Kaseya Community

How to use Harvested AD Users in a Script?

This question is not answered

I would like to get a list of all AD users on  Domain controller.  I see there are database view variables out there but I'm not sure how to use them in a Agent Procedure. 

The DatabaseViews Variables:


Contains active directory harvested users.

Column Name




nvarchar(255), not null

AD User name


nvarchar(255), not null

Canonical name


nvarchar(255), null

Domain name


nvarchar(2048), null

AD distinguished name

Anyone have a script or know how to do this?

All Replies
  • Feel free to school me if I'm wrong but none of the current standard Agent Procedure commands can enumerate the AD list, you will need to use the mysterious SQL command line commands for this. Last I looked these are not documented and I would love to learn how to use them.

    Alternate options are Vb scripts and Powershell.

  • I was afraid of that. Anyone know how to create the mysterious sql commands and script the process through Kaseya?

    I have VB script to get me a list of the users but I'm not completely comfortable it is reporting the correct data back and I'd rather trust Kaseya's utilities.

  • you are trying to get a list of users - what are you going to do with the list? is it for reporting or do you want to run a script against the users?

    explain further if you can

  • Essentially we want to gather all of the users in active directory to give us a head count for the organization.  Trick is we would like to get only actual human user accounts.  Been playing around with several VBScripts and haven't really had much luck.  Just was going to try my luck with Kaseya's utilities.

  • Kaseya admins?  Have any suggestions?

  • try this, you'll want to run it on your AD server, save it as a batch file and edit it to match your domain



    @echo off

    :: This will pull up all users and their groups into a txt file.
    :: The original command is
    ::  c\ ldifde -f file_name -r (objectclass=Object_type) -l include_these_attributes -s Top_Level_Domain
    :: -f file_name = the name of the file to create
    :: -r (objectclass=Object_type) = Group, user, Object unit....
    :: -l include_these_attributes = this will import only the attributes you specify, works like the find feature in txt notepad
    :: -s Top_level_domain = the domain name, yourdomain.local,

    :: pulls the "user" object's on a "memberof" filter into the exort.txt file.

    ldifde  -f export.txt -r (objectclass=user) -l memberof -s yourdomain.local

    ::the pause is used for debuging remove it or leave it, your choice


    ::opens the file in notepad for viewing.
    start notepad %homepath%\export.txt

  • it's been awhile since I've used this but I think there's a way to export off to csv instead of text, I'll check it out, and repost when I find it.

  • How does one determine the human part of the count - do you have values specified in the accounts that indicate this is a real user versus it being a backupexec account or something.

    Are they organised into OU's that are logical - Such as Staff / Service Accounts

    A handy tool we use

    www.joeware.net/.../index.htm (down the bottom there is link to show you examples and switches)

  • or just wait a few weeks for directory services :-)


  • Also I am sure you know that if you do a lanwatch on a DC it pulls all your AD users into the Kaseya DB. We use this to display in our portal as it shows when last password changed.

    Tables are clearly labelled.

    the only issue you will have is that you cannot check against ou / membership etc.

    Other ones I would try is powershell - the AD plugins for powershell are very powerful check out http://powershell.com/cs/ there are lots of AD scripts you can download and you can easily export to pdf then upload to your k server and run a SQL bulk import to pull it into sql.