突然要取得AD中所有域用户并且制作成列表,因为不可避免地多次要用到,所以这里写下来以备忘。
方法一(该方法会列出所有用户不管是启用的还是禁用的)
- 用管理员登录任意一台域控(DC),运行Windows PowerShell,在PowerShell下运行命令:
Get-WmiObject -Class Win32_UserAccount >C:\userList.txt
注意其后的C:\userList.txt指明了我通过输出重定向把取得用户信息输出到了C:\userList.txt这个文件里,你可以根据实际情况变更它。
-
打开C:\userList.txt文件,把里面的内容复制出来,打开一个Excel的空白工作簿,把这个内容粘贴到Sheet1的A列里如图:
取得的内容粘贴到EXCEL里的Sheet1里的A列里 -
点击EXCEL里底部Sheet1右边的+号按钮,新建一个新工作表Sheet2如图:
新建工作表Sheet2 - 在EXCEL界面按ALT+F11打开VBA环境,依次点击菜单插入Insert、模块Module,此时将插入一个新的模块名为Module1,选中它,然后在右边空白环境里粘贴下面代码:
'A format converter for AD user information
'By Darwin Zuo (darwin.zuo@163.com)
'2019-08-29
Sub ADUserFormConvert()
rowInSheet2 = 1
rowInSheet1 = 0
blankCounting = 0
Sheets("Sheet2").Cells(1, 1) = "Account Type"
Sheets("Sheet2").Cells(1, 2) = "Caption"
Sheets("Sheet2").Cells(1, 3) = "Domain"
Sheets("Sheet2").Cells(1, 4) = "SID"
Sheets("Sheet2").Cells(1, 5) = "Full Name"
Sheets("Sheet2").Cells(1, 6) = "Name"
Do While blankCounting < 5
rowInSheet1 = rowInSheet1 + 1
cv = Sheets("sheet1").Cells(rowInSheet1, 1).Value
If Len(cv) > 0 Then
blankCounting = 0
hdr4 = Left(cv, 4)
If hdr4 = "Acco" Then
rowInSheet2 = rowInSheet2 + 1
Sheets("sheet2").Cells(rowInSheet2, 1) = Right(cv, Len(cv) - 14)
ElseIf hdr4 = "Capt" Then
Sheets("sheet2").Cells(rowInSheet2, 2) = Right(cv, Len(cv) - 14)
ElseIf hdr4 = "Doma" Then
Sheets("sheet2").Cells(rowInSheet2, 3) = Right(cv, Len(cv) - 14)
ElseIf hdr4 = "SID " Then
Sheets("sheet2").Cells(rowInSheet2, 4) = Right(cv, Len(cv) - 14)
ElseIf hdr4 = "Full" Then
Sheets("sheet2").Cells(rowInSheet2, 5) = Right(cv, Len(cv) - 14)
ElseIf hdr4 = "Name" Then
Sheets("sheet2").Cells(rowInSheet2, 6) = Right(cv, Len(cv) - 14)
End If
Else
blankCounting = blankCounting + 1
End If
Loop
MsgBox "Done."
End Sub
粘贴好代码的界面
-
按F5运行代码,如果显示下面的信息那么信息已经转换好了,关掉VBA环境切换到Sheet2查看结果即可:
运行成功会显示这个窗口
对于大多数情况下,操作到此为止了,得到的数据如下图:
最终得到的数据
方法二(可以选择是列出所有用户、仅启用用户、仅禁用用户)
- 用管理员登录任意一台域控(DC),运行Windows PowerShell,根据需要在PowerShell下执行下面三个中的某个命令:
#这是只列出启用的用户的版本
Get-ADUser -Filter {Enabled -eq "True"} >C:\userList.txt
#这是只列出被禁用的用户的版本
Get-ADUser -Filter {Enabled -eq "False"} >C:\userList.txt
#这是列出所有用户的版本
Get-ADUser -Filter {ObjectClass -eq "user"} >C:\userList.txt
注意其后的C:\userList.txt指明了我通过输出重定向把取得用户信息输出到了C:\userList.txt这个文件里,你可以根据实际情况变更它。
-
打开C:\userList.txt文件,把里面的内容复制出来,打开一个Excel的空白工作簿,把这个内容粘贴到Sheet1的A列里如图:
取得的内容粘贴到EXCEL里的Sheet1里的A列里 -
点击EXCEL里底部Sheet1右边的+号按钮,新建一个新工作表Sheet2如图:
新建工作表Sheet2 在EXCEL界面按ALT+F11打开VBA环境,依次点击菜单插入Insert、模块Module,此时将插入一个新的模块名为Module1,选中它,然后在右边空白环境里粘贴下面代码:
'A format converter for AD user information
'By Darwin Zuo (darwin.zuo@163.com)
'2019-09-30
Sub ADUserFormConvert()
rowInSheet2 = 1
rowInSheet1 = 0
blankCounting = 0
Sheets("Sheet2").Cells(1, 1) = "DistinguishedName"
Sheets("Sheet2").Cells(1, 2) = "Enabled"
Sheets("Sheet2").Cells(1, 3) = "GivenName"
Sheets("Sheet2").Cells(1, 4) = "Name"
Sheets("Sheet2").Cells(1, 5) = "ObjectClass"
Sheets("Sheet2").Cells(1, 6) = "ObjectGUID"
Sheets("Sheet2").Cells(1, 7) = "SamAccountName"
Sheets("Sheet2").Cells(1, 8) = "SID"
Sheets("Sheet2").Cells(1, 9) = "Surname"
Sheets("Sheet2").Cells(1, 10) = "UserPrincipalName"
Do While blankCounting < 5
rowInSheet1 = rowInSheet1 + 1
cv = Sheets("sheet1").Cells(rowInSheet1, 1).Value
If Len(cv) > 0 Then
blankCounting = 0
hdr4 = Left(cv, 4)
If hdr4 = "Dist" Then
rowInSheet2 = rowInSheet2 + 1
Sheets("sheet2").Cells(rowInSheet2, 1) = Right(cv, Len(cv) - 20)
ElseIf hdr4 = "Enab" Then
Sheets("sheet2").Cells(rowInSheet2, 2) = Right(cv, Len(cv) - 20)
ElseIf hdr4 = "Give" Then
Sheets("sheet2").Cells(rowInSheet2, 3) = Right(cv, Len(cv) - 20)
ElseIf hdr4 = "Name" Then
Sheets("sheet2").Cells(rowInSheet2, 4) = Right(cv, Len(cv) - 20)
ElseIf hdr4 = "Obje" Then
If Left(cv, 7) = "ObjectC" Then
Sheets("sheet2").Cells(rowInSheet2, 5) = Right(cv, Len(cv) - 20)
Else
Sheets("sheet2").Cells(rowInSheet2, 6) = Right(cv, Len(cv) - 20)
End If
ElseIf hdr4 = "SamA" Then
Sheets("sheet2").Cells(rowInSheet2, 7) = Right(cv, Len(cv) - 20)
ElseIf hdr4 = "SID " Then
Sheets("sheet2").Cells(rowInSheet2, 8) = Right(cv, Len(cv) - 20)
ElseIf hdr4 = "Surn" Then
Sheets("sheet2").Cells(rowInSheet2, 9) = Right(cv, Len(cv) - 20)
ElseIf hdr4 = "User" Then
Sheets("sheet2").Cells(rowInSheet2, 10) = Right(cv, Len(cv) - 20)
End If
Else
blankCounting = blankCounting + 1
End If
Loop
MsgBox "Done."
End Sub
粘贴好代码的界面
-
按F5运行代码,如果显示下面的信息那么信息已经转换好了,关掉VBA环境切换到Sheet2查看结果即可:
运行成功会显示这个窗口
对于大多数情况下,操作到此为止了,表格已经在Sheet2里整理好了。
注意:
- 有可能上面提到的最后一步会提示由于安全原因等等导致代码不能执行,那么不要紧,在VBA环境下点击保存按钮,在弹出的另存为对话框中选择另存为类型为启用宏的工作簿Excel Macro-Enabled Workbook,然后保存。
-
打开刚刚保存的工作簿,此时系统可能有个安全提示,点击开启内容Enable Content如下图:
开启宏才能使用刚才建立的代码 -
按ALT+F8,在列表中选择ADUserFormConvert然后点击运行Run,那么一样会得到第5步的结果。
选中宏然后点运行
方法三 最近结合上面两个方法写了个脚本,算上面两个方法结合的完美版
将下面的代码复制到记事本里并另存为.ps1文件(PoweShell脚本文件),然后运行它根据提示操作即可。
如果脚本没有被修改的话,最终生成的结果保存在当前用户的临时文件夹里,运行完毕后会自动打开该文件夹,找到名为userList.csv的文件即是最终生成的结果。
$saveto = $env:temp + "\userlist.csv"
cls
Write-Host "Easy tool to get the AD user information by darwin.zuo@163.com, 2022"
Write-Host "左东华(darwin.zuo@163.com)于2022年制作的用于取得活动目录用户的小工具"
Write-Host
Write-Host "The simplified version data format can be gotten from any of the PC in AD; the script must be run on DC the AD for detailed version."
Write-Host "精简版可以运行在活动目录中的任何一台电脑上;详尽版数据的取得必须将本脚本在域控上运行。"
Write-Host "Please choose the data format/请选择数据格式:"
Write-Host "1. Simplified version / 精简版"
Write-Host "2. Detailed version / 详尽版"
Write-Host "3. Quit / 退出"
Write-Host
$ver = Read-Host "Choice / 选择"
if ($ver -eq 1)
{
$userList = Get-WmiObject -Class Win32_UserAccount
$userList
$userList | select AccountType, Caption, Domain, SID, FullName, Name | Export-Csv -NoTypeInformation $saveto
}
elseif ($ver -eq 2)
{
$userList = Get-ADUser -Filter {ObjectClass -eq "user"}
$userList
$userList | select DistinguishedName,Enabled,GivenName,Name,ObjectClass,ObjectGUID,SamAccountName,SID,Surname,UserPrincipalName | Export-Csv -NoTypeInformation $saveto
}
else
{
Write-Host "Canceled / 已取消"
Exit
}
Write-Host
Write-Host "The data already output to following file if there is no error occurred / 如果没有错误的话,数据已经输出到如下文件:"
Write-Host
Write-Host $saveto
Write-Host
Write-Host
Start $env:temp
达叔傻乐(darwin.zuo@163.com)
