AdFind is a Windows command line Active Directory query tool. It is a mixture of ldapsearch, search.vbs, ldp, dsquery, and dsget tools with a ton of other cool features thrown in for good measure.
This post describes how I managed to export
- Last name (surname/sn)
- First name (givenName)
- Username (samaccountname)
from a Active Directory and save the result to a comma separated file (CSV)
adfind.exe -b ou=ActiveDirectory,dc=example,dc=com -f "objectClass=user" sn givenName samaccountname -nodn -adcsv > exported_users.csv
The result of this command is as follows
"Last name","First name","username"
This is a nicely formatted csv file that makes it easy to work with.
What values are available and can be searched for in a Active Directory?
If you are uncertain on the name of what you are looking for, then this line comes handy
adfind.exe -b ou=ActiveDirectory,dc=example,dc=com -s subtree |more
cn, sb,giveNnAME, distinguishedname, instanceType, whenCreated, whenChanged, displayName, uSNCreated, memberOf, uSNChanged, department, homeMTA, proxyAddresses, homeMBD, mDBUseDefaults, mailNickName, name, objectGUID, userAccountControl, badPwdCount, codePage, countryCode, homeDirectory, homeDrive, badPasswordTime, lastLogoff, lastLogon, logonHours, pwdLastSet, primaryGroupID, userParameters, profileParh, objectSid, accountExpires, logonCount, sAMAccountname, SamaccountType, showInAddressBook, msNPAllowDialoin, dSCorePropagationData, lastLogonTimestamp, textEncodeORAddress, mail, middleName, msExchaPoliciesExcluded, msExchHomeServerName, msExchALObjectVersion, msExchMailboxSecurityDescriptor, msExchUserAccountControl, msExchMailboxGuid
The values above are usually assosiated with a useraccount.