LDAP or VBscript to list all real users in AD

Question

Please can you help me with a LDAP query or VBscript to list all current users; real, flesh and blood people so it must exclude service accounts, administrator accounts and shared mailboxes.

If you can help with this, it would be greatly appreciated.

Answer 1

I know this is an old one, anyway... to get "flesh-and-blood" :) account, try this:

Users who are persons AND company and email address cannot be blank AND the manager field cannot be blank:

(&(objectCategory=person)(objectClass=user)(company=*)(mail=*)(|(manager=*)))

... or this to:

Users who are persons AND company and email address cannot be blank AND the manager field cannot be blank unless the user’s name is Mr. Brown:

(&(objectCategory=person)(objectClass=user)(company=*)(mail=*)(|(manager=*)(name=Mr. Brown)))

Note: The operation (|(manager=*)(name=Mr. Brown)) means that either manager=* or name=Mr. Brown must be true.

Source: https://help.mypurecloud.com/articles/create-ldap-query/

Answer 2

How do you know (in your script) whether an account is a "flesh-and-blood" account or a service account?? What attribute can you check to make that decision?? I'm not aware of any "real user" flag in AD - but maybe you can base your decision on something that your company is using.

Once you know that fact, then you should be able to find something on Richard Mueller's website - he has tons of examples for VBScript and Active Directory - this page here has a number of premade VBScripts to handle things like creating a list of users and many others. Adapt these for your specific needs.