The code below is supposed to count and compare user and output the total count, but somehow the result is empty. What do I need to do to fix it?
$groups = $A_group, $B_Group
$gm = #()
foreach ($group in $groups) {
$gm += Get-ADGroupMember $group -Recursive |
`where {$_.objectclass -eq 'user'} |`
' select SamAccountName'
}
($gm.samaccountname | Select -Unique).Count
Write-Output total: ($gm.samaccountname | Select -Unique).Count
You can do this in a much more powershell-esque way.
$groups = $A_group, $B_Group
$uniqueMemberCount = $groups |
Get-ADGroupMember -Recursive |
Where-Object {$_.objectClass -ieq "user"} |
Select-Object -Unique |
Measure-Object |
Select-Object -ExpandProperty Count
Write-Output "Total: $uniqueMemberCount"
I think you want to count of the unique members of two groups:
$aGroup = #('a','b','c')
$bGroup = #('b','c','e','f')
(Compare-Object $aGroup $bGroup -IncludeEqual).count
Related
So im trying to return a report that will list each user and each group they are in using -Filter "name-like 'BLAH'"
the user may be apart multiple "BLAH" groups but no more than 3. How can i get an output like?
Member | Group1 | Group2 | Group3
I tried the below but not quite what i need
$adgroups = Get-ADGroup -Filter "name -like '*BLAH*'" | sort name
$data = foreach ($adgroup in $adgroups) {
$members = $adgroup | get-adgroupmember |select name| sort name
foreach ($member in $members) {
[PSCustomObject]#{
Members = $member
Group = $adgroup.name
}
}
}
This is what i get when using #Adam Luniewski solution
Try this:
$adgroups = Get-ADGroup -Filter "name -like '*BLAH*'" | Sort-Object Name
$data = ForEach ($adgroup in $adgroups){
$adgroup | get-adgroupmember | Select-Object #{n='Members';e={$_}},#{n='Group';e={(Get-ADUser $_.SamAccountName -Properties MemberOf).MemberOf}}
}
Here Get-ADUser is used to retrieve user group memberships (first said #Olaf) then I used calculated properties to format the output.
This should work. Just watch out if you have StrictMode set in your script, it might throw an error if $usrgrp count is less than 3, then you'd have to modify this part.
# get a list of all users and groups in two columns
$dat = #(Get-ADGroup -Filter "name -like '*BLAH*'" -PipelineVariable group | Get-ADGroupMember | select #{n='UserName';e={$_.name}},#{n='GroupName';e={$group.name}})
# for each user in a list add group fields
$dat | select UserName -Unique | ForEach-Object {
$usrgrp = #($dat | where username -eq $_.UserName | sort GroupName);
[pscustomobject]#{
UserName=$_.Username;
Group1=$usrgrp[0].GroupName;
Group2=$usrgrp[1].GroupName;
Group3=$usrgrp[2].GroupName;
};
}
I want 1 list with all users there are member of 2 (both) identity.
I have used this, but it returns first all users in the first identity and then the next identity.
$groups = "SMSxxx", "Personalxxxx"
$results = foreach ($group in $groups) {
Get-ADGroupMember $group | select samaccountname, name, #{n='GroupName';e={$group}}, #{n='Description';e={(Get-ADGroup $group -Properties description).description}}
}
$results
$results | Export-csv C:\Temp\GroupMemberShip.txt -NoTypeInformation
Best regards,
Peter
You can continue with your current logic and use Group-Object to find users that exist in all groups.
$groups = "SMSxxx", "Personalxxxx"
$results = foreach ($group in $groups) {
$description = (Get-ADGroup $group -Properties description).description
Get-ADGroupMember $group | select SamAccountName,Name,#{n='GroupName';e={$group}}, #{n='Description';e={$description}}
}
$results | Group-Object SamAccountName |
Where Count -eq $groups.Count | Select -Expand Group |
Export-csv C:\Temp\GroupMemberShip.csv -NoTypeInformation
I want to read users from different Active Directory groups and then sort and group the results.
