I need to get the following into a CSV:
Groups with fields: group name, group SID, group email address, group type
and then for each of the above groups i need the member users with the fields: group name (I know that's a repeat), userID, user firstname, userlastname, user email.
If someone has a solution for this I will be forever grateful. The solution will be something I can study and learn from so thanks again.
I have the two pieces separately but am stuck at that point
Get-ADGroup -Filter * -Properties Member |
select Name, DistinguishedName, sid, GroupCategory, GroupScope,
#{Name="Members";Expression={($_.Members | Measure-Object).Count}} |
Out-GridView
#Export-Csv c:\rmm-mgmt\test.csv
I don't understand why the user details can't just be added as well.
For the users I'm using:
Get-ADUser -Filter * -Properties * |
Select-Object name, surname, givenname, displayname, emailaddress |
Out-GridView
(Using Out-GridView to check results before I begin exporting)
As you can see these are two pieced of information I can get but can't put them together. One example is I can't get the list of members in groups.
You have to use ForEach-Object and assign the group to a named variable so you can access it where you format each member. Then pipe $_.Member into Get-ADUser:
Get-ADGroup -Filter * -Properties Member | ForEach-Object {
$group = $_
$_.Member | Get-ADUser -Properties Surname,GivenName,DisplayName,EmailAddress |
Select #{N = "Group Name";E = {$group.Name}}, Surname, GivenName, DisplayName, EmailAddress
} | Out-GridView
I'm not quite clear on the exact output formatting you are looking for but I believe something like this should work for what you are attempting to do.
# Create an empty array we will add our custom objects to.
$outputObjs = #()
# Get all the AD groups.
$groups = Get-ADGroup -Filter * -Properties Member |
select Name, DistinguishedName, sid, GroupCategory, GroupScope |
select -First 40
# Iterate the groups capturing the members of each group.
foreach ($group in $groups) {
$groupMembers = Get-ADGroupMember -Identity $group.Name |
? { $_.objectClass -eq "user" } |
% { Get-ADUser $_.SamAccountName } |
select name, surname, givenname, displayname, emailaddress
# Get the group member count
$memCount = 0
if ($groupMembers) { $memCount = $groupMembers.Count; }
else { $memCount = 0 }
# Iterate through the group members creating a custom object and adding it to our object array.
foreach($member in $groupMembers) {
$outputObjs += New-Object -TypeName psobject -Property (#{
'Group Name' = $group.Name;
'Group DN' = $group.DistinguishedName;
'Group SID' = $group.SID;
'Group Category' = $group.GroupCategory;
'Group Scope' = $group.GroupScope;
'Group Member Count' = $memCount
'User Name' = $member.name;
'User Surname' = $member.surname;
'User Given Name' = $member.givenname;
'User Display Name' = $member.displayname;
'User Email Address' = $member.emailaddress
})
}
}
# Convert the object array to a CSV.
$outputObjs | ConvertTo-Csv -NoTypeInformation
Your CSV would look like this
"Group Name","User Surname","User Given Name","Group Member Count","User Email Address","Group SID","User Name","Group Category","Group DN","User Display Name","Group Scope"
Related
I wanna use Out-GridView to display members of a selected AD group. It would be nice if I could get all members (computers, other groups, users) but at least users is mandatory.
I have this code now:
Import-Module ActiveDirectory
$groups = Get-ADGroup -Filter * -Searchbase "OU=Groups,DC=domain,DC=int"|
Select-Object #{n="Group"; e={$_.Name}}, DistinguishedName |Sort-Object "Group"|
Out-GridView -Title "Select a group, then click OK" -PassThru
$accounts = Foreach ($group in $groups) {Get-ADGroupMember -Identity $group.DistinguishedName -Recursive}
$report = Get-ADUser -Identity $account -Properties *|
Select-Object name, SamAccountName, EmailAddress, EmployeeID, TelephoneNumber, Created, Department, City|
Out-GridView -Title "The members of the group" -PassThru
At the moment I can search for the group , select it and then I do not get all the members. just one, I think. And also only a user cause it's Get-ADuser.
Can anyone help me?
Or maybe there is a similar powershell frontend somewhere in the internet?
Since Get-ADGroupMember can return 3 different types of AD objects, you cannot blindly use Get-ADUser on each of the returned objects.
What is more, not all of these different objects have the same properties you want shown in your grid view, so you need some method of capturing properties they have in common, while leaving others blank.
