Whether you’re conducting an audit, preparing for a migration, or simply managing user inventory, exporting Active Directory user data to CSV is a common administrative task. Doing it manually is time-consuming and error-prone—but with PowerShell, it’s quick, repeatable, and customizable.
In this guide, you’ll learn how to export AD users to a CSV file using PowerShell, including filtering options, selecting custom attributes, and practical script ideas for real-world use cases.
Prerequisites
Before you begin, make sure:
- You’re running PowerShell as Administrator.
- You have the RSAT: Active Directory module installed (usually included on domain controllers or can be added via optional features).
- You’re authenticated with an account that has read access to Active Directory.
Basic Export Script
To export all users in your domain:
Get-ADUser -Filter * -Properties * |
Select-Object Name, SamAccountName, UserPrincipalName, Enabled, Department, Title |
Export-Csv -Path "C:\Exports\AllADUsers.csv" -NoTypeInformation -Encoding UTF8
What this does:
-Filter *: Gets all users.-Properties *: Loads all user attributes (you can specify just the ones you need).Select-Object: Chooses which columns appear in the CSV.Export-Csv: Outputs to a file.
Filtering by OU (Organizational Unit)
To export users from a specific OU:
Get-ADUser -Filter * -SearchBase "OU=Sales,DC=domain,DC=local" -Properties DisplayName, EmailAddress |
Select DisplayName, EmailAddress |
Export-Csv "C:\Exports\SalesUsers.csv" -NoTypeInformation
Use Case:
- Great for departmental reports or access reviews for specific teams.
Export Disabled Users Only
To find and export only disabled accounts:
Get-ADUser -Filter 'Enabled -eq $False' -Properties Name, SamAccountName |
Select Name, SamAccountName |
Export-Csv "C:\Exports\DisabledUsers.csv" -NoTypeInformation
Use Case:
- Ideal for auditing stale accounts or cleaning up the directory.
Export Users with Password Never Expires
Get-ADUser -Filter * -Properties PasswordNeverExpires |
Where-Object { $_.PasswordNeverExpires -eq $true } |
Select Name, SamAccountName |
Export-Csv "C:\Exports\NonExpiringPasswords.csv" -NoTypeInformation
Use Case:
- Useful for spotting potentially insecure user configurations.
Export Recently Created Users
$30DaysAgo = (Get-Date).AddDays(-30)
Get-ADUser -Filter * -Properties WhenCreated |
Where-Object { $_.WhenCreated -gt $30DaysAgo } |
Select Name, SamAccountName, WhenCreated |
Export-Csv "C:\Exports\NewUsers.csv" -NoTypeInformation
Use Case:
- Helps track onboarding trends or verify recent additions.
Export Group Memberships
To include group membership for each user:
Get-ADUser -Filter * -Properties MemberOf | ForEach-Object {
[PSCustomObject]@{
Name = $_.Name
SamAccountName = $_.SamAccountName
Groups = ($_.MemberOf | ForEach-Object {
($_ -split ',')[0] -replace '^CN='
}) -join '; '
}
} | Export-Csv "C:\Exports\UserGroupMemberships.csv" -NoTypeInformation
Use Case:
- Excellent for detailed access control reviews.
Best Practices
- Always sanitize output: Avoid exporting sensitive attributes unless necessary.
- Use descriptive filenames: Include context like OU or date.
- Automate exports: Combine with scheduled tasks for regular snapshots.
- Secure exported files: Treat user data as confidential.
Troubleshooting Tips
| Problem | Solution |
|---|---|
| Missing attributes | Use -Properties * to expose non-default fields |
| Blank export | Check your -Filter or -SearchBase syntax |
| Script errors | Run as admin and ensure AD module is loaded |
| Export fails | Check if the file path exists and is writable |
Conclusion
PowerShell gives system administrators powerful tools to report and export Active Directory user data with precision. Whether you’re building a one-off report or setting up recurring exports for audits, the flexibility of PowerShell scripting makes it easy to tailor the output to your exact needs.
By mastering these export techniques, you save time, reduce errors, and gain a clearer view of your AD environment—all with just a few lines of code.
