Hope you can help. Very new to PS, so please be patient :)
I have a problem with the script below. If I put the Out-File command on line 6, the results are printed in the powershell screen, but the txt file is blank. If I put the Out-File command at the end of Line 3, the text file is populated, but it doesn't output the results in the powershell window.
I'd like it to do both.
Frustrating :(
import-module activedirectory
$username = Read-Host 'Please enter Username!'
Get-ADPrincipalGroupMembership $username | Get-ADGroup -Properties * | select name, description | Format-Table -Wrap -AutoSize
$wsh = New-Object -ComObject Wscript.Shell
$wsh.Popup("List has been saved to C:\Group_List.txt")
Out-File C:\Group_List.txt
Read-Host -Prompt "Press Enter to exit"
First of all, you do not capture the results from the Get-ADPrincipalGroupMembership cmdlet anywhere and just send it out to screen using Format-Table.
Secondly, the output does not show the user that is a member of these groups, so if you are typing another user, the file would not reveal for which user these groups are valid..
Finally, insert a test to check if the inputted username actually is an existing user.
I would go for outputting a CSV file you can simply open in Excel. Something like this:
Import-Module activedirectory
$outFile = 'C:\Group_List.csv'
$username = Read-Host 'Please enter Username!'
# do some error checking to see if this is an existing user
$user = Get-ADUser -Filter "SamAccountName -eq '$username'" -ErrorAction SilentlyContinue
if ($user) {
$groups = Get-ADPrincipalGroupMembership -Identity $user.DistinguishedName |
Get-ADGroup -Properties Description | ForEach-Object {
# output an object with properties you need
[PsCustomObject]#{
User = $username
Group = $_.Name
Description = $_.Description
}
}
# show on screen
$groups | Format-Table -Wrap -AutoSize
# write to CSV file
$groups | Export-Csv -Path $outFile -UseCulture -NoTypeInformation
$wsh = New-Object -ComObject Wscript.Shell
$wsh.Popup("List has been saved to $outFile")
# clean up COM object after use
$null = [System.Runtime.Interopservices.Marshal]::ReleaseComObject($wsh)
[System.GC]::Collect()
[System.GC]::WaitForPendingFinalizers()
}
else {
Write-Warning "User $username does not exist.."
}
You can use Tee-Object (inspired by the classic tee unix command-line tool) to fork an input stream into a variable or to a file on disk! If you want to write the formatted table to file as-is, simply tack it onto the end of the pipeline expression that outputs to the screen (you can skip the select command, Format-Table also takes a property list)
Get-ADPrincipalGroupMembership $username | Get-ADGroup -Properties description | Format-Table -Property name,description -Wrap -AutoSize | Tee-Object -FilePath C:\Group_List.txt
If the output file is intended for later consumption by another computer/program, I would change strategies and export to a CSV file instead. To capture the data and output to both, we can assign the results of the initial query to a variable and then output twice in separate statements:
$groupsWithDescription = Get-ADPrincipalGroupMembership $username |Get-ADGroup -Properties description |Select-Object Name,Description
# Output to screen, format as table
$groupData |Format-Table -Wrap -AutoSize
# Output to file, export data as CSV
$groupData |Export-Csv -Path C:\Group_List.txt -NoTypeInformation
Try adding the outfile command after your "Get-ADPrincipalGroupMembership".
Should look something like this.
Get-ADPrincipalGroupMembership $username | Get-ADGroup -Properties * | select name, description | Format-Table -Wrap -AutoSize| Out-File -FilePath $path
Using export-csv
`$result | export-csv -Path $csvFileName -NoTypeInformation`
Related
Sorry, i'm noob for powershell, but want to automate the following:
Got a powershell script:
import-module ActiveDirectory
$username = Read-Host 'Please enter Username!'
Get-ADPrincipalGroupMembership $username | Get-ADGroup -Properties * | select name, description
When run script i enter the username and it give me a list which group the user is member of.
I had a big 50-100 list user list which obtained with Get-aduser -filter * -properties Name | select-object Name | out-file -filepath .\userlist.txt command and saved to a text file.
Is there any way to read every user 1 by 1 and auto fill the username field, then save the output to a text file? when finished with the 1st, script rerun and read the next value.
Is that possible?
Thank you
Here's a few snippets to help you put together what you need.
Get all users from a file containing only usernames
[string[]]$allUsers = Get-Content -Path '.\FileWithUsernames.txt'
Get all active users from AD
[string[]]$allUsers = Get-AdUser -Filter "enabled -eq 'True'" | Select-Object -ExpandProperty 'SAMAccountName'
Loop through users getting the users' group info / doing something with it
foreach ($user in $allUsers) {
Get-AdUser -Identity $user -Properties 'memberof' |
Select-Object -ExpandProperty 'memberof' |
ForEach-Object {
([PSCustomObject]#{ Username=$user; GroupDN = $_})
} |
Export-Csv -Path '.\AllActiveUsersGroups.csv' -Append -Delimiter ',' -Encoding 'Utf8' #-NoTypeInformation #only include the -notypeinfomrmation parameter if using PS rather than PWSH)
}
I've got a simple script that works, takes in a list of user Ids and outputs a CSV with their Id, Enabled True / False, and their name. I'm trying to figure out how I can wrap into it a test where if a user is not found based on the Id in the input file, my output will include a "User [Id] is purged." or something similar.
