How can I create a list of all User Accounts?

A. A. There a number of ways to produce a list of all user accounts in a domain (or accounts just on a machine):

  1. The best way is to use a utility shipped with the Resource Kit called ADDUSERS.EXE which is used to add users that have been detailed in a text file. This image can also be used to export the current users and groups into a comma separated file. What is a comma separated file? This is just a file that has comma's between fields and when read into a spreadsheet/database, the commas are detected, and the commas are replaced with a new field. The format is :
    addusers /d <file name>
    e.g. addusers /d johnslis.csf
    Note: Be very careful not to enter /e instead of /d, /e deletes all users and groups!
    This file can then be read into a spreadsheet/database (such as Excel) and you will need to specify that comma is the delimiter.
  2. A utility called USRSTAT.EXE is shipped with the NT Server Resource Kit, and this utility supplies information on all members of a given domain, including time/date of last login
    usrstat <domain>
    e.g. usrstat savilltech
  3. The Resource Kit utility SHOWMBRS.EXE will show all the users in a given group, so you could dump out the Domain Users group of a domain,
    showmbrs "<domain>\domain users"
    e.g. showmbrs "savilltech\domain users"
    You could add "> <file name>" to output to a file, e.g. showmbrs "savilltech\domain users" > allusers.list
  4. Finally if you don't have the resource kit (go and get it), you can use the NET command to show all users in a domain
    net user /domain
    Which will list all users in the current domain, again you can user > <file name> to output to a file. You could then get more information on each user this lists by entering
    net user <username> /domain
    e.g. net user savillj /domain
    You could easily write a perl script to automate this task.
  5. You could also use Windows Scripting Host which gives you the option of being able to be more flexible with the output. The code below just lists the full name
    set oDomain = GetObject("WinNT://SAVILLTECH")<br>
            WScript.echo "Domain : " +<br>
            for each oDomainItem in oDomain<br>
            &#160;if oDomainItem.Class = "User" then<br>
            &#160; WScript.echo "   Full Name=" + oDomainItem.FullName<br>
            &#160;end if<br>

It may be that none of these suit your exact needs, or you need to access the user list from within a program, you can use the NetUserEnum(), NetGroupEnum() and NetLocalGroupEnum() functions to get the required information. For each of these, the first argument is the computer name to perform the operation on, a null pointer will make it use the current system, or use NetGetDCName() to get the computer name of the Domain Controller. That's enough code for me, I'm starting to sweat :-)

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.