I'm trying to get all AD groups that have a blank Managed By Name and the description of the AD group. I'm currently having issues with displaying no results using my filter, but am not sure why. Any help is appreciated.
Get-ADGroup -filter * | Where-Object {$_.ManagedBy -eq ""} | Select-Object manager,description | Export-Csv -Path C:\Users\User\Desktop\AllNullManagedBy.csv -NoTypeInformation
The current script is not showing any users which it should be showing several users
The problem is that Get-ADGroup does not return an object with the ManagedBy attribute by default, you need to ask for it (-Properties ManagedBy):
Get-ADGroup -Filter * -Properties ManagedBy, Manager, Description |
Where-Object {-not $_.ManagedBy } | Select-Object samAccountName, Manager, Description |
Export-Csv -Path C:\Users\User\Desktop\AllNullManagedBy.csv -NoTypeInformation
However, this operation is quite inefficient, you can use LDAP filtering capabilities for this:
Get-ADGroup -LDAPFilter "(!managedby=*)" -Properties Manager, Description |
Select-Object samAccountName, Manager, Description |
Export-Csv -Path C:\Users\User\Desktop\AllNullManagedBy.csv -NoTypeInformation
As a side note, Where-Object { $_.ManagedBy -eq "" } is likely to not return any results, you would be querying for AD Groups where their ManagedBy attribute is set and it's value is equal to an emptry string instead of filtering for groups that don't have the attribute set or it's value is $null or empty string ({-not $_.ManagedBy }):
$null -eq '' # => False: comparison fails here
-not $null # => True
-not '' # => True
Related
My goal is to list extended properties of a list of users by Display Name or SamAccountName pulling those names from a Csv. I am using the following script and it works but it either skips names in the Csv or repeats them. If I do one at a time it returns what I need but from the Csv it doesn’t. Csv has one column named Name.
Import-Csv C:\Users\Administrator\Documents\test.txt | Foreach {
Get-ADUser -Filter "DisplayName -eq '$($_.Name)'" -Properties *
} | Select-Object DisplayName, SamAccountName, Title, Department, EmailAddress, ObjectGUID | Sort-Object Displayname | FT
There is nothing wrong with your current code, except for using Import-Csv on a .txt file (test.txt), I would assume this was a typo. I've added an if condition to help you troubleshoot so at least you would know which users where not found.
You should also avoid the use of -Properties *, querying all properties for the users is inefficient and slow.
$properties = #(
'DisplayName'
'SamAccountName'
'Title'
'Department'
'EmailAddress'
'ObjectGUID'
)
Import-Csv C:\Users\Administrator\Documents\test.csv | ForEach-Object {
$adUser = Get-ADUser -Filter "DisplayName -eq '$($_.Name)'" -Properties $properties
if(-not $adUser) {
Write-Warning "'$($_.Name)' could not be found on AD"
return # Go next
}
$adUser
} | Select-Object $properties | Sort-Object Displayname | Format-Table
I'm working on a script that takes all the users in the AD and getting four specifics.
saMAccountName
Displayname
Comment
Specific group name (Group A)
Below is the code that I have now. It works, but it gives me all the groups, I only need one specific group (Group A) to be listed.
If the user is not a member of this group, the user must be listed in the export but without the listing of the group
Get-ADGroup -Filter {name -like "Domain Users"} |
Get-ADGroupMember | Where-Object { $_.objectClass -eq 'user' } |
Get-ADUser -Properties comment,displayname,MemberOf |
select saMAccountName,displayname,comment,#{Name="MemberOf";Expression={$_.MemberOf -Join ";"}} |
Sort-Object SamAccountName | Export-csv -path C:\Install\Export-AD.csv -NoTypeInformation
Hope you have some tips and pointers for me on how to filter on the group name.
You could just add a comparison operation (-like) to your expression for MemberOf. You can see an example of this below. However, I would recommend against that single augmentation because of the inefficient nature of the Where-Object and the unnecessary queries that are happening here.
Get-ADGroup -Filter {name -like "Domain Users"} | Get-ADGroupMember | Where-Object { $_.objectClass -eq 'user' } | Get-ADUser -Properties comment,displayname,MemberOf | select saMAccountName,displayname,comment,#{Name="MemberOf";Expression={($_.MemberOf -like "Group A") -join ";"}} | Sort-Object SamAccountName | Export-csv -path C:\Install\Export-AD.csv -NoTypeInformation
I don't know how efficiently this runs in your AD. I tested this with a 722 member group, and it took 22.221 seconds to run.
I would try something like this instead as it will be significantly faster:
$GroupFilterDN = (Get-ADGroup "DOMAIN users").DistinguishedName
$GroupCheck = (Get-ADGroup "Group A").DistinguishedName
Get-ADUser -filter {(memberof -eq $GroupFilterDN -or PrimaryGroup -eq $GroupFilterDN) -and (ObjectClass -eq "user")} -Properties comment,displayname,MemberOf |
select saMAccountName,displayname,comment,#{Name="MemberOf";Expression={$_.MemberOf.where({$_ -in $GroupCheck}) -join ";"}} |
Sort-Object SamAccountName | Export-csv -path C:\Install\Export-AD.csv -NoTypeInformation
You need to replace the Group A string with your group name in the $GroupCheck variable.
