I wanna use Out-GridView to display members of a selected AD group. It would be nice if I could get all members (computers, other groups, users) but at least users is mandatory.
I have this code now:
Import-Module ActiveDirectory
$groups = Get-ADGroup -Filter * -Searchbase "OU=Groups,DC=domain,DC=int"|
Select-Object #{n="Group"; e={$_.Name}}, DistinguishedName |Sort-Object "Group"|
Out-GridView -Title "Select a group, then click OK" -PassThru
$accounts = Foreach ($group in $groups) {Get-ADGroupMember -Identity $group.DistinguishedName -Recursive}
$report = Get-ADUser -Identity $account -Properties *|
Select-Object name, SamAccountName, EmailAddress, EmployeeID, TelephoneNumber, Created, Department, City|
Out-GridView -Title "The members of the group" -PassThru
At the moment I can search for the group , select it and then I do not get all the members. just one, I think. And also only a user cause it's Get-ADuser.
Can anyone help me?
Or maybe there is a similar powershell frontend somewhere in the internet?
Since Get-ADGroupMember can return 3 different types of AD objects, you cannot blindly use Get-ADUser on each of the returned objects.
What is more, not all of these different objects have the same properties you want shown in your grid view, so you need some method of capturing properties they have in common, while leaving others blank.
Try:
Import-Module ActiveDirectory
$groups = Get-ADGroup -Filter * -Searchbase "OU=Groups,DC=domain,DC=int" |
Select-Object #{Name = "Group"; Expression = {$_.Name}}, DistinguishedName | Sort-Object "Group"
# show the groups in a grid view and have the user select one item
$selected = $groups | Out-GridView -Title "Select a group, then click OK" -PassThru
# if not cancelled
if ($selected) {
# loop through the members of the selected group and capture the resulting objects in variable $result
$result = foreach ($member in (Get-ADGroupMember -Identity $selected.DistinguishedName -Recursive)) {
$account = switch ($member.objectClass) {
'user' {
# Get-ADUser by default returns these properties:
# DistinguishedName, Enabled, GivenName, Name, ObjectClass, ObjectGUID, SamAccountName, SID, Surname, UserPrincipalName
Get-ADUser -Identity $member.DistinguishedName -Properties EmailAddress, EmployeeId,
OfficePhone, Created, Department, City
}
'group' {
# Get-ADGroup by default returns these properties:
# DistinguishedName, GroupCategory, GroupScope, Name, ObjectClass, ObjectGUID, SamAccountName, SID
Get-ADGroup -Identity $member.DistinguishedName -Properties mail, Created |
# rename the property 'mail' here
Select-Object *, #{Name = 'EmailAddress'; Expression = {$_.mail}} -ExcludeProperty mail
}
'computer' {
# Get-ADComputer by default returns these properties:
# DistinguishedName, DNSHostName, Enabled, Name, ObjectClass, ObjectGUID, SamAccountName, SID, UserPrincipalName
Get-ADComputer -Identity $member.DistinguishedName -Properties Created
}
}
# output an object with all properties you want in the grid view. Some will be empty though depending on the object type
$account | Select-Object #{Name = 'Type'; Expression = {$member.objectClass}},
Name, SamAccountName, EmailAddress, EmployeeId, OfficePhone, Created, Department, City
}
# display the results
$result | Sort-Object Type, Name | Out-GridView -Title "The members of group '$($selected.Name)'"
}
Get-ADGroupMember -Identity *group* | Out-GridView
This should get you all the members of the group. I guess you can filter it from there? :)
Related
I am working on a powershell script together which will
query an existing OU
select the first and last name, samaccountname, and objectguid, of all users in the OU
Take the objectguid of each user and convert it to a base64string (immutableid)
output the results in a table format with users' first and last name, samaccountname, objectguid, and immutableid, sorted in alphabetical order by users' firstname.
The below script works just fine if I wanted to pull the base64string for one user at a time:
Import-module ActiveDirectory
$UserSamAccount = Read-Host "Provide SamAccountName of a user"
$User = Get-ADuser $UserSamAccount -Properties * | select ObjectGUID
$ImmutableID = [convert]::ToBase64String(([GUID]($User.ObjectGUID)).tobytearray())
Write-Host "ImmutableID for user $UserSamAccount is:" -ForegroundColor Cyan
$ImmutableID
Any help with this will be most appreciated. Thank you in advance!
