Script to find users that were created after a certain date

2017-12-11T16:06:49+00:00 October 24th, 2011|Azure, Cloud|

We had a request come through which asked us to get all the users that were created after a certain date.

A good tool for this is the ADFind.exe which can be obtained from here:

http://www.joeware.net/freetools/tools/adfind/index.htm

Download and extract it to a folder, open a administrative command prompt, browse to the location that you extracted the file to and type in adfind.exe and press enter for basic help with the command.

After downloading and extracting the file I started to build my query by getting the first name and surname all of the users in a certain OU:

adfind -b ou="OU Name",DC=domain,DC=local -f "&(objectclass=user)" givenName sn

I then put in the date object that would only fetch out the users that were created after the 1st of March 2011:

adfind -b ou="OU Name",DC=domain,DC=local -f "&(objectclass=user)(whenCreated>=20110301000000.0Z)" givenName sn

You can simply change the date to what ever you need or change the greater than operand to less than. All we need do then is put it into a more readable format by exporting it to a csv which can be done running the following command:

adfind -csv -b ou="OU Name",DC=domain,DC=local -f "&(objectclass=user)(whenCreated>=20110301000000.0Z)" givenName sn >> file.csv

You can use any of the AD attributes to export, below is a quick run down of some of the ones that I have used, they are case sensitive:

mail = Primary Email Address

msRTCSIP-PrimaryUserAddress = Instant Messaging address (OCS or Lync)

ProxyAddresses = Any additional email addresses

In order to add an attribute to export for a user just add them to the end of the line before the >> with a space. For example an export of a users first name, surname and email address would look like this:

adfind -csv -b ou="OU Name",DC=domain,DC=local -f "&(objectclass=user)(whenCreated>=20110301000000.0Z)" givenName sn mail >> file.csv

Cheers

Paul