Good day. What I am trying to accomplish is showing the DisplayName as well as the Name but the only thing I can get to show with Compare-Object is Name so I am trying to pass the output from Compare-Object into Get-ADUser to get more user information. Below is the code that I am working with.
Import-Module ActiveDirectory #imports AD module
$group = Read-Host "What is the group name that you want to get membership for?"
$list = Get-ADGroupMember $group -recursive | Select Name
$OU = Read-Host "What is the OU that you want a list of? [List full path {OU=xxx,DC=xxx,DC=xxx}]"
$OUList = Get-ADUser -SearchBase $OU -Filter * -Properties Name, DisplayName, Title | Select Name
$Comparison = (Compare-Object -ReferenceObject $list -DifferenceObject $OUList | Where-Object {$_.SideIndicator -eq "=>"} | Select Name
ForEach ($user in $Comparison) {Get-ADUser $user.InputObject -Properties Name,DisplayName | Select Name, DisplayName}
The error I get is
Get-ADUser : Cannot bind parameter 'Identity'. Cannot convert value
"#{Name=username}" to type
Microsoft.ActiveDirectory.Management.ADUser
I know this is probably something simple but I can't quite figure it out. Thank you for any assistance.
Related
My goal is to list extended properties of a list of users by Display Name or SamAccountName pulling those names from a Csv. I am using the following script and it works but it either skips names in the Csv or repeats them. If I do one at a time it returns what I need but from the Csv it doesn’t. Csv has one column named Name.
Import-Csv C:\Users\Administrator\Documents\test.txt | Foreach {
Get-ADUser -Filter "DisplayName -eq '$($_.Name)'" -Properties *
} | Select-Object DisplayName, SamAccountName, Title, Department, EmailAddress, ObjectGUID | Sort-Object Displayname | FT
There is nothing wrong with your current code, except for using Import-Csv on a .txt file (test.txt), I would assume this was a typo. I've added an if condition to help you troubleshoot so at least you would know which users where not found.
You should also avoid the use of -Properties *, querying all properties for the users is inefficient and slow.
$properties = #(
'DisplayName'
'SamAccountName'
'Title'
'Department'
'EmailAddress'
'ObjectGUID'
)
Import-Csv C:\Users\Administrator\Documents\test.csv | ForEach-Object {
$adUser = Get-ADUser -Filter "DisplayName -eq '