Counting the Number of AD User Accounts in PowerShell

Here are some PowerShell examples that we can use to count the numbers of user accounts in Active Directory.

Total number of user accounts in AD

PS> (Get-ADUser -filter *).count

Total number of user accounts in an OU

PS> (Get-ADUser -filter * -searchbase "OU=Vancouver, OU=MyCompany, DC=Domain, DC=Local").count

Replace the SearchBase with your own OU path.

Total number of enabled/disabled accounts in AD

PS> (Get-AdUser -filter * |Where {$_.enabled -eq "True"}).count
PS> (Get-ADUser -filter * |Where {$_.enabled -ne "False"}).count

Total number of user accounts in a Group

PS> (Get-ADGroupMember -Identity "Group Name").count

I ran these on a Windows 10 machine. If you get an error message saying the unrecognized command, follow this instruction to get PowerShell Active Directory Module installed.

11 thoughts on “Counting the Number of AD User Accounts in PowerShell

  1. hi,
    is that possible to count the aduser every 1000 objects and parse to csv file every completed 1000 objects and continue again after parsing to csv file?
    please advise on how to achieve and how to construct in powershell
    Thanks

  2. This code for “Total number of enabled/disabled accounts in AD” has too many errors…
    Yes it works but it is not clear on first look why.
    And you can find it via google… So here is the correct version:

    (Get-AdUser -filter ‘Enabled -eq $true’).count # This gets the number of enabled accounts
    The difference here is filtering on the AD site with a filter instead of using -Filter * and more importantly not comparing a boolean value (Enabled) to a string since casting string to bool nearly always equals $true
    Same with the disabled accounts:
    (Get-AdUser -filter ‘Enabled -eq $false’).count
    Same stuff here. Use a filter on the AD site of things. Compare with actual boolean values. Don’t switch around the comparison ‘-ne’ vs ‘-eq’ in the first example to make the commands understandable.

    1. Why not? If you going to make such a bold claim (and do it anonymously), why not say why you feel this was wrong, instead of just YELLING don’t do it?

      There are better ways, and I presented on below. But you criticize but can’t even bother to say why?

  3. Might I suggest a more efficient way to do this? The problem here is your fetching all the data then filtering it. Why not instead filter it BEFORE fetching it.
    Instead of:
    (Get-AdUser -filter * |Where {$_.enabled -eq “True”}).count
    try:
    (Get-Aduser – filter {enabled -eq $true}).count
    and instead of
    (Get-ADUser -filter * |Where {$_.enabled -ne “False”}).count
    try
    (Get-Aduser – filter {enabled -eq $false}).count

    In my domain, I have some 600,000 users. This change meant that instead of fetching all of the accounts, only to later throw away the data on enabled or disabled, I instead only collected the information that was needed

Leave a Reply

Your email address will not be published. Required fields are marked *