I've been playing around but I'm not sure if I'm going to have to change my output plan to incorporate something like that. Here's what I have working, minus the check for if nothing found, write a message.
Get-Content $ENV:USERPROFILE\desktop\testusers.txt | ForEach {
Get-ADUser -Filter "SamAccountName -eq '$_'" -Properties SamAccountName,Enabled,Name |
Select SamAccountName,Enabled,Name
} | Export-CSV -path $ENV:USERPROFILE\desktop\output.csv -NoTypeInformation
If I understand correctly, you want to store users Get-ADUser cannot find as error in the output csv too.
In that case, simply try to get the user but swallow error messages and use an if{..} else {..} construct where in both cases you output objects with the same properties:
Get-Content "$env:USERPROFILE\desktop\testusers.txt" | Where-Object { $_ -match '\S' } | ForEach-Object {
$user = Get-ADUser -Filter "SamAccountName -eq '$_'" -ErrorAction SilentlyContinue
if ($user) {
# output the properties you need in the csv
$user | Select-Object SamAccountName, Enabled, Name
}
else {
# user does not exist; output a similar object with the error
[PsCustomObject]#{
SamAccountName = "User '$_' does not exist"
Enabled = $null
Name = $null
}
}
} | Export-CSV -path "$env:USERPROFILE\desktop\output.csv" -NoTypeInformation
This will display a warning for those users that could not be found.
Note, -Properties SamAccountName,Enabled,Name is not needed in this case, the 3 properties are default properties of the cmdlet.
$dom = (Get-ADRootDSE).defaultNamingContext
Get-Content $ENV:USERPROFILE\desktop\testusers.txt | ForEach-Object {
if([string]::IsNullOrWhiteSpace($_)){
continue # go to next iteration if this element is just white space
}
$usr = Get-ADUser -Filter "SamAccountName -eq '$_'" | Select SamAccountName,Enabled,Name
if(-not $usr){
Write-Warning "$_ could not be found on $dom"
continue
}
$usr
} | Export-CSV -path $ENV:USERPROFILE\desktop\output.csv -NoTypeInformation
I have a CSV file containing the samaccount name of some users.
From this list, I want to export the properties of these users to a CSV file.
Kindly share the simplest possible way to do so in Windows Powershell ISE.
I have tried this :
Import-ModuleActiveDirectory
Import-CSV C:\scripts\list.csv | ForEach{Get-ADUser -Identity $samaccountname-Filter*-Properties*|export-csv c:\ADusers.csv
}
Thank you!
You didn't show us the first couple of lines of the CSV file.
A proper CSV file has multiple fields and a header line like this:
"AccountName","EmailAddress"
"doe","john.doe#example.com"
"kent","clark.kent#example.com"
If this is the case, do:
Import-ModuleActiveDirectory
$userProperties = 'GivenName', 'SurName', 'Initials'
Import-Csv -Path "C:\Scripts\List.csv" | ForEach-Object {
$user = Get-ADUser -Filter "SamAccountName -eq '$($_.AccountName)'" -Properties $userProperties -ErrorAction SilentlyContinue
if ($user) {
$user | Select-Object -Property $userProperties
}
} | Export-Csv "C:\ADUsers.csv"
If the file you load only has SamAccountNames each listed on a new line, then this is not a CSV file and you should use:
Import-ModuleActiveDirectory
$userProperties = 'GivenName', 'SurName', 'Initials'
Get-Content -Path "C:\Scripts\List.csv" | ForEach-Object {
$user = Get-ADUser -Filter "SamAccountName -eq '$_'" -Properties $userProperties -ErrorAction SilentlyContinue
if ($user) {
$user | Select-Object -Property $userProperties
}
} | Export-Csv "C:\ADUsers.csv"
As you can see, I'm not using the -Identity parameter here, because in case a user with that SamAccountName is not found, an exception is thrown.
This way, output is only generated when the user actually exists.
Also, it is a bad idea to use -Properties * when you only want some of the properties returned.
Hope that helps
if you wanna do this in the ISE, you probably dont need/want to use oneliner for that.
I would suggest to import the CSV first, and then run foreach.
$list = Import-CSV -path $filePath
$result = New-Object System.Collections.ArrayList
foreach ($name in $list){
$adUser=Get-ADUser -Identity $name
$result += $adUser
}
From here, you can start thinking of error handling etc.
This will help you:
Import-ModuleActiveDirectory
Import-CSV -Path "C:\Scripts\List.csv" | Foreach {
Get-ADUser -Identity $_ -Filter * -Properties *
} | Export-CSV "C:\ADUsers.csv"
Your code was not working because $samaccountname was empty and blank not containing the username. So I replaced it with the automatic variable $_
Put each SamAccountName on its own line in the list file.