Try:
Import-Module ActiveDirectory
$groups = Get-ADGroup -Filter * -Searchbase "OU=Groups,DC=domain,DC=int" |
Select-Object #{Name = "Group"; Expression = {$_.Name}}, DistinguishedName | Sort-Object "Group"
# show the groups in a grid view and have the user select one item
$selected = $groups | Out-GridView -Title "Select a group, then click OK" -PassThru
# if not cancelled
if ($selected) {
# loop through the members of the selected group and capture the resulting objects in variable $result
$result = foreach ($member in (Get-ADGroupMember -Identity $selected.DistinguishedName -Recursive)) {
$account = switch ($member.objectClass) {
'user' {
# Get-ADUser by default returns these properties:
# DistinguishedName, Enabled, GivenName, Name, ObjectClass, ObjectGUID, SamAccountName, SID, Surname, UserPrincipalName
Get-ADUser -Identity $member.DistinguishedName -Properties EmailAddress, EmployeeId,
OfficePhone, Created, Department, City
}
'group' {
# Get-ADGroup by default returns these properties:
# DistinguishedName, GroupCategory, GroupScope, Name, ObjectClass, ObjectGUID, SamAccountName, SID
Get-ADGroup -Identity $member.DistinguishedName -Properties mail, Created |
# rename the property 'mail' here
Select-Object *, #{Name = 'EmailAddress'; Expression = {$_.mail}} -ExcludeProperty mail
}
'computer' {
# Get-ADComputer by default returns these properties:
# DistinguishedName, DNSHostName, Enabled, Name, ObjectClass, ObjectGUID, SamAccountName, SID, UserPrincipalName
Get-ADComputer -Identity $member.DistinguishedName -Properties Created
}
}
# output an object with all properties you want in the grid view. Some will be empty though depending on the object type
$account | Select-Object #{Name = 'Type'; Expression = {$member.objectClass}},
Name, SamAccountName, EmailAddress, EmployeeId, OfficePhone, Created, Department, City
}
# display the results
$result | Sort-Object Type, Name | Out-GridView -Title "The members of group '$($selected.Name)'"
}
Get-ADGroupMember -Identity *group* | Out-GridView
This should get you all the members of the group. I guess you can filter it from there? :)
I need to get specific users from specific Groups in Active Directory.
So far I have this:
$Groupnames = get-adgroup -Filter "name -like '$Groupfilter'" -Properties * -SearchBase $Grouppath |
Select-Object Name, #{
Name='Username';
Expression={
Get-ADGroupMember -identity $($_.Name) -Recursive |
Get-ADUser -Property SamAccountName |
Select -ExpandProperty SamAccountName
}
}
This works to get the Groups with their names. Now I want to get all users from these groups. what works but the formating is completly off. I want this:
Name Username
---- --------
Group1 user1adm
Group2 {user1adm, user1, user2, user2adm...}
Group3 {user1adm, user3, user2adm, user6...}
But I get this:
{user1adm, user1, user2, user2adm...}
With that formatting I can't see all users.
My goal at the end is also to exclude users who end with adm, but I don't know how to do that.
Can you help me?
Get-ADGroupMember can return objects of type 'user', 'group' or 'computer', so piping the returned objects straight through to Get-ADUser could get you into trouble if one of the objects is not a user.
Having said that, the objects returned from Get-ADGroupMember already contain the SamAccountName property you are after, so you can eliminate Get-ADUser from the code.
$Groupnames = Get-ADGroup -Filter "name -like '$Groupfilter'" -SearchBase $Grouppath |
Select-Object Name,
#{Name = 'Username'; Expression = {
($_ | Get-ADGroupMember -Recursive |
Select-Object -ExpandProperty SamAccountName |
Where-Object { $_ -notmatch 'adm$' }
) -join ', '
}
}
# output the result on screen
$Groupnames | Format-Table -AutoSize
# output to CSV file
$Groupnames | Export-Csv -Path 'Path\To\The\GroupMembers.csv' -NoTypeInformation
I'm trying to get a list of emails from an ADGroup. The problem is there are members in the group that have no emails and I want the variable to show the ADuser instead of the email if the field is empty.
current code is this
$emails = get-adgroupmember gg-sccm-admins | get-aduser -Properties emailaddress | select emailaddress
$emails+= get-adgroupmember gg-sccm-site_admins | get-aduser -Properties emailaddress | select emailaddress
Write-Output $emails
My idea was to use an IF and if the email field is empty write username in the variable but I can't get it to work.
I guess you could use below:
$emails = get-adgroupmember gg-sccm-admins | Get-ADUser -Properties emailaddress | select #{N="EmailAddress";E={if($_.emailaddress){$_.emailaddress}else{$_.samaccountname}}}
$emails+= get-adgroupmember gg-sccm-site_admins | Get-ADUser -Properties emailaddress | select #{N="EmailAddress";E={if($_.emailaddress){$_.emailaddress}else{$_.samaccountname}}}
Write-Output $emails
Why not just do both?
