Getting a list of users by department is one of the most common AD reporting tasks that admins perform that admins perform to build organization charts, run license audits, conduct access reviews, and verify HR sync. There are three practical ways to do it: using the Get-ADUser PowerShell cmdlet, the Active Directory Users and Computers (ADUC) console, and ADManager Plus.
In AD, department is a single-valued string attribute on the user object. It is populated either manually through the ADUC Organization tab or programmatically, usually by an HR-to-AD sync. The attribute is widely used as a grouping field for reporting, dynamic distribution lists, and licensing logic. Even though it's queried frequently, department is not part of the default property set returned by Get-ADUser, which is the single biggest source of confusion when results come back blank.
Before you run the Get-ADUser cmdlet, confirm the following:
Get-ADUser returns only a small default property set, including distinguishedName, Enabled, givenName, Name, ObjectClass, ObjectGUID, sAMAccountName, SID, Surname, and UserPrincipalName. Department is not in that list, so you must request it explicitly with -Properties.
$user = Get-ADUser -Identity 'sjacobs' -Properties Department, Title, Manager
if ([string]::IsNullOrEmpty($user.Department)) {Write-Host "$($user.Name) has no department assigned."} else {[PSCustomObject]@ { Name = $user.Name sAMAccountName = $user.sAMAccountName Department = $user.Department Title = $user.Title }}
The -Filter parameter uses PowerShell Expression Language and runs server-side, so it's far faster than piping to Where-Object.
# All users whose department is exactly "Sales"
Get-ADUser -Filter "Department -eq 'Sales'" -Properties Department |
Select-Object Name, sAMAccountName, Department
# Wildcard match — any department starting with "IT"
Get-ADUser -Filter "Department -like 'IT*'" -Properties Department |
Select-Object Name, sAMAccountName, Department
# Multiple departments using -or
Get-ADUser -Filter "Department -eq 'Sales' -or Department -eq 'Marketing'" `
-Properties Department |
Select-Object Name, sAMAccountName, Department
By default, Get-ADUser returns rich objects. Use Select-Object to pick columns for reporting and Format-Table for clean console output.
Get-ADUser -Filter "Department -eq 'Engineering'" -Properties Department, Title, Manager |
Select-Object Name, sAMAccountName, Department, Title |
Format-Table -AutoSize
Name sAMAccountName Department Title
---- -------------- ---------- -----
Steve Jacobs sjacobs Engineering Senior Platform Engineer
Mark Jacob mjacob Engineering DevOps Engineer
For large directories, restricting the query to a specific OU is essential for performance.
# Get every user under OU=Sales,DC=skyy,DC=com with their department
Get-ADUser -SearchBase "OU=Sales,DC=skyy,DC=com" `
-Filter * `
-Properties Department |
Select-Object Name, sAMAccountName, Department
# Limit to one OU level (no nested OUs) with -SearchScope OneLevel
Get-ADUser -SearchBase "OU=HQ,DC=skyy,DC=com" `
-SearchScope OneLevel `
-Filter "Department -eq 'Finance'" `
-Properties Department
If you need to pull users across multiple OUs in a single run, see Get-ADUser list from multiple OUs.
Pipe Get-ADUser straight to Export-Csv and never through Format-Table first.
Get-ADUser -Filter * -Properties Department, Title, Manager |
Select-Object Name, sAMAccountName,
@{Name='Department'; Expression={ if ($_.Department) { $_.Department } else { 'Unassigned' } }},
Title,
@{Name='Manager'; Expression={ (Get-ADUser $_.Manager -ErrorAction SilentlyContinue).Name }} |
Export-Csv -Path "C:\Reports\skyy-users-by-department.csv" -NoTypeInformation -Encoding UTF8
The calculated Department column substitutes Unassigned for blanks, so the report stays clean. For more CSV-driven patterns, see Get-ADUser with Import-Csv module.
Use a complete, parameterized script that imports the module, scopes to an OU, filters by department, resolves manager names, handles null values, and exports to CSV.
<#
.SYNOPSIS
Generate a department-based user report from Active Directory.
.EXAMPLE
.\Get-DepartmentReport.ps1 -Department 'Engineering' -OU 'OU=HQ,DC=skyy,DC=com' `
-OutputPath 'C:\Reports\engineering.csv'
#>
param(
[string]$Department,
[string]$OU,
[string]$OutputPath = "C:\Reports\skyy-department-report.csv"
)
Import-Module ActiveDirectory
# Build query parameters dynamically
$params = @{
Properties = 'Department','Title','Manager','EmailAddress','Enabled'
}
if ($Department) { $params.Filter = "Department -eq '$Department'" } else { $params.Filter = '*' }
if ($OU) { $params.SearchBase = $OU }
# Resolve and export
Get-ADUser @params |
Select-Object `
Name,
sAMAccountName,
UserPrincipalName,
@{N='Department'; E={ if ($_.Department) { $_.Department } else { 'Unassigned' } }},
Title,
@{N='Manager'; E={ (Get-ADUser $_.Manager -ErrorAction SilentlyContinue).Name }},
EmailAddress,
Enabled |
Sort-Object Department, Name |
Export-Csv -Path $OutputPath -NoTypeInformation -Encoding UTF8
Write-Host "Report saved to $OutputPath" -ForegroundColor Green
Filtering is half the job; admins also need to set or change the value. Use Set-ADUser for single updates and a CSV-driven loop for bulk changes.
# Single user — move Mark Jacob to the Platform team
Set-ADUser -Identity 'mjacob' -Department 'Platform'
# Bulk update from a CSV with headers: sAMAccountName, Department
Import-Csv -Path 'C:\Imports\department-changes.csv' | ForEach-Object {
Set-ADUser -Identity $_.sAMAccountName -Department $_.Department
Write-Host "Updated $($_.sAMAccountName) -> $($_.Department)"
}
ADUC shows the department field on the user's Organization tab. To view the department attribute of a user:
In the same Organization tab, type a new value in the Department field and click OK. The change is immediate. Note that there is no undo, no approval gate, and no built-in audit note attached to the change.
ADManager Plus, an AD reporting tool, comes with predefined user reports that return every user across one OU, multiple OUs, or the entire forest without writing or maintaining any PowerShell scripts. The reports are point-and-click; schedulable to email recipients on a recurring basis; exportable to CSV, PDF, XLSX, and HTML formats; and backed by an audit trail.
Once you have a list of users to reassign, use ADManager Plus' bulk user modification feature to change the department attribute for many users at once from a CSV, or pick users directly from a generated report.
Get-ADUser is the PowerShell cmdlet, supplied by the Active Directory module for Windows PowerShell, that retrieves one or more user objects from AD. You query by identity, filter expression, or LDAP filter, and you ask for additional attributes with -Properties.
The most common reason is that -Properties Department was not specified, since Department is not in the default property set. Other causes include: the user was created without the field populated; HR sync hasn't run; or the attribute was cleared during a role change. For a deeper pattern on detecting missing attributes, see filtering Get-ADUser by null attribute.
Run the Get-ADUser -Filter * -Properties Department | Select-Object Name, sAMAccountName, Department. For domain-wide bulk exports, see Get all AD users with PowerShell.
For a single user, run:
Set-ADUser -Identity 'sjacobs' -Department 'Marketing'
To clear it, use -Department $null. For bulk changes, import a CSV and loop with Set-ADUser, or use bulk user modification in ADManager Plus to do it with approval workflows.
You can wrap a script in Task Scheduler, but you'll have to build the email delivery, archival, and retention pieces yourself. ADManager Plus has built-in report scheduling that emails department reports as CSV, PDF, or other attachments.