I want 1 list with all users there are member of 2 (both) identity.
I have used this, but it returns first all users in the first identity and then the next identity.
$groups = "SMSxxx", "Personalxxxx"
$results = foreach ($group in $groups) {
Get-ADGroupMember $group | select samaccountname, name, #{n='GroupName';e={$group}}, #{n='Description';e={(Get-ADGroup $group -Properties description).description}}
}
$results
$results | Export-csv C:\Temp\GroupMemberShip.txt -NoTypeInformation
Best regards,
Peter
You can continue with your current logic and use Group-Object to find users that exist in all groups.
$groups = "SMSxxx", "Personalxxxx"
$results = foreach ($group in $groups) {
$description = (Get-ADGroup $group -Properties description).description
Get-ADGroupMember $group | select SamAccountName,Name,#{n='GroupName';e={$group}}, #{n='Description';e={$description}}
}
$results | Group-Object SamAccountName |
Where Count -eq $groups.Count | Select -Expand Group |
Export-csv C:\Temp\GroupMemberShip.csv -NoTypeInformation
Related
So im trying to return a report that will list each user and each group they are in using -Filter "name-like 'BLAH'"
the user may be apart multiple "BLAH" groups but no more than 3. How can i get an output like?
Member | Group1 | Group2 | Group3
I tried the below but not quite what i need
$adgroups = Get-ADGroup -Filter "name -like '*BLAH*'" | sort name
$data = foreach ($adgroup in $adgroups) {
$members = $adgroup | get-adgroupmember |select name| sort name
foreach ($member in $members) {
[PSCustomObject]#{
Members = $member
Group = $adgroup.name
}
}
}
This is what i get when using #Adam Luniewski solution
Try this:
$adgroups = Get-ADGroup -Filter "name -like '*BLAH*'" | Sort-Object Name
$data = ForEach ($adgroup in $adgroups){
$adgroup | get-adgroupmember | Select-Object #{n='Members';e={$_}},#{n='Group';e={(Get-ADUser $_.SamAccountName -Properties MemberOf).MemberOf}}
}
Here Get-ADUser is used to retrieve user group memberships (first said #Olaf) then I used calculated properties to format the output.
This should work. Just watch out if you have StrictMode set in your script, it might throw an error if $usrgrp count is less than 3, then you'd have to modify this part.
# get a list of all users and groups in two columns
$dat = #(Get-ADGroup -Filter "name -like '*BLAH*'" -PipelineVariable group | Get-ADGroupMember | select #{n='UserName';e={$_.name}},#{n='GroupName';e={$group.name}})
# for each user in a list add group fields
$dat | select UserName -Unique | ForEach-Object {
$usrgrp = #($dat | where username -eq $_.UserName | sort GroupName);
[pscustomobject]#{
UserName=$_.Username;
Group1=$usrgrp[0].GroupName;
Group2=$usrgrp[1].GroupName;
Group3=$usrgrp[2].GroupName;
};
}
I have this script that extracts the users that belong to the groups I need.
$GroupList = Get-Content C:\Scripts\grouplist.txt
$Results = foreach ($Group in $GroupList) {
$Description = Get-ADGroup -Identity $Group -Properties Description | Select-Object -ExpandProperty Description
Get-ADGroupMember -Identity $Group |
Select-Object -Property SamAccountName, Name, #{Name='GroupName';Expression={$Group}}, #{Name='Description';Expression={$Description}}
}
$Results
$Results | Export-csv -Path C:\Scripts\SecurityGroups.csv -NoTypeInformation
The problem is that I only need users in the enabled state.
And I can't. Could you help me please?
Thanks.
As mentioned per the comments you can use the Get-Aduser cmdlet after you populated your results. Here you have to filter out groups, otherwise the cmdlet will throw exceptions for every group.
$results = #()
foreach ($group in $grouplist) {
$description = (Get-ADGroup $group -Properties description).description
$members = Get-ADGroupMember $group | ?{$_.objectClass -eq "user"} | % {Get-ADUser $_ -Properties enabled}
$results += $members | ? {$_.Enabled -eq $true } | select samaccountname, name, #{name='groupname';expression={$group}}, #{name='description';expression={$description}}
}
Alternatively, you can use LDAP-filters. This option is noticeably faster since you only make one request per group, not one per user.
$results = #()
foreach ($group in $grouplist) {
$group = Get-ADGroup $group -Properties description
$members = Get-ADUser -LDAPFilter "(&(memberof=$($group.DistinguishedName))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))"
$results += $members | select samaccountname, name, #{name='groupname';expression={$group}}, #{name='description';expression={$group.description}}
}
With LDAP-filters you could also request members of multiple groups at once, but since you want the context in which group a user was found this is not an option here..
The code below is supposed to count and compare user and output the total count, but somehow the result is empty. What do I need to do to fix it?
$groups = $A_group, $B_Group
$gm = #()
foreach ($group in $groups) {
$gm += Get-ADGroupMember $group -Recursive |
`where {$_.objectclass -eq 'user'} |`
' select SamAccountName'
}
($gm.samaccountname | Select -Unique).Count
Write-Output total: ($gm.samaccountname | Select -Unique).Count
You can do this in a much more powershell-esque way.
