We Keep Coding

Getting canonical name for each members of the users via powershell

I want to get canonical name for each groups as well. how can I do that ?
Here is my script :
Get-ADUser -Filter {Enabled -eq $true} -Properties * | Select displayname ,#{Name="MemberOf";Expression={($_.MemberOf | %{(Get-ADGroup $_).sAMAccountName}) -Join ";"}} | Export-Csv -Path "c:\temp\users.csv" -NoTypeInformation -Encoding UTF8
My output :
"displayname","MemberOf"
"User01","Group01;Group02;Group03"
My desired output:
"displayname","MemberOf"
"User01","Group01;Contoso.com/OU1/OU2;Group02;Contoso.com/OU21/OU52;Group03;Contoso.com/OU1/OU21/OU22"

I agree with Mathias but this is how you can do it using the code you already have. Definitely recommend you to only call the properties that you need to query.
Get-ADUser -Filter {Enabled -eq $true} -Properties Displayname,MemberOf |
Select-Object Displayname,
#{
Name="MemberOf"
Expression={
# ($_.MemberOf | ForEach-Object{
# (Get-ADGroup $_ -Properties CanonicalName).CanonicalName
# }) -Join ";"
# You can pipe $_.MemberOf to Get-ADGroup, since it's an array of
# distinguishedNames it should work fine
($_.MemberOf | Get-ADGroup -Properties CanonicalName).CanonicalName -Join ";"
}
} | Export-Csv -Path "c:\temp\users.csv" -NoTypeInformation -Encoding UTF8
An alternative to that code, using a more classical approach:
$users = Get-ADUser -Filter {Enabled -eq $true} -Properties DisplayName
$result = foreach($user in $users)
{
$params = #{
LDAPFilter = "(member=$($user.DistinguishedName))"
Properties = "CanonicalName"
}
$membership = (Get-ADGroup #params).CanonicalName -join ";"
[pscustomobject]#{
DisplayName = $user.DisplayName
MemberOf = $membership
}
}
$result | Export-Csv -Path "c:\temp\users.csv" -NoTypeInformation -Encoding UTF8

First of all, you shouldn't be using Properties * when you only need two properties.
Then, the -Filter should be a string, not a scriptblock.
With just a small adaptation to your code, this should work:
Get-ADUser -Filter "Enabled -eq 'True'" -Properties DisplayName, MemberOf |
Select-Object DisplayName,
#{Name = "MemberOf"; Expression = {
($_.MemberOf | ForEach-Object {
($_ | Get-ADGroup -Properties CanonicalName).CanonicalName -Join ";" })
}
} |
Export-Csv -Path "c:\temp\users.csv" -NoTypeInformation -Encoding UTF8
Looking at your latest comment, I believe you want the group NAME joined with the canonicalname of the group as well.
You can do this like so:
Get-ADUser -Filter "Enabled -eq 'True'" -Properties DisplayName, MemberOf |
Select-Object DisplayName,
#{Name = "MemberOf"; Expression = {
$_.MemberOf | ForEach-Object {
$group = $_ | Get-ADGroup -Properties CanonicalName
'{0};{1}' -f $group.Name, ($group.CanonicalName -join ';')
}
}
} |
Export-Csv -Path "c:\temp\users.csv" -NoTypeInformation -Encoding UTF8

Powershell: List with ADusers - need groups the users are memberof

I have a list of users (their CN), and I want a list of the groups they are member of.
I already have a code which almost does the trick, but it shows as follows:
User1 - group1;group2
User2 - group1;group2;group3 etc...
Also, groups are shown as distinguished name (with container etc), so very long. I only want the name.
I want to show it as follows:
User1 - group1
User1 - group2
User2 - group1, etc
The code that shows the groups the users are member of, but not in the visual way i like is below:
Import-Csv -Path .\Input_CN.csv |
ForEach-Object {
$User = Get-ADUser -filter "CN -eq '$($_.CN)'" -properties memberof
[PSCustomObject]#{
SourceCN = $_.CN
MemberOf = $User.MemberOf -join ";"
}
} | Export-Csv -Path .\Output.csv -Delimiter ";" -NoTypeInformation
.\Output.csv
I have some other code that list the groups how I want, but I am unable to list it per user. And unable to combine it with the above code.
get-aduser -filter {cn -eq "Testuser"} -properties memberof |
Select -ExpandProperty memberof |
ForEach-Object{Get-ADGroup $_} |
Select -ExpandProperty Name
Thanks in advance :)

You could combine both code pieces like this:
Import-Csv -Path .\Input_CN.csv |
ForEach-Object {
$user = Get-ADUser -Filter "CN -eq '$($_.CN)'" -Properties MemberOf, CN -ErrorAction SilentlyContinue
foreach($group in $user.MemberOf) {
[PSCustomObject]#{
SourceCN = $user.CN
MemberOf = (Get-ADGroup -Identity $group).Name
}
}
} | Export-Csv -Path .\Output.csv -Delimiter ";" -NoTypeInformation
Edit
Although I have never seen an AD user to have no group membership at all (should have at least the default Domain Users in the MemberOf property), You commented that you would like to have a test for that aswell.
Import-Csv -Path .\Input_CN.csv |
ForEach-Object {
$user = Get-ADUser -Filter "CN -eq '$($_.CN)'" -Properties MemberOf, CN -ErrorAction SilentlyContinue
if (!$user) {
Write-Warning "No user found with CN '$($_.CN)'"
# skip this one and resume with the next CN in the list
continue
}
$groups = $user.MemberOf
if (!$groups -or $groups.Count -eq 0) {
[PSCustomObject]#{
SourceCN = $user.CN
MemberOf = 'No Groups'
}
}
else {
foreach($group in $groups) {
[PSCustomObject]#{
SourceCN = $user.CN
MemberOf = (Get-ADGroup -Identity $group).Name
}
}
}
} | Export-Csv -Path .\Output.csv -Delimiter ";" -NoTypeInformation

