It’s important as an Active Directory administrator to know information about your directory users and how they are organized. Many directory values are either “true” or “false” or Boolean. Examples include whether a user or other object is enabled, whether a user is locked out, etc. There are too many to mention in the context of this post. Sometimes it’s helpful to group by these values so you can get an idea of how your directory is divided in what ways. Here we examine how to do this looking at the first example we listed above, an Active Directory disabled user report.
Find Active Directory Disabled Users in PowerShell
When you run the following script on your server, it will fetch users from your Active Directory and group them by whether they are enabled or not. It’s possible to use other attributes other than their enabled/disabled state. With a little bit of effort, you could export this to a CSV, HTML file, or send it in an email.
import-module activedirectory
$usrs = @(Get-AdUser -Properties cn, Name, Enabled -LDAPFilter "(&(objectCategory=person)(objectClass=user)(!isCriticalSystemObject=TRUE))")
$usrs | Group-Object Enabled | Select Count, Name
You might want to use a service account (“-Credential” on your PowerShell commands) to keep things more secure.
Collated User Reports in Web Active Directory’s PeopleAudit
Web Active Directory’s PeopleAudit allows you to run a report like this on demand or delegate it safely for others in your organization to run via their web browser. Users can filter and sort the results on the fly and with a single button press print the results or export to your clipboard, PDF, Excel, or CSV.
Also, these reports allow your users to drill into the results to get more details and to view the results graphically via pie or bar charts.
Safely and securely specify the service account to use to perform the reporting tasks. Customize the report to be run against specific or multiple domains.
Customize the report results, drill-down parameter, and filters without scripting or coding.
You can also schedule these reports to be delivered to you or others in your organization via emails that you can configure without scripting or coding.