Last Update: Sep 30, 2024 | Published: Nov 07, 2022
This article will offer you a straightforward way to list Active Directory users with Active Directory Users and Computers (ADUC). I’ll show you how to do that using the graphical user interface (GUI) with the ADUC tool.
Check out how to list Active Directory Users with PowerShell on Petri if you would prefer to perform this action programmatically.
There are several methods you, as an IT pro, can use the Active Directory Users and Computers (ADUC) application to find all your user accounts in Active Directory. Let me first start with some simple searches to find user accounts.
One important aspect to keep in mind is the dizzying number of ‘UserAccountControl‘ types. Here is a table that shows all the available types.
Property flag | Value in hexadecimal | Value in decimal |
---|---|---|
SCRIPT | 0x0001 | 1 |
ACCOUNTDISABLE | 0x0002 | 2 |
HOMEDIR_REQUIRED | 0x0008 | 8 |
LOCKOUT | 0x0010 | 16 |
PASSWD_NOTREQD | 0x0020 | 32 |
PASSWD_CANT_CHANGE You can’t assign this permission by directly modifying the UserAccountControl attribute. For information about how to set the permission programmatically, see the Property flag descriptions section. | 0x0040 | 64 |
ENCRYPTED_TEXT_PWD_ALLOWED | 0x0080 | 128 |
TEMP_DUPLICATE_ACCOUNT | 0x0100 | 256 |
NORMAL_ACCOUNT | 0x0200 | 512 |
INTERDOMAIN_TRUST_ACCOUNT | 0x0800 | 2048 |
WORKSTATION_TRUST_ACCOUNT | 0x1000 | 4096 |
SERVER_TRUST_ACCOUNT | 0x2000 | 8192 |
DONT_EXPIRE_PASSWORD | 0x10000 | 65536 |
MNS_LOGON_ACCOUNT | 0x20000 | 131072 |
SMARTCARD_REQUIRED | 0x40000 | 262144 |
TRUSTED_FOR_DELEGATION | 0x80000 | 524288 |
NOT_DELEGATED | 0x100000 | 1048576 |
USE_DES_KEY_ONLY | 0x200000 | 2097152 |
DONT_REQ_PREAUTH | 0x400000 | 4194304 |
PASSWORD_EXPIRED | 0x800000 | 8388608 |
TRUSTED_TO_AUTH_FOR_DELEGATION | 0x1000000 | 16777216 |
PARTIAL_SECRETS_ACCOUNT | 0x04000000 | 67108864 |
As account attributes are modified, these values get assigned to the user account itself. You can use the adsiedit.msc snap-in if you want to view these. But, let’s do some searches now.
Next, let’s use the very helpful ‘Saved Queries‘ feature in ADUC:
There we go! We’ve now created an always-accessible query for active users in our Active Directory.
Let’s use a different custom query.
(&(&(objectCategory=user)(userAccountControl=512)))
As you can see, only very ‘basic’ or vanilla users will be listed here. Only user accounts that have NO special attributes will be listed in this query.
Remember that table at the beginning of this article? If any account has any of those other attributes or states, they won’t show up here. It’s actually a nice tool to have.
I hope you found some nice nuggets of information here to assist you in discovering all your users in Active Directory. There are a lot of methods you can use, and each one has its own strengths and weaknesses. Finding the right balance especially when trying to hit a deadline from a security directive.