This is a bit clunky, but you can use nested loops:
Import-Csv -Path .\Input_CN.csv | ForEach-Object {
$user = Get-ADUser -filter "CN -eq '$($_.CN)'" -properties cn, memberof
$user | ForEach-Object {
$_.MemberOf |
ForEach-Object {
[PSCustomObject]#{
SourceCN = $user.CN
MemberOf = $_.split('[=,]')[1]
}
}
}
} | Where-Object {$null -ne $_.MemberOf} |
Export-Csv -Path .\Output.csv -Delimiter ";" -NoTypeInformation
UPDATE: Updated to show only the 'CN' part of the group name and to filter any users who are not a member of any group.

All in one line could be
Get-ADUser -filter {Enabled -eq $True} -Properties Name, Created | Select-Object Name, Created, #{Name="Groups";Expression={Get-ADPrincipalGroupMembership -Identity $_.SamAccountName | Where-Object {$_.GroupCategory -Eq 'Security'} | Join-String -Property Name -Separator ", "}}

Export csv of groups that are not members of some groups

Im exporting some users and groups that "are not member of". But Im having troubles with groups, I did it with users but I don't know how to do the same with group.
In this example I export users that are not members of that group.
$groups = 'GG_LCS_UsersType4', 'GG_LCS_UsersType3', 'GG_LCS_UsersType2', 'GG_LCS_SpecialUsers'
$whereFilter = $groups | Foreach-Object {
$g = (Get-ADGroup -server $domain $_).DistinguishedName
"{0} '{1}'" -f '$_.memberOf -notcontains',$g
}
$whereFilter = [scriptblock]::Create($whereFilter -join " -and ")
$users = (Get-ADUser -server $Domain -filter {objectclass -eq "user"} -properties memberof).where($whereFilter)
$users | Select-Object SamAccountName,Enabled |
Export-Csv "${Domain}_Users_withoutGG.csv" -NoTypeInformation -Encoding UTF8 -Append
So I want the groups too. Could you help me please?
Thank you!

Technically, you should be able to just add a Get-ADGroup command at the end of the posted code and then export the desired data.
$FilteredGroups = (Get-ADGroup -Server $Domain -Filter * -Properties MemberOf).where($whereFilter)
$FilteredGroups | Select-Object SamAccountName |
Export-Csv "groups.csv" -NoTypeInformation -Encoding UTF8 -Append

format write-output in powershell comma separated

I've got a simple powershell script that searches for users that are in a group containing 'www*'. I'd like the output if possible to be
samAccountName,Group
How would I go about doing that in powershell?
$groups = Get-AdGroup -Properties * -filter * | Where {$_.name -like "www*"}
$output =
Foreach($g in $groups)
{
write-output $g.Name
write-output "----------"
get-adgroupmember -Identity $g | select-object -Property SamAccountName
}
$output | out-file -FilePath C:\Users\myuser\desktop\test3.txt -Append

Try this:
$groups = Get-AdGroup -Properties * -filter * | Where {$_.name -like "www*"}
$output =
Foreach($g in $groups)
{
write-output $g.Name
write-output "----------"
get-adgroupmember -Identity $g | select-object SamAccountName,#{Name="Group";Expression={$g.Name}}
}
$output | Export-Csv -NoTypeInformation -Path C:\Users\myuser\desktop\test3.txt -Append

Powershell - Append Group Name and Members

I am trying to write a script that will create a CSV file with the name of the group and its members. My script fails with the error:
The appended object does not have a property that corresponds to the following column
I am sure it is a simple mistake and I'd bang away at it but I need the data quickly.
$SearchBase = "OU=Groups,DC=domain,DC=local"
$SPGroups = Get-ADGroup -filter * -SearchBase $SearchBase | select name
Foreach ($i in $SPGroups){
#$Members += get-ADGroupMember -Identity $i.name | select name
$i.name | Export-Csv -append -Path c:\bin\membersof.csv
get-ADGroupMember -Identity $i.name | select name | Export-CSV -append -Path c:\bin\membersof.csv
}
Thank You!

Try this:
$SearchBase = "OU=Groups,DC=domain,DC=local"
Get-ADGroup -Filter * -SearchBase $SearchBase | % {
$group = $_.name
Get-ADGroupMember -Identity $group |
select #{n='Group';e={$group}}, #{n='Member';e={$_.Name}}
} | Export-CSV 'C:\bin\membersof.csv'

#Create Custom Data Container
$header = #("Group,Member") #Columns
$temp = #()
$data = #()
$data += $header
$SearchBase = "OU=Groups,DC=domain,DC=local"
Get-ADGroup -filter * -SearchBase $SearchBase | % {
#For Each Group
$Groups = $_.name
get-ADGroupMember -Identity $groups | % {
#For Each Member
$Members = $_.Name
#Add Row
$temp = "$Groups,$Members"
$data += $temp
}
}
#output data to csv
$data | ConvertFrom-Csv | Export-Csv -Path c:\bin\membersof.csv -NoTypeInformation