From a list like
UserName UserGroup
UZZ GAA
UKK GAA
UZZ GBB
ULL GBB
I want to get that:
Username UserGroup
UKK GAA
ULL GBB
UZZ GAA
So, from User UZZ I want to get only one entry in the list with the first value of UserGroup (first in the alphanumeric sort).
Till now I have the following code:
Import-Module ActiveDirectory
$Groups = (Get-AdGroup -filter * | Where {$_.name -like "G-Q-T*"} | select name -expandproperty name)
$Table = #()
$Record = #{"GroupName" = """Username" = ""}
Foreach ($Group in $Groups) {
$Arrayofmembers = Get-ADGroupMember -identity $Group | select name, samaccountname
foreach ($Member in $Arrayofmembers) {
$Record."GroupName" = $Group
$Record."UserName" = $Member.samaccountname
$objRecord = New-Object PSObject -property $Record
$Table += $objRecord
}
}
$Table | Sort-object -property Username | Group-object -property Username | export-csv "U:\members.csv" -NoTypeInformation**
The part making the list works fine. But not the sort and group part.
Thank you a lot for an answer and help.
Meanwhile I found out, that I have also to add the SID into the .csv File.
The SID is also in the Get-AdGroupMember. But then I try to implement is as the following, the output in case of SID stays empty. What did I wrong where? Thank you in advance for an answer:
Import-Module ActiveDirectory
$Groups = (Get-AdGroup -filter "name -like 'G-Q-T*'" | select name -expandproperty name)
$Table = #()
$Record = #{
"GroupName" = ""
"Username" = ""
"SID" = ""
}
Foreach ($Group in $Groups)
{
$Arrayofmembers = Get-ADGroupMember -identity $Group | select name,samaccountname,SID
foreach ($Member in $Arrayofmembers)
{
$Record."GroupName" = $Group
$Record."UserName" = $Member.samaccountname
$Record."SID" = $Member.SID
$objRecord = New-Object PSObject -property $Record
$Table += $objRecord
}
}
$Table | Group-Object -Property Username |
Select-Object #{n="UserName";e={$_.Name}} , #{n="GroupName";e={$_.Group | Sort-Object GroupName | Select-Object -First 1 -ExpandProperty GroupName}} , #{n="SID";e={$_.SID | Sort-Object SID | Select-Object -First 1 -ExpandProperty SID}}| Export-Csv "U:\member.csv" -NoTypeInformation
I would group on username and use calculated properties to create the desired result. Sort the groupnames in the group and pick out the first value. Try to replace your last line with:
$Table | Group-Object -Property Username |
Select-Object #{n="UserName";e={$_.Name}}, #{n="GroupName";e={$_.Group | Sort-Object GroupName | Select-Object -First 1 -ExpandProperty GroupName}} |
Export-Csv "U:\members.csv" -NoTypeInformation
Avoid -Filter * as it retrieves every group. Use it to get only the groups you need
$Groups = Get-ADGroup -Filter "name -like 'G-Q-T*'"
Alternative using the famous pipeline:
Get-ADGroup -Filter "name -like 'G-Q-T*'" | ForEach-Object {
$groupname = $_.Name
$_ | Get-ADGroupMember | ForEach-Object {
New-Object -TypeName psobject -Property #{
UserName = $_.SamAccountName
SID = $_.SID
GroupName = $groupname
}
}
} | Group-Object -Property UserName |
Select-Object #{n="UserName";e={$_.Name}}, #{n="SID";e={$_.Group[0].SID}}, #{n="GroupName";e={$_.Group | Sort-Object GroupName | Select-Object -First 1 -ExpandProperty GroupName}} |
Export-Csv "U:\members.csv" -NoTypeInformation
I'm trying to create a multi purpose report to query Share permissions and group members who have access.
All the data is shown in a table on screen, or outputted to a file, but I'm having trouble with Convertto-HTML/CSV. Apparently due to not using original properties. Everything I try fails... Anyone able to figure out what can be the issue or have a solution? You can see the screenshot here.