$GroupFilter contains the group you want to filter on. In your example, you wanted to filter on Domain Users. The variable holds the DN for that group.
$GroupCheck contains the group for which you want to find members. The variable holds the DN for that group. In your example, you called this Group A.
The PrimaryGroup check had to be added since in your example you are using Domain Users. Domain Users does not show up in the MemberOf property.
The where({$_ -in $GroupCheck}) method is for when $GroupCheck has multiple groups. $GroupCheck currently would only have one group, but it could be tweaked to have multiple.
The code removes the requirement of using the Get-ADGroupMember command, which contains the Where-Object. Then it adds a comparison operation (-eq) for the MemberOf expression.
I tested the second block of code and it completed in 3.847 seconds with the same 722 member group.
Is there any way I can import a list of users, get their groups in AD and export the list?
Import-Csv C:\Users.csv |
% {Get-AdUser -filter "displayname -eq '$($_.username)'"} |
Get-ADprincipalGroupMembership |
Select samaccountname, name |
Export-csv -path C:\UserPermiss.csv -NoTypeInformation
File example:
username
Jon Jo
Steve Price
Alan Partridge
Cheers.
In PSv4+ you can leverage the -PipelineVariable / -pv common parameter to make the output of an earlier pipeline stage available to script blocks used in later pipeline stages:
Import-Csv C:\Users.csv |
ForEach-Object -pv user { Get-AdUser -filter "displayname -eq '$($_.username)'"} |
Get-ADprincipalGroupMembership |
Select-Object #{ n = 'samaccountname'; e = { $user.samaccountname } }, name |
Export-csv -path C:\UserPermiss.csv -NoTypeInformation
Using -pv user makes the AD user output by Get-AdUser available as variable $user in the Select-Object stage, where it is referenced in the script block of calculated property samaccountname, pairing the name of the AD user at hand with the name of each AD group they are a member of.
The resulting CSV file would look something like this:
"samaccountname","name"
"jjo","group1"
"jjo","group2"
"sprice","group1"
"sprice","group3"
"sprice","group4"
# ...
You could use the memberof property and then join the array of groups inside a calculated property.
Import-Csv C:\Users.csv |
ForEach-Object{
Get-AdUser -Filter "displayname -eq '$($_.username)'" -Properties memberof
} |
Select-Object samaccountname, name, #{n='memberof';e={$_.memberof -join ';'}} |
Export-Csv -Path C:\UserPermiss.csv -NoTypeInformation
I am wanting to bring forward a CSV file containing all users Name, SamAccountName and Description, however we have noticed that there are several people who do not have descriptions. What I am looking for is how to edit my existing code (I know there's a simple way to do it I just can't remember it) so that is filters my output so it only shows users who have no description.
Get-ADUser -Filter * -Properties Name,SamAccountName,Description -SearchBase "DC=REMOVED,DC=com" |
? { $_.Enabled -notlike "FALSE" } |
Select Name,SamAccountName,Description |
Export-Csv "C:\scripts\NoDescriptionUsers.csv"
You need to add another condition in your Where-Object scriptblock since you can't filter empty values with an LDAP-Query AFAIK. One suggestion:
Get-ADUser -Filter * -Properties Name,SamAccountName,Description -SearchBase "DC=REMOVED,DC=com" |
? { $_.Enabled -notlike "FALSE" -and [string]::IsNullOrEmpty($_.Description.Trim()) } |
Select Name,SamAccountName,Description |
Export-Csv "C:\scripts\NoDescriptionUsers.csv"
Personally I would also move the enabled-check into a filter in Get-ADUser to speed things up. Now the DC will only send you enabled users instead of all users. Try:
Get-ADUser -Filter { Enabled -eq $true } -Properties Name,SamAccountName,Description -SearchBase "DC=REMOVED,DC=com" |
? { [string]::IsNullOrEmpty($_.Description.Trim()) } |
Select Name,SamAccountName,Description |
Export-Csv "C:\scripts\NoDescriptionUsers.csv"
I use this script to query my AD and extract user data.
Get-Aduser -filter * -Properties *| Select-Object -Property SamAccountName,CN,co,ExtensionAttribute10,extensionAttribute11,extensionAttribute12,EmailAddress,whenCreated,Enabled,LastLogonDate,accountexpirationdate, #{Name='parentOU'; Expression={[regex]::match($_.distinguishedname,'(?<=OU=.+?OU=).+?(?=,(OU|DC)=)').Value}},distinguishedname,description | Sort-Object -Property Name <#| Where-Object {$_.distinguishedname -like "*regular*"-or $_.distinguishedname -like "*remote*" -or $_.distinguishedname -like "*shopfloor*" -or $_.distinguishedname -like "*brp admin*" }#> | Export-Csv -append -Delimiter ";" -path $path
I would like to take the result of the "enable" column, which is True or False, and create a new column call "suspended" if the result of enable is true the value to put in "suspended" is no. If the result is false, the value to put in "suspended should be "yes"
Can someone help me with this ?
Just create a new calculated property that is based on the value of the Enabled property.
... | Select-Object ... ,Enabled,#{n='Suspended';e={if($_.Enabled){'no'}else{'yes'}}},...