I am trying to get list of AD groups a user is part of and I have a script that works. But I need to show it in a different manner. Currently the script shows a record in one line with username and then multiple group names in the next cell delimited by a semi-colon.
I would like it in a way that all groups are in each seperate row and the username gets repeated.
Example:
DavidChow - Server Admin Group
DavidChow - Desktop Admin Group
DavidChow - Azure Admin Group
NinaChow - Desktop User Group
This is my script:
$UnameList= Import-Csv C:\temp\users_full_list.csv
ForEach ($username in $UnameList){
$groups=Get-ADPrincipalGroupMembership -Identity $username.Identity | select -expand name
$data = [PSCustomObject]#{
samaccountname = $username.Identity
count = $groups.count
memberOf = ($groups -join ';')}
Write-Output $data | Export-Csv C:\Temp\users_full_list_memberships.csv -Delimiter ";" -NoTypeInformation -Append
}
You could create a "data" object for each group of each user, and then export all to CSV at the end:
Import-Csv C:\temp\users_full_list.csv | foreach {
$identity = $_.Identity
Get-ADPrincipalGroupMembership -Identity $identity | foreach {
[PSCustomObject]#{
SamAccountName = $identity
GroupName = $_.Name
}
}
} | Export-Csv C:\Temp\users_full_list_memberships.csv -Delimiter ";" -NoTypeInformation
Related
I have a list of 800+ users that I would like to get a list of each user's AD groups and then output the user's name(samAccountName in my file) and their groups to a file.
I have tried the following code, but it does not put the Account name, and is not parsing all of the entries in the file - I have 9 entries, I get a text file with 5 groupings of groups.
The code I am using:
$users = Get-Content C:\scripts\vendors.txt
ForEach ($User in $users) {
Get-ADPrincipalGroupMembership $user | select $user.samaccountname |Select Name | Sort Name | ft #{L='Current Groups';E={$PSItem.Name}} -AutoSize | Out-File -append c:\scripts\vendorlog.txt
}
You already know how to get a user's membership via Get-ADPrincipalGroupMembership, seems like you only need help with enumerating each group and then merging that output with the user being processed, for that you can use PSCustomObject to instantiate and output new objects, then that output can be captured and exported to CSV with Export-Csv.
Get-Content C:\scripts\vendors.txt | ForEach-Object {
try {
foreach($group in Get-ADPrincipalGroupMembership $_) {
[pscustomobject]#{
UserName = $_
MemberOf = $group.Name
}
}
}
catch {
Write-Warning $_
}
} | Export-Csv path/to/myExport.csv -NoTypeInformation
I'm looking to export some data, in particular an AD user along with their AD groups.
My current code:
$users = import-csv -path C:\path
foreach ($user in $users) {
$user | select name,SamAccountName | ft
Get-ADPrincipalGroupMembership $user.samaccountname | select name
#export-csv -path C:\path-NoTypeInformation -Append
}
The issue i'm having is whenever I try to export this information i'm only exporting the group output whereas I need the username to see who these groups actually belong to.
Perhaps there's a better method to achieve this?
You may want to use Select-Object to sort of "bind" the information together with a couple of calculated properties referencing the current $user's properties:
foreach ($user in $users) {
Get-ADPrincipalGroupMembership $user.samaccountname |Select Name,#{Name='User';Expression={$user.Name}},#{Name='SAMAccountName';Expression={$user.SAMAccountName}} |Export-Csv -Path C:\path -NoTypeInformation -Append
}
If you want to group the output in the shell by user name but only display the group name, you can use Format-Table Name -GroupBy User:
# collect the information
$groupMemberships = foreach ($user in $users) {
Get-ADPrincipalGroupMembership $user.samaccountname |Select Name,#{Name='User';Expression={$user.Name}},#{Name='SAMAccountName';Expression={$user.SAMAccountName}}
}
# format console output
$groupMemberships |Format-Table Name -GroupBy User
# export
$groupMemberships |Export-Csv -Path C:\path -NoTypeInformation -Append
I have the following working script:
# This script Extracts , Active Drirectory Groups the user is currently a memeber-of
$users = Get-Content "C:\powershell\Permmisions\users.txt"
foreach ($user in $users){ Get-ADPrincipalGroupMembership $user | select name | Out-File C:\Powershell\1.csv }
The problem is, Each line containing a group name, in the created CSV file,
Contain extra spaces charcters which i have to delete. is there a way to extract the following information to CSV or TXT , without the extra spaces i get?
Thanks.
You just need to substitute out-file with export-csv as below:
# This script Extracts , Active Drirectory Groups the user is currently a memeber-of
$users = Get-Content "C:\powershell\Permmisions\users.txt"
foreach ($user in $users){
Get-ADPrincipalGroupMembership $user | select name | export-csv C:\Powershell\1.csv -notypeinfo -append
}
I need to export a list of all groups a user is assigned to. This command works fine for my needs:
Get-ADPrincipalGroupMembership username | select name | Export-Csv filepath
However I have to review about 100 users in my company, so I would like to to merge those CSVs in an Excel spreadsheet. My problem is that when I merge the CSVs, I just have a random list of AD groups.
A solution for this problem would be to export a CSV with two columns while column 1 consists of the AD username and column 2 of the AD groupname, eg.
User A | Group A; User A | Group B; User A | Group C
I already have figured out that this probably won't be possible with Get -ADPrincipalGroupMembership but unfortunately I haven't found any solution yet.
The format you're considering is terrible for both viewing and processing. Either build a list mapping the user to each group (one mapping per line)
$users = 'userA', 'userB', ...
foreach ($user in $users) {
$groups = Get-ADPrincipalGroupMembership $user |
Select-Object -Expand Name
$groups | ForEach-Object {
New-Object -Type PSObject -Property #{
'User' = $user
'Group' = $_
}
}
} | Export-Csv 'output.csv' -NoType
or join the list of groups with a secondary delimiter and map a user to all of its groups like that:
$users = 'userA', 'userB', ...
foreach ($user in $users) {
$groups = Get-ADPrincipalGroupMembership $user |
Select-Object -Expand Name
New-Object -Type PSObject -Property #{
'User' = $user
'Group' = $groups -join '|'
}
} | Export-Csv 'output.csv' -NoType
So Here is my code. Essentially this code will be used by a domain admin to run on our terminal server. I lists all of the currently logged in users, and check their individual group membership and then counts members. Easy Peasy.
99% of this works as expected but I am not a code guru by far. I'm having problems getting a proper list of names from Line 4 which uses quser. If I switch to using Line 5 as text the code works as expected.
I can't for the life of me get the output from line 4 into a format I can use in the rest of the code.
Import-Module ActiveDirectory
$calgary = 0
$edmonton = 0
$users = (quser) -replace '\s{2,}', ',' | ConvertFrom-Csv | Select-Object USERNAME
$usersold = "Thomas", "Scott", "jeremy"
$groups = 'Domain Admins'
foreach ($user in $users) {
foreach ($group in $groups) {
$members = Get-ADGroupMember -Identity $group -Recursive | Select -ExpandProperty SamAccountName
If ($members -contains $user) {
$calgary = $calgary + 1
Write-Host "$user is a member of $group"
Write-Host "$group has $calgary logged in users"
} Else {
Write-Host "$user is not a member of $group"
}
}
}
$users.GetType() returns an Array of elements of type PSCustomObject, so this is an object with properties, rather than just a list of strings.
When you do ($user in $users) then each $user is an object with the USERNAME property. So you have two options:
Access the USERNAME in the loop
When you need the username inside the loop, use $user.USERNAME
Get a list of strings rather than objects
Replace line 4 with:
$users = $((quser) -replace '\s{2,}', ',' | ConvertFrom-Csv | Select-Object USERNAME).USERNAME
On line 4, try using:
$users = ((quser) -replace '\s{2,}', ',' | ConvertFrom-Csv | Select-Object USERNAME).username
I think a better way to get a list of logged on users is to use Get-CimInstance to gather the sessions, filter for LogonType 3 (remote logon), and then get the users associated with those logon IDs. Then, since it looks like you want to be able to check multiple groups, I would get the members for each group, and just note if each user is a member of each group. At the end I would output a table of all sessions, including which groups each user is a member of, and how many users each group has logged on.
$LoggedOn = gcim Win32_LoggedOnUser
$GroupNames = 'pkiadmins'
$Groups = #{}
$GroupNames | ForEach-Object { $Groups.Add($_,(Get-ADGroupMember -Identity $_ -Recursive | Select -Expand SamAccountName)) }
$Sessions = gcim Win32_LogonSession -PipelineVariable Session|?{$_.LogonType -eq 3}|%{
$SesUser = $LoggedOn|?{$_.Dependent.LogonId -eq $Session.LogonId}
$SessionOut = [PSCustomObject]#{
Domain = $SesUser.Antecedent.Domain
User = $SesUser.Antecedent.Name
}
ForEach($Group in $GroupNames){
Add-Member -InputObject $SessionOut -NotePropertyName $Group -NotePropertyValue ($SessionOut.User -in $Groups[$Group])
}
If($SessionOut.User -notmatch '\$$'){$SessionOut} #skip computer accounts
}
$Sessions|FT -Auto
ForEach($Group in $GroupNames){
"Group '{0}' has {1} logged in user(s)" -f $Group,([array]($Sessions|?{$_.$Group})).Count
}