[System.Collections.ArrayList]$Emails = #()
[System.Collections.ArrayList]$Names = #()
[array]$GroupMembers = Get-ADGroupMember "gg-sccm-admins" | Get-ADUser -Properties emailaddress,DisplayName | Select EmailAddress, DisplayName
Foreach($user in $GroupMembers){
$null = $Emails.Add($User.EmailAddress)
$null = $Names.Add($User.DisplayName)
}
For($i=0;$i -lt $Names.count;$i++){
[pscustomobject]#{
"User Names" = $Names[$i]
"Emails" = $Emails[$i]
}
}
Also, instead of using a fixed array, I changed it to an ArrayList. Should make the process faster as it doesn't have to recreate each array each time with a new item.
I've been trying to get an extract of AD users and select mail, name, memberof. I then need to list only specific groups from the memberof output so I end up with a list for each user than contains their name, email address and specific groups that match a certain name and not all of the groups they are a member of.
Get-ADUser username -Properties memberof | Select-Object memberof
I can't seem to find a way of doing this as I end up with either noteproperty above or an empty pipeline. Is there a way to achieve what I am trying to do?
The memberOf attribute contains a list of distinguishedName (DN) values, each corresponding to a group.
Retrieve the groups you are interested in, before you run Get-ADUser, that way you can compare the Group DN to the entry in memberOf:
$GroupDNs = Get-ADGroup -Filter {Name -like "*finance*" -or Name -like "*creditcontrol*"} | Select-Object -ExpandProperty DistinguishedName
Now, you can use those DN's to filter the group memberships with a calculated property, like so:
$UserInfo = foreach($username in #("bob","alice","joe")){
$User = Get-ADUser -Identity $username -Properties mail,memberOf |Select Name,mail,memberof
$User | Select-Object Name,mail,#{Label="GroupDNs";Expr = {$_.memberof | Where-Object {$Groups -contains $_}}}
}
without doing a new Get-ADGroup query for each memberof entry.
If you want a string of group names, rather than a NoteProperty containing an array of strings, you could fill the Groups into a hashtable and use that to "look up" the memberof entries using the ContainsKey() method:
$Groups = #{}
Get-ADGroup -Filter {Name -like "*finance*" -or Name -like "*creditcontrol*"} | ForEach-Object {
$Groups[$_.DistinguishedName] = $_
}
$UserInfo = foreach($username in #("bob","alice","joe")){
$User = Get-ADUser -Identity $username -Properties mail,memberOf |Select Name,mail,memberof
$User | Select-Object Name,mail,#{Label="Groups";Expr = { ($_.memberof | Where-Object {$Groups.ContainsKey($_)} | ForEach-Object { $Groups[$_].Name}) -join ";" }}
}
$UserInfo | Export-Csv C:\aduserinfo.csv -NoTypeInformation
I'm trying to create one e-mail per manager, where the user accounts he is responsible for in active directory, will expire within a given time frame. It's already working quite well but I have some issue in grouping the Managers.
It would be nice if it was possible to group the managers together and then collect all the users where that specific manager is responsible for in a small HTML table ($Rows). The HTML-code is not the problem, but iterating the users for that manager is my issue.
The code:
$OU = 'OU=BBB,OU=EU,DC=domain,DC=net', 'OU=AAA,OU=EU,DC=domain,DC=net'
[INT]$Days = 30
$ExpUsers=$Objects=#()
Foreach ($O in $OU) {
$ExpUsers += Search-ADAccount -AccountExpiring -TimeSpan "$Days.00:00:00" -UsersOnly -SearchBase $O |
Select -ExpandProperty SamAccountName
}
Foreach ($E in $ExpUsers) {
$User = Get-ADUser $E -Properties * | Select SamAccountName, EmailAddress, GivenName,
SurName, AccountExpirationDate, Manager, DisplayName
$Manager = Get-ADUser $User.Manager -Properties * | Select SamAccountName, EmailAddress, GivenName, SurName
$Objects += [PSCustomObject]#{
User = $User
Manager = $Manager
}
}
$Objects | Group-Object Manager.SamAccountName | % {
$Rows=#()
foreach($M in $_) {
# Create HTML row for each user with the same manager
$M.Group.Manager.SurName
}
}
Grouping the managers can be done easily like this:
$Objects.Manager | Group-Object SamAccountName
However, when I do it like this I can't use the User properties anymore because they haven't been piped to Group-Object.
What is the best way to overcome this hurdle? I could of course create my object like this:
$Objects += [PSCustomObject]#{
UserSamAccountName = $User.SamAccountName
UserGivenName = $User.GivenName
ManagerSamAccountName = $Manager.SamAccountName
ManagerGivenName = $Manager.GivenName
}
But this solution doesn't seem to be so flexible if I want to add stuff later on.
I've found my answer in an example here:
$Objects | Group-Object {$_.Manager.SamAccountName} | % { $_.Group.User.GivenName}