If I understand correctly your need the following should do the trick. It uses [pscustomobject] to construct your desired output and a ForEach-Object to process each object from the pipeline:
Get-ADUser -Filter * -SearchBase "OU=myOU,DC=myDomain,DC=xyz" -SearchScope OneLevel |
Sort-Object GivenName |
ForEach-Object {
[pscustomobject]#{
GivenName = $_.GivenName
Surname = $_.Surname
SamAccountName = $_.SamAccountName
ObjectGuid = $_.ObjectGuid
ImmutableId = [convert]::ToBase64String($_.ObjectGuid.ToByteArray())
}
} # | Export-Csv path\to\myExport.Csv -NoTypeInformation <= Can pipe this to export later :)
You could also use Select-Object with a calculated property (might be simpler but harder to read):
Get-ADUser -Filter * -SearchBase "OU=myOU,DC=myDomain,DC=xyz" -SearchScope OneLevel |
Sort-Object GivenName |
Select-Object GivenName, Surname, SamAccountName, ObjectGuid, #{ N='ImmutableId'; E={ [convert]::ToBase64String($_.ObjectGuid.ToByteArray()) }}
This is what I have so far:
Get-ADUser -Filter 'Department -like "*"' -Properties * |
Select -Property DisplayName,GivenName,Surname,Title,Department,Office,OfficePhone |
Export-CSV "C:\ad-users.csv"
You can use a Where-Object clause to filter on the users OU
# fill in the DistinguishedName of the 'Disabled Users' OU here
$ouToExclude = 'OU=...'
# Get-ADUser by default returns these properties:
# DistinguishedName, Enabled, GivenName, Name, ObjectClass, ObjectGUID, SamAccountName, SID, Surname, UserPrincipalName
# so you only need to ask for extra properties not already in this list
Get-ADUser -Filter "Department -like '*'" -Properties DisplayName,Title,Department,Office,OfficePhone |
Where-Object { $_.DistinguishedName -notlike "*$ouToExclude" } |
Select-Object DisplayName,GivenName,Surname,Title,Department,Office,OfficePhone |
Export-Csv "C:\ad-users.csv" -NoTypeInformation
I believe you could do it this way using -LDAPFilter, first you need to query the OU to Exclude and get it's DistinguishedName then you can query all users and filter them where their DistinguishedName does not contain the OU to exclude.
NOTE: This assumes there is only 1 OU with Name Disabled Users. If there are more OUs with the same I would recommend you to hardcode the DistinguishedName of the excluded OU in $ouDN.
It's also worth noting that querying all attributes (-Properties *) for all users is highly inefficient, you should always query only the attributes of interest (-Properties attrib1, attrib2, etc).
$properties = #(
'DisplayName'
'GivenName'
'Surname'
'Title'
'Department'
'Office'
'OfficePhone'
)
$ouToExclude = 'Disabled Users'
$ouDN = (Get-ADOrganizationalUnit -LDAPFilter "(Name=$ouToExclude)").DistinguishedName
Get-ADUser -LDAPFilter "(Department=*)" -Properties $properties | & {
process {
if($_.DistinguishedName -notlike "*$ouDN") { $_ }
}
} | Select-Object $properties | Export-Csv "C:\ad-users.csv" -NoTypeInformation
We have few groups in AD for the O365 license.
what powershell script I can get to export all the users under E3 groups.
I was using below, but it only give me information for 365 E3 user only
Get-AdGroupMember -Identity "AZ-APP-Office 365 E3" -recursive | Where objectClass -eq "user" | Get-ADUser -Properties * | select-object displayName,samAccountName,UserPrincipalName,Mail,Manager,Department,Enabled | export-csv c:\temp\365\O365visioLicenseOctober.csv
what powershell script I can get to export all the users from the group which contains "E3.
As Abraham suggested, first get the groups with names starting with 'AZ-APP-Office 365 E3'.
Then use a loop to get the info you need:
Get-ADGroup -Filter "Name -like 'AZ-APP-Office 365 E3*'" | ForEach-Object {
$group = $_.Name
$_ | Get-AdGroupMember -Recursive |
Where-Object {$_.objectClass -eq "user"} |
# Get-ADUser returns these properties by default:
# DistinguishedName, Enabled, GivenName, Name, ObjectClass, ObjectGUID, SamAccountName, SID, Surname, UserPrincipalName
# so only ask for the extra attributes with parameter '-Properties'
Get-ADUser -Properties DisplayName, EmailAddress, Manager, Department |
Select-Object #{Name = 'Group'; Expression = {$group}},
DisplayName,SamAccountName,UserPrincipalName,EmailAddress,Manager,Department,Enabled
} | Export-Csv -Path 'c:\temp\365\O365visioLicenseOctober.csv' -NoTypeInformation
I've been looking online for ways of doing this and I'm at a loss here. I'm looking for a way to look up a particular user within a particular group in AD through powershell. Here's what I've tried.
(Get-ADUser userName –Properties MemberOf).MemberOf
I get a bunch of groups
(Get-ADGroupMember "groupname").name
I get a bunch of usernames
I tried this command but it's taking forever to get results.
