I would like to know if there is a command line utility (on Windows platform) that would help the administrator dump out a list of users stored on the SAM database/Active Directory for the purpose of keeping a baseline of users on the Windows system. If there is, how can I use the utility and the various modes/switches available with the utility? Also, how do I create an automated script that would be used with the advised utility to check for changes in the user baseline and report it via e-mail to myself?
In simplest form, you can use net users to obtain a list of users in a domain. If you are at a DC console, simply enter net users at the command prompt, or net users > userlist2.txt to dump the data to a text file. If you have a previous listing, say in userlist1.txt, you can compare the two files using the fc utility; i.e. fc userlist2.txt userlist2.txt -- fc compares two files and reports differences, and it attempts to reconcile after finding a difference. Additional syntax for these commands is in the help files.
To do something more sophisticated may require, as you indicated, writing a script.
To locate a number of scripts that work with user accounts see the Technet Script Center. There are hundreds of scripts there, and quite a few are concerned with the management of users.
To learn how to create useful administration scripts, I recommend Microsoft's script primer.
Dig Deeper on Windows 10 security and management