Active Directory Export Using PowerShell
If you're using Active Directory, we highly recommend that instead of pulling email addresses with the below method, that you integrate your Active Directory data with your KnowBe4 console. It is the easiest and most efficient way to maintain an updated user list within your console. To find out how to do this, view our Active Directory Integration manual, or check out our training video.
Otherwise, if you'd like to instead get a list of users which you can then import into your KnowBe4 console rather than automatically sync to Active Directory, you can use the below information to help you export your users from Active Directory using PowerShell.
After the scripts run correctly, a CSV file will be generated and saved in your current directory, and you can inspect the file to make sure the information is correct.
Once the CSV file is checked for accuracy, you can then upload it to the KnowBe4 console.
See more about importing users:
-Users and Groups Product Manual
-Adding/Importing Users
Export Emails Using PowerShell
If you already have PowerShell open in Administrator Mode, run the following command to import the ActiveDirectory Module.
Import-Module ActiveDirectory
Generate a CSV of all enabled users
The script below will generate a CSV of all enabled users. It will pull the email, first name, last name, and OU for all enabled users listed in Active Directory. Download a sample script here.
Get-ADUser -Properties * -Filter {Enabled -eq 'True'} | Select-Object @{Label = "Email";Expression = {$_.EmailAddress}}, @{Label = "First Name";Expression = {$_.GivenName}}, @{Label = "Last Name";Expression = {$_.Surname}}, @{Label = "Group";Expression = {($_.canonicalname -Split "/")[-2]}} | Export-Csv -Path users.csv -NoTypeInformation
Generate a CSV of all enabled users who are a member of a particular security group
This example returns a CSV of all enabled users that are a member of a security group named “ExampleSecurityGroup”. Download a sample script here.
Import-Module ActiveDirectory
Get-ADUser -Properties * -Filter {Enabled -eq 'True'} | Where-Object {($_.memberof -like "*ExampleSecurityGroup*")} | Select-Object @{Label = "Email";Expression = {$_.EmailAddress}}, @{Label = "First Name";Expression = {$_.GivenName}}, @{Label = "Last Name";Expression = {$_.Surname}}, @{Label = "Group";Expression = {($_.canonicalname -Split "/")[-2]}} | Export-Csv -Path users.csv -NoTypeInformation
Generate a CSV of all enabled users that are contained in the OU with a specific Distinguished Name
This example returns a CSV of all enabled users that are contained in the OU with Distinguished Name “OU=ExampleOU, DC=Domain, DC=com”. Download a sample script here.
Import-Module ActiveDirectory
Get-ADUser -Properties * -Filter {Enabled -eq 'True'} -SearchBase "OU=ExampleOU, DC=Domain, DC=com" | Select-Object @{Label = "Email";Expression = {$_.EmailAddress}}, @{Label = "First Name";Expression = {$_.GivenName}}, @{Label = "Last Name";Expression = {$_.Surname}}, @{Label = "Group";Expression = {($_.canonicalname -Split "/")[-2]}} | Export-Csv -Path users.csv -NoTypeInformation
Generate a CSV of all enabled users that are contained in a distribution group with a specific name
This example returns a CSV of all enabled users that are contained in a distribution group named “ExampleDistributionGroup” and child distribution groups. Download a sample script here.
Import-Module ActiveDirectory
$Obj = @()
ForEach ($Member in $Members)
{
$User = Get-ADUser -Filter {Name -eq $Member.name -and Enabled -eq 'True'} -Properties *
$GroupObj = New-Object PSObject
$GroupObj | Add-Member -MemberType NoteProperty -Name "Email" -Value $User.EmailAddress
$GroupObj | Add-Member -MemberType NoteProperty -Name "First Name" -Value $User.GivenName
$GroupObj | Add-Member -MemberType NoteProperty -Name "Last Name" -Value $User.Surname
$GroupObj | Add-Member -MemberType NoteProperty -Name "Group" -Value (($User.canonicalname -Split "/")[-2])
$Obj += $GroupObj
}
$Obj | Export-Csv users.csv -NoTypeInformation
Comments
0 comments
Article is closed for comments.