(Get-ADGroupMember 'groupname' | Get-ADUser -Property DisplayName | Where-Object { $_.Name -eq 'username'})
Is there a way where I can get a command that both fast and efficient. I'm also looking for their email address and surname and last name.
Thanks in advance
As commented, it is best not use the Name property, but if you have it use the SamAccountName or DistinguishedName of the user you seek to rule out ambiguous names.
$user = Get-ADGroupMember -Identity 'GroupName' |
Where-Object { $_.objectClass -eq 'user' -and $_.SamAccountName -eq 'userSamAccountName' } |
Get-ADUser -Properties DisplayName, EmailAddress, GivenName, Surname # add more properties if you need them
# display the user object on screen
$user
Or do this way:
$user = $null
$member = Get-ADGroupMember -Identity 'TheGroupName' |
Where-Object { $_.objectClass -eq 'user' -and $_.SamAccountName -eq 'TheuserSamAccountName' }
if ($member) {
# add more properties if you need them
$user = Get-ADUser -Identity $member.DistinguishedName -Properties DisplayName, EmailAddress, GivenName, Surname
}
else {
Write-Host "User 'TheuserSamAccountName' is not a member of group 'TheGroupName'"
}
# display the user object on screen
$user
The resulting $user object will also contain these properties:
DistinguishedName, Enabled, Name, ObjectClass, ObjectGUID, SamAccountName, SID, UserPrincipalName
If you don't need all of these properties simply filter them out using
$user | Select-Object DisplayName, EmailAddress, GivenName, Surname
I need to get the following into a CSV:
Groups with fields: group name, group SID, group email address, group type
and then for each of the above groups i need the member users with the fields: group name (I know that's a repeat), userID, user firstname, userlastname, user email.
If someone has a solution for this I will be forever grateful. The solution will be something I can study and learn from so thanks again.
I have the two pieces separately but am stuck at that point
Get-ADGroup -Filter * -Properties Member |
select Name, DistinguishedName, sid, GroupCategory, GroupScope,
#{Name="Members";Expression={($_.Members | Measure-Object).Count}} |
Out-GridView
#Export-Csv c:\rmm-mgmt\test.csv
I don't understand why the user details can't just be added as well.
For the users I'm using:
Get-ADUser -Filter * -Properties * |
Select-Object name, surname, givenname, displayname, emailaddress |
Out-GridView
(Using Out-GridView to check results before I begin exporting)
As you can see these are two pieced of information I can get but can't put them together. One example is I can't get the list of members in groups.
You have to use ForEach-Object and assign the group to a named variable so you can access it where you format each member. Then pipe $_.Member into Get-ADUser:
Get-ADGroup -Filter * -Properties Member | ForEach-Object {
$group = $_
$_.Member | Get-ADUser -Properties Surname,GivenName,DisplayName,EmailAddress |
Select #{N = "Group Name";E = {$group.Name}}, Surname, GivenName, DisplayName, EmailAddress
} | Out-GridView
I'm not quite clear on the exact output formatting you are looking for but I believe something like this should work for what you are attempting to do.
# Create an empty array we will add our custom objects to.
$outputObjs = #()
# Get all the AD groups.
$groups = Get-ADGroup -Filter * -Properties Member |
select Name, DistinguishedName, sid, GroupCategory, GroupScope |
select -First 40
# Iterate the groups capturing the members of each group.
foreach ($group in $groups) {
$groupMembers = Get-ADGroupMember -Identity $group.Name |
? { $_.objectClass -eq "user" } |
% { Get-ADUser $_.SamAccountName } |
select name, surname, givenname, displayname, emailaddress
# Get the group member count
$memCount = 0
if ($groupMembers) { $memCount = $groupMembers.Count; }
else { $memCount = 0 }
# Iterate through the group members creating a custom object and adding it to our object array.
foreach($member in $groupMembers) {
$outputObjs += New-Object -TypeName psobject -Property (#{
'Group Name' = $group.Name;
'Group DN' = $group.DistinguishedName;
'Group SID' = $group.SID;
'Group Category' = $group.GroupCategory;
'Group Scope' = $group.GroupScope;
'Group Member Count' = $memCount
'User Name' = $member.name;
'User Surname' = $member.surname;
'User Given Name' = $member.givenname;
'User Display Name' = $member.displayname;
'User Email Address' = $member.emailaddress
})
}
}
# Convert the object array to a CSV.
$outputObjs | ConvertTo-Csv -NoTypeInformation
Your CSV would look like this
"Group Name","User Surname","User Given Name","Group Member Count","User Email Address","Group SID","User Name","Group Category","Group DN","User Display Name","Group Scope"