filter * | 
  Select-Object cn, mail, samaccountname, distinguishedname |
  Export-Csv -Path $Path

Depending on your version of PowerShell, you may need to manually import the module.

Import-Module ActiveDirectory
Benjamin Hubbard
  • 2,797
  • 22
  • 28
  • In this command you don't use where to start the search? Like "root", "base" or "subtree" ? That was my first approach... I will try and try! – Bruno Gomes Jul 14 '15 at 19:58
  • I tried this command, its the same problem. The last record is break... its the same thing I done, if we select samAccountName only... we get more records. If we do Select-Object *, I get less results... and the last record is break. Do you know any property that says "I WANT MOAR RESULTS IN THAT FILE"? – Bruno Gomes Jul 14 '15 at 20:13
  • 1
    This doesn't resolve the issue you're having, @BrunoGomes, but just for your first comment on this answer, you can target a specific OU with the `-SearchBase` parameter, e.g. `Get-ADUser -Filter * -SearchBase 'OU=staff,OU=users,DC=example,DC=com' | ...` – Windos Jul 14 '15 at 21:20
  • 1
    And if you don't specify a search base it'll just search everywhere. – Windos Jul 14 '15 at 21:21
  • I was thinking, if I can searcch by each OU, create a lot of csv, and them put everything togetter. :) – Bruno Gomes Jul 14 '15 at 23:29
  • I frequently pull thousands of records using Get-ADUser, so it's not a limitation on the cmdlet. You must have some bad data, like Windos suggested. – Benjamin Hubbard Jul 15 '15 at 14:49
  • @BenjaminHubbard, can you explain Bad Data? Because, mabe the problem is the "distinguishedname", this field is kind big... – Bruno Gomes Jul 15 '15 at 17:15
2

In my opinion if you want to massively export data from an AD you can use integrated tools like LDIFDE.EXE to use LDIF format, if you want to export to CSV format you can use CSVDE.EXE.

csvde -f exportfile.csv -d "DC=SILOGIX-ESS01,DC=local" -r "(&
(objectClass=user))" -l DisplayName,Email,sAMAccountName,distinguishedname

CSVDE.EXE is a native Microsoft tool.

JPBlanc
  • 70,406
  • 17
  • 130
  • 175
  • A tested this command. And i got the same problem, not all records come and the last record is break. But is a good way to retrieve itens. I think, the problem is how my file is. Its comma separeted, And the domain distinguishedname, is a string with a lot of commas. Maybe i export as a separete by ";".... lets see – Bruno Gomes Jul 15 '15 at 13:19
  • In my mind, CSVDE and LDIFDE were able to come accross the 1024 records limit. – JPBlanc Jul 15 '15 at 20:23
  • If you, use this command to show ALL fields, will it print evreything? – Bruno Gomes Jul 15 '15 at 20:27
  • 1
    As far as I know the answer is Yes. – JPBlanc Jul 15 '15 at 21:26