$groups = $A_group, $B_Group
$uniqueMemberCount = $groups |
Get-ADGroupMember -Recursive |
Where-Object {$_.objectClass -ieq "user"} |
Select-Object -Unique |
Measure-Object |
Select-Object -ExpandProperty Count
Write-Output "Total: $uniqueMemberCount"
I think you want to count of the unique members of two groups:
$aGroup = #('a','b','c')
$bGroup = #('b','c','e','f')
(Compare-Object $aGroup $bGroup -IncludeEqual).count
The following PowerShell script generates a CSV file with three columns (Group, User, SAMAccountName) that associates each instance of a given distribution group with a respective member:
$dist = ForEach ($group in (Get-DistributionGroup -Filter {name -like "*"})) { Get-DistributionGroupMember $group | Select #{Label="Group";Expression={$Group.Name}},#{Label="User";Expression={$_.Name}},SamAccountName} $dist | Sort Group,User | Export-CSV c:\scripts\file.csv -NoTypeInformation
It affords the user a convenient way to filter the groups and display group members. My question: Is there a quick way to modify this script so that it adds a fourth column that displays a property of the groups (specifically, the "HiddenFromAddressListsEnabled" property)?
Just add it to the Select-Object portion
$dist = ForEach ($group in (Get-DistributionGroup -Filter {name -like "*"})) { Get-DistributionGroupMember $group | Select #{Label="Group";Expression={$Group.Name}},#{Label="User";Expression={$_.Name}},SamAccountName,HiddenFromAddressListsEnabled} $dist | Sort Group,User | Export-CSV c:\scripts\file.csv -NoTypeInformation
See it after the SamAccountName
To Get the HiddenFromAddressListsEnabled for the Groups:
$dist = ForEach ($group in (Get-DistributionGroup -Filter {name -like "*"})) { Get-DistributionGroupMember $group | Select #{Label="Group";Expression={$Group.Name}},#{Label="User";Expression={$_.Name}},SamAccountName,{$Group.HiddenFromAddressListsEnabled}} $dist | Sort Group,User #| Export-CSV c:\scripts\file.csv -NoTypeInformation
However, There's another way to do it, and easier to read and manipulate:
$Array = #()
$Groups = Get-DistributionGroup
Foreach ($Group in $Groups)
{
$DGMembers = Get-DistributionGroupMember $Group
Foreach ($Member in $DGMembers)
{
$Result = "" | Select GroupName,Member,SamAccountName,HiddenFromAddressListsEnabled
$Result.GroupName = $Group.Name
$Result.Member = $Member.Name
$Result.SamAccountName = $Member.SamAccountName
$Result.HiddenFromAddressListsEnabled = $Group.HiddenFromAddressListsEnabled
$Array += $Result
}
}
$Array | Export-CSV c:\scripts\file.csv -NoTypeInformation
I have a requirement to generate a CSV report to get group members. However, I there are many child domains which contains groups starting with ADM.
I need report in the following format:
GroupName User Company LasLogon CN
ADM_AM UserOne CP1
I've found one script on internet:
Get-ADGroup -Server dc1.chd1.pd.local -Filter 'Name -like "ADM*"' |
ForEach-Object{
$hash=#{GroupName=$_.Name;Member=''}
$_ | Get-ADGroupMember -ea 0 -recurs |
ForEach-Object{
$hash.Member=$_.Name
New-Object psObject -Property $hash
}
} |
sort groupname,member
This script only gives me GroupName and UserName but not other information.
How can I generate this report?
I'm not sure what "ADM_AM, UserOne, CP1" is, but i got this much for you. I'm still new to powershell so forgive me if this is a lot of code =)
$array = #()
Foreach ($group in (Get-ADGroup -Server dc1.chd1.pd.local -Filter 'Name -like "ADM*"'))
{
$hash=#{Username ='';GroupName=$group.Name;Company='';LastLogon='';CN=''}
$members = $hash.GroupName | Get-ADGroupMember -Recursive -ErrorAction SilentlyContinue
Foreach($member in $members)
{
$properties = $member.SamAccountName | Get-ADUser -Properties SamAccountName, Company, lastLogon, CN
$hash.Username = $properties.SamAccountName
$hash.Company = $properties.Company
$hash.LastLogon = $properties.lastLogon
$hash.CN = $properties.CN
$obj = New-Object psObject -Property $hash
$array += $obj
}
}
$array | Export-Csv C:\ -NoTypeInformation
Here is what I would do, Im sure you can shorten it. You shoud specify a searchbase. Once you have the members samaccountname, you can use Get-ADUser to get whatever fields you want.
$GrpArr = #()
$Groups = get-adgroup -filter {name -like "adm*"} -searchbase "ou=Groups,dc=all,dc=ca" | select samaccountname
foreach ($group in $groups)
{
$GrpArr += $group
$members = get-adgroupmember $group | select samaccountName
foreach ($member in $members)
{
$memprops = get-aduser $member -properties company
$comp = $memprops.company
$grpArr += "$member,$comp"
}
}
$grpArr | export-csv c:\temp\Groups.csv -NoTypeInformation