AdFind is a Windows command line Active Directory query tool. It is a mixture of ldapsearch, search.vbs, ldp, dsquery, and dsget tools with a ton of other cool features thrown in for good measure.
This post describes how I managed to export
- Last name (surname/sn)
- First name (givenName)
- Username (samaccountname)
from a Active Directory and save the result to a comma separated file (CSV)
adfind.exe -b ou=ActiveDirectory,dc=example,dc=com -f "objectClass=user" sn givenName samaccountname -nodn -adcsv > exported_users.csv
The result of this command is as follows
"Last name","First name","username"
This is a nicely formatted csv file that makes it easy to work with.
What values are available and can be searched for in a Active Directory?
If you are uncertain on the name of what you are looking for, then this line comes handy
adfind.exe -b ou=ActiveDirectory,dc=example,dc=com -s subtree |more
Remember to use the | more at the end of the line because this command lists a lot of Active Directory content.
The result of this command can contain some of the following values
cn, sb,giveNnAME, distinguishedname, instanceType, whenCreated, whenChanged, displayName, uSNCreated, memberOf, uSNChanged, department, homeMTA, proxyAddresses, homeMBD, mDBUseDefaults, mailNickName, name, objectGUID, userAccountControl, badPwdCount, codePage, countryCode, homeDirectory, homeDrive, badPasswordTime, lastLogoff, lastLogon, logonHours, pwdLastSet, primaryGroupID, userParameters, profileParh, objectSid, accountExpires, logonCount, sAMAccountname, SamaccountType, showInAddressBook, msNPAllowDialoin, dSCorePropagationData, lastLogonTimestamp, textEncodeORAddress, mail, middleName, msExchaPoliciesExcluded, msExchHomeServerName, msExchALObjectVersion, msExchMailboxSecurityDescriptor, msExchUserAccountControl, msExchMailboxGuid
The values above are usually assosiated with a useraccount.