Audit Scripts: Get Active Directory Users

Active Directory is essential in organization but auditing is very essential to maintain AD health and security compliance.

The audit script is written to extract data with AD attributes as well as custom attributes (requires custom coding) such as Last Logon Days. All the dates are formatted with Timezone offset.

The script will output the result in csv file and you can analyze using spreadsheet software.

Active Directory Attributes:

Active Directory attributes included are:

adspath, displayname, sAMAccountName, givenName, SN, whenCreated, whenChanged, pwdLastSet, lastLogon, department, description, ipPhone, telephoneNumber, mail

Custom Attributes (requires coding) are:

LastLogonDays, LastPasswordSetDays. DC_Path, OU_Path



  1. Download Audit Scripts and Unzip

  2. Copy Audit Scripts into Server that can connect to ActiveDirectory

  3. Execute Audit script with ActiveDirectory Administrator account


  1. Edit Audit Script YLNotes__AD_Audit_GetAdUsers.cmd

  2. Under Configuration Input Section, enter LDAP Path

  3. Execute Audit Script YLNotes__AD_Audit_GetAdUsers.cmd

  4. The Audit Report is stored in AuditReports folder in csv file format

  5. Open csv file using Excel




Audit Scripts:

  1. YLNotes__AD_Audit_GetAdUsers.cmd
  2. YLNotes__AD_Audit_GetAdUsers_Engine.vbs


Updated: 17/09/2014 — 10:52 PM

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.