Export AD User Properties to CSV

Question

I want to interrogate the client' AD to see which users are missing property values such as telephone number ahead of User Profile Sync in SharePoint 2013, the script works but now I need to add a little "magic" in order to create my csv file... I have added a comment below to indicate where I think this "magic" should go!

 # get Users and groups

 #Get the User from AD
 $domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
 $root = $domain.GetDirectoryEntry()
 $search = [System.DirectoryServices.DirectorySearcher]$root
 #$search.Filter = "(&(objectCategory=User)(samAccountName=$userName))"

 # get a list of the users but not the sp_ service accounts.
 $search.Filter = "(&(objectCategory=User) (!(name=SP_*)) )"
 $search.SearchScope ="subtree"

 # determine the properties we want back

 $colPropList = "name", "jobTitle", "telephoneNumber","mail", "department"   ,  "thumbnailPhoto"
 foreach ($i in $colPropList){$search.PropertiesToLoad.Add($i)}


 $result = $search.FindAll()




 if ($result -ne $null)
 {

    foreach ( $entry in $result )
    {

       # this works though I might have incorrect names for some of the properties
       $user = $entry.Properties;
       $user.name
       $user.department
       $user.jobTitle
       $user.telephoneNumber
       $user.mail
       $user.thumbnailPhoto


       *# !!!!!!This is where I need help!!!!!             
       # as my $user is effectively an object then I should be able to to use it to create a an object with Add-Member 
       # Do I breaker down the $user properties and create another object with name values ???* 

       foreach ($o in $user) 
       {
          Add-Member -InputObject $psObject -MemberType NoteProperty -Name $o -Value $o
       } 

} 


$psObject | Export-Csv c:\dev\aduserList.csv -NoTypeInformation

}

Answer 1

I'm not familiar with directorysearcher / adsi , but if you're migrating to SharePoint 2013 I'd guess you also have a computer with PowerShell. In that case you should use Microsofts ActiveDirectory module (installed on servers and through RSAT for clients) if you have a 2008 DC or 2003 with Active Directory Web Service.

You could also use Quest ADRoles Module .

PowerShell cmdlets are much easier to use for AD administration. You could then shorten down your script to one line(this is the ActiveDirectory module from Microsoft):

Get-ADUser -LDAPFilter "(!(name=SP_*))" -Properties Name, Title, OfficePhone, Mail, Department, thumbnailPhoto | Select-Object Name, Title, OfficePhone, Mail, Department, thumbnailPhoto | Export-Csv c:\dev\aduserList.csv -NoTypeInformation

I'm not sure if the thumbnailphoto part works as I haven't used that attribute before.

Answer 2

Something like this should work:

$search.FindAll() | select -Expand Properties |
  select @{n='name';e={$_.name}},
         @{n='department';e={$_.department}},
         @{n='jobTitle';e={$_.jobtitle}},
         @{n='telephoneNumber';e={$_.telephonenumber}},
         @{n='mail';e={$_.mail}},
         @{n='thumbnailPhoto';e={$_.thumbnailphoto}} |
  Export-Csv c:\dev\aduserList.csv -NoTypeInformation

Note that the properties used in the expression section of the calculated property ( @{n='name';e={expression}} ) must be lowercased:

@{n='thumbnailPhoto';e={$_.}}

Using the Get-ADUser cmdlet from the ActiveDirectory module as Frode F. suggested is a more convenient way to get the information you want, but it requires that the AD PowerShell module is installed on the computer where it's used, and that the AD Web Services are installed and running on a DC.