Return All the Users in Your Domain

Our primary motivation in putting together this warehouse of scripts was to address issues raised by customers; you know, questions like How Do I List All the Users With an Account in a Particular Site? or How Do I Unassign an RBAC Role? So how many customers have asked the question How Can I List All the Users in My Domain, Grouped By Their OU? Well, to tell you the truth, none. However, we needed this script for a totally different purpose, and we hated to see it go to waste. With that in mind, consider this a free, no-obligation bonus script, one that grabs all your user accounts, sorts them by the OU in which the account is located, and then shows you the display name of each user and whether or not that user has been enabled for Microsoft Lync Server 2010:

$strFilter = "(objectCategory=organizationalUnit)"

$objDomain = New-Object System.DirectoryServices.DirectoryEntry

$objSearcher = New-Object System.DirectoryServices.DirectorySearcher

$objSearcher.SearchRoot = $objDomain

$objSearcher.PageSize = 1000

$objSearcher.Filter = $strFilter

$objSearcher.searchScope = "Subtree"

$colPropList = "DisplayName"

foreach($i in $colPropList)

    {[void] $objSearcher.PropertiesToLoad.Add($i)}

$colresults = $objSearcher.FindAll()

foreach($objResult in $colResults)

    {$x = $objResult.Properties.distinguishedname

     $objResult.Path

     Get-CsAdUser -OU "$x" | Select-Object DisplayName, CsEnabled}

As an added bonus to this bonus script, there’s not much you need to do in order to run the thing. Just:

1. Copy the code and paste it into a text editor.

2. Save the thing with a .ps1 file extension (e.g., C:\Scripts\Get-UsersByOU.ps1).

3. Run the script from within the Lync Server Management Shell:

C:\Scripts\Get-UsersByOU.ps1

Could anything be easier? We doubt it but we’ll let you know if we ever find anything.

As for the script itself, the code kicks off by searching Active Directory and bringing back a collection of all your OUs (objectCategory=organizationalUnit). One-by-one, the script then connects to each OU, using the Get-CsAdUser cmdlet and the –OU parameter to return the display name for all the users with accounts in that domain (and, as yet another bonus, also indicates whether those users have been enabled for Lync Server). That’s all it does. But, then again, that’s all it’s supposed to do.

So is this the most important script you’ll ever have in your scripting arsenal? Maybe yes, maybe no. But hey, you can’t beat the price, right?