Function Get-Membr {
$Groups = Get-Acl $UNC |
Select-Object -ExpandProperty Access |
Where-Object { (-not $_.IsInherited) -and ('NT AUTHORITY\SYSTEM','BUILTIN\Administrators','CREATOR OWNER','BUILTIN\Users' -notcontains $_.IdentityReference) } |
Select-Object -Exp IdentityReference
foreach ($Group in $Groups)
{ $group | ft Value,Name,Department #| ConvertTo-HTML
$group.Translate('System.Security.Principal.SecurityIdentifier').Value |
Get-ADGroupMember -ErrorAction SilentlyContinue |
Get-ADObject -Properties name, Department |
select name, Department |
ft -HideTableHeaders Value,Name,Department #| ConvertTo-HTML #| out-file -append $tmp
}
}
EDIT / UPDATE:
I was able to solve the issue myself by:
Function Get-Membr {
$Groups = Get-Acl $UNC |
Select-Object -ExpandProperty Access |
Where-Object { (-not $_.IsInherited) -and ('NT AUTHORITY\SYSTEM','BUILTIN\Administrators','CREATOR OWNER','BUILTIN\Users' -notcontains $_.IdentityReference) } |
Select-Object -Exp IdentityReference
$global:Results2 = foreach ($Group in $Groups){
$group.Translate('System.Security.Principal.SecurityIdentifier').Value |
Get-ADGroupMember -ErrorAction SilentlyContinue | Select-Object -Property #{l="GroupName";e={$Group}}, Name, #{name="Description";expression={(Get-ADUser -Identity $_.SamAccountName -Properties Description).Description}},#{name="Enabled";expression={((Get-ADUser $_.SamAccountName).Enabled)}},#{name="- - Action - -";e={(get-aduser -identity $_.Manager -properties DisplayName).DisplayName}}
}
}
You can see the End result here
The following PowerShell script generates a CSV file with three columns (Group, User, SAMAccountName) that associates each instance of a given distribution group with a respective member:
$dist = ForEach ($group in (Get-DistributionGroup -Filter {name -like "*"})) { Get-DistributionGroupMember $group | Select #{Label="Group";Expression={$Group.Name}},#{Label="User";Expression={$_.Name}},SamAccountName} $dist | Sort Group,User | Export-CSV c:\scripts\file.csv -NoTypeInformation
It affords the user a convenient way to filter the groups and display group members. My question: Is there a quick way to modify this script so that it adds a fourth column that displays a property of the groups (specifically, the "HiddenFromAddressListsEnabled" property)?
Just add it to the Select-Object portion
$dist = ForEach ($group in (Get-DistributionGroup -Filter {name -like "*"})) { Get-DistributionGroupMember $group | Select #{Label="Group";Expression={$Group.Name}},#{Label="User";Expression={$_.Name}},SamAccountName,HiddenFromAddressListsEnabled} $dist | Sort Group,User | Export-CSV c:\scripts\file.csv -NoTypeInformation
See it after the SamAccountName
To Get the HiddenFromAddressListsEnabled for the Groups:
$dist = ForEach ($group in (Get-DistributionGroup -Filter {name -like "*"})) { Get-DistributionGroupMember $group | Select #{Label="Group";Expression={$Group.Name}},#{Label="User";Expression={$_.Name}},SamAccountName,{$Group.HiddenFromAddressListsEnabled}} $dist | Sort Group,User #| Export-CSV c:\scripts\file.csv -NoTypeInformation
However, There's another way to do it, and easier to read and manipulate:
$Array = #()
$Groups = Get-DistributionGroup
Foreach ($Group in $Groups)
{
$DGMembers = Get-DistributionGroupMember $Group
Foreach ($Member in $DGMembers)
{
$Result = "" | Select GroupName,Member,SamAccountName,HiddenFromAddressListsEnabled
$Result.GroupName = $Group.Name
$Result.Member = $Member.Name
$Result.SamAccountName = $Member.SamAccountName
$Result.HiddenFromAddressListsEnabled = $Group.HiddenFromAddressListsEnabled
$Array += $Result
}
}
$Array | Export-CSV c:\scripts\file.csv -NoTypeInformation