Example:
user1
user2
user3
Change list.csv to a text file (list.txt) and try this:
$username = Get-Content "C:\scripts\list.txt"
ForEach($user in $username){
Get-ADUser -Identity $user | Select GivenName,Surname,Initials | Export-CSV -Path "C:\ADUsers.csv"
}
I have this script that reads samaccountnames from a file and outputs the name of the user with its membership information. However, the output file only shows the last record. It seems that my code is overwriting the previous record. What am I missing? Thank you so much.
ForEach ($user in $(Get-Content -Path C:\MyScripts\UsersInput.csv))
{
$username = Get-ADUser –Identity $user -Properties *
Get-ADPrincipalGroupMembership $user | select $username.DisplayName, name |
export-csv "C:\MyScripts\UsersAndTheirADGroups.csv" -NoTypeInformation
}
Export-Csv has an -append parameter, so you could use that. ie it would append to the csv file with every iteration of the loop. You would need to make sure the file didn't exist before you start the loop or it would just get bigger and bigger each time you ran the code.
Another way it to add the items to an object and then export that at the end. ie $username += Get-ADUser......
You are reading a CSV file using Get-Content. This lets me think the file is simply a list of user SamAccountNames, each on a separate line. No headings.
Something like this perhaps:
jdoe
jsmith
If that is the case, read the input file like this:
$users = Get-Content -Path 'C:\MyScripts\UsersInput.csv'
To get an array of user SAMAccountnames.
If however it is a proper CSV file with headers, looking something like this:
"SamAccountName","Email","More","Stuff"
"jdoe","john.doe#yourdomain.com","blah","blah"
"jsmith","jane.smith#yourdomain.com","blah","blah"
Then you should use the Import-Csv cmdlet to get the entries as objects and obtain an array of SamAccountNames from that:
$users = Import-Csv -Path 'C:\MyScripts\UsersInput.csv' | Select-Object -ExpandProperty SamAccountName
Once you have that array, loop through it and get the group membership info for each user
Untested
$result = foreach ($accountName in $users) {
Get-ADUser –Identity $accountName -Properties DistinguishedName, DisplayName |
Select-Object #{Name = 'User'; Expression = {$_.DisplayName}},
#{Name = 'Groups'; Expression = { ( $_ | Get-ADPrincipalGroupMembership | Select-Object -ExpandProperty name) -join ', '}}
}
$result | Export-Csv "C:\MyScripts\UsersAndTheirADGroups.csv" -NoTypeInformation
You are indeed overwriting the code ForEach user. You included Export-Csv in the ForEach. Instead export the whole array that ForEach creates:
ForEach ($user in $(Get-Content -Path C:\MyScripts\UsersInput.csv))
{
$username = Get-ADUser –Identity $user -Properties *
Get-ADPrincipalGroupMembership $user | select $username.DisplayName, name
} | export-csv "C:\MyScripts\UsersAndTheirADGroups.csv" -NoTypeInformation
Hi all can someone help me understand why the resulting exported file does not contain any information. For each ISID (the ackronym for my setup's log in name) in the imported .csv file, I want to find the corresponding samAccountName and export the listed properties...
Add-PSSnapin Quest.ActiveRoles.ADManagement
connect-qadservice US2.k.com -proxy
$groupName = Import-csv c:\ExportDL\LockedAccounts.csv
write-host "This window will close when done"_ADmembers.csv" will be created" -ForegroundColor Green
ForEach ($ISID in $groupName) {
get-qaduser -ldapfilter "(&(objectCategory=person)(objectClass=user)(samaccountname=$ISID))"
-includedproperties samAccountName,accountExpires,edsvaParentCanonicalName,edsaAccountIsDisabled,passwordLastset,department,manager,distinguishedName,displayName |
select edsvaParentCanonicalName,displayName,samAccountName,name,edsaAccountIsDisabled,logonName,
lastName,firstName,manager,accountExpires,passwordLastset |
export-csv C:\ExportDL\LockedAccounts_ADmembers.csv
}
My apologies for the bad indentation. I cant figure the four spaces code block out :(
This should work, but will be interesting know the content of LockedAccounts.csv file:
Add-PSSnapin Quest.ActiveRoles.ADManagement
connect-qadservice US2.k.com -proxy
$groupName = Import-csv c:\ExportDL\LockedAccounts.csv
write-host "This window will close when done"_ADmembers.csv" will be created" -Fore Green
( $groupName | select -expa ISID | get-qaduser -includedproperties samAccountName,accountExpires,ParentCanonicalName,
AccountIsDisabled,passwordLastset, department,manager,distinguishedName,displayName |
select ParentCanonicalName,displayName,samAccountName,name,AccountIsDisabled,logonName,
lastName,firstName,manager,accountExpires,passwordLastset ) |
export-csv C:\ExportDL\LockedAccounts_ADmembers.csv -NoTypeInformation
If the ISID column contains sAMAccountName there is not need for a ldap query, the QADs command accept it as input via pipe or for -identity parameter