Jim Guckin

Question:

We are looking at a couple different software packages for several processes in my company, though a lot of vendors are charging by active AD accounts.  Is there a way to just find all enabled active directory accounts, without having to goto all OU’s and count them.

Answer:

I have been there many times, and I know that sorting through that information can be a headache.  You are lucky there is a command line way to find out the enabled users in Active directory.  Depending on how long your been the admin of the servers it might have been a command that you’ve used before.

Export to a Text File
DSQuery * -Filter “(&(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))” -Attr samAccountName -Limit 0 >EnabledAccount.txt

Export to a CSV
DSQuery * -Filter “(&(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))” -Attr samAccountName -Limit 0 >EnabledAccount.csv

You can change the EnabledAccount.csv(or .txt) to whatever you want.  You want to remember that whatever directory you are in when in the command prompt, is where the file where be stored.  (Note: Most of the time it’ll be C:\Documents and Settings\%UserAccount%\EnabledAccount.csv – where C: is your hard drive and %useraccount% is the user your currently logged on with.)

——————————————————————————————–
If  you have any questions that you want Jim to answer, from business servers to home computers, drop him a line at me@jimguckin.com, and he’ll try to answer your question.  Check back every Monday for a new Question and Answer session, and check back Wednesday and Friday for other technical insights.