How to List Active Directory Users in Batch Script
Getting a list of all user accounts is a fundamental task for any Active Directory administrator. You might need this list to perform a security audit, generate a report, or as input for another script that needs to perform an action on every user. The standard, built-in command-line utility for querying Active Directory objects is dsquery.exe.
This guide will teach you how to use the dsquery user command to get a full list of all users in your domain. You will learn how to target specific Organizational Units (OUs), how to control the output format, and how to use this command to create powerful and practical administrative scripts.
CRITICAL: Prerequisites (RSAT Tools and Permissions)
Before you can script this, three conditions must be met:
- RSAT for Active Directory Must Be Installed: The
dsquery.execommand is not installed by default on Windows client operating systems. It is part of the Remote Server Administration Tools (RSAT).- On Windows 10/11, go to
Settings->Apps->Optional featuresand installRSAT: Active Directory Domain Services and Lightweight Directory Services Tools.
- On Windows 10/11, go to
- Permissions: You must be logged in as a domain user. Standard Domain User permissions are sufficient to read the list of users and most of their properties.
- Domain Environment: The script must be run from a domain-joined computer.
The Core Command: dsquery user
The dsquery (Directory Service Query) command is the primary tool for finding objects in Active Directory. We use the user context to specifically search for user accounts.
Syntax: dsquery user [start_node] [options]
[start_node]: An optional parameter to specify where in the Active Directory tree the search should begin. If omitted, it searches the entire domain.[options]: Switches to filter the results or change the output format.
Basic Example: Listing All Users in the Domain
Running the command in its simplest form will list the Distinguished Name (DN) of every user account in the domain.
@ECHO OFF
ECHO --- Listing all users in the domain ---
ECHO This may be a long list...
ECHO.
dsquery user
By default, this command will only return the first 100 users it finds! See the Pitfalls section for the solution.
The output is a list of the full, unique DNs for each user.
"CN=John Doe,OU=Users,OU=NewYork,DC=mycorp,DC=local"
"CN=Jane Smith,OU=Users,OU=NewYork,DC=mycorp,DC=local"
"CN=AdminAccount,CN=Users,DC=mycorp,DC=local"
...
Key dsquery Parameters Explained
| Switch | Description | Example |
|---|---|---|
-limit <number> | (Essential) Sets the maximum number of results to return. Use -limit 0 to return all results, with no limit. | dsquery user -limit 0 |
-name <name> | Finds users by their "Display Name". Supports wildcards (*). | dsquery user -name "John*" |
-samid <name> | Finds a user by their logon name (sAMAccountName). Supports wildcards. | dsquery user -samid "johndoe" |
-o <format> | Controls the output format. | -o dn (Distinguished Name - default)-o rdn (Relative Distinguished Name)-o upn (User Principal Name) |
-inactive <weeks> | Finds users that have been inactive for a certain number of weeks. | dsquery user -inactive 4 |
-disabled | Finds only user accounts that are currently disabled. | dsquery user -disabled |
Filtering the Search to a Specific OU
For large domains, you rarely want to search the entire directory. You can specify a starting Organizational Unit (OU) to narrow your search.
For example, this script will only find users within the Sales OU in the NewYork OU.
@ECHO OFF
SET "TargetOU=OU=Sales,OU=NewYork,DC=mycorp,DC=local"
ECHO --- Finding users in the Sales department ---
dsquery user "%TargetOU%" -limit 0
How to Capture and Use the User List in a Script
The dsquery command is most powerful when its output is used as the input for another command, typically in a FOR /F loop. This allows you to perform an action on every user found.
This script gets a list of all users and then uses dsget to display their display names.
@ECHO OFF
ECHO --- Getting the Display Name for all users ---
REM dsquery finds the users, and the pipe | sends the list to dsget.
REM dsget then gets the 'displayname' property for each user it receives.
FOR /F "skip=1 delims=" %%U IN ('dsquery user -limit 0 ^| dsget user -display') DO (
ECHO User: %%U
)
Common Pitfalls and How to Solve Them
Problem: 'dsquery' is not recognized...
This means the RSAT tools are not installed.
Solution: Install the RSAT for Active Directory as described in section above.
Problem: The List is Limited to the First 100 Results
This is the most common "gotcha" for dsquery. For performance reasons, it defaults to a limit of 100 results.
Solution: Always use the -limit 0 switch in your scripts to ensure you get a complete and unabridged list of all matching users.
dsquery user -limit 0
Practical Example: A "List All Disabled Users" Script
This script uses a filter to find all user accounts in the domain that are currently disabled and generates a simple report.
@ECHO OFF
SETLOCAL
SET "ReportFile=%USERPROFILE%\Desktop\Disabled_Users_Report.txt"
ECHO --- Generating Disabled Users Report ---
ECHO Saving report to: "%ReportFile%"
(
ECHO Disabled User Accounts Report
ECHO Generated on %DATE% at %TIME%
ECHO ---------------------------------
) > "%ReportFile%"
REM --- The core command ---
REM -disabled: Finds only disabled accounts.
REM -limit 0: Ensures all are found.
REM -o upn: Outputs the user-friendly User Principal Name (email format).
dsquery user -disabled -limit 0 -o upn >> "%ReportFile%"
ECHO.
ECHO [SUCCESS] Report generated.
START "" "%ReportFile%"
ENDLOCAL
Conclusion
The dsquery user command is the definitive tool for finding and listing user accounts in Active Directory from a batch script.
Key takeaways for using it successfully:
- Install the RSAT for Active Directory to get the
dsquery.exetool. - Run the script on a domain-joined PC as a domain user.
- Always use the
-limit 0switch in scripts to get all results. - Use powerful filter switches like
-name,-samid,-disabled, or-inactiveto narrow your search. - Pipe the output of
dsquerytodsgetinside aFOR /Floop to retrieve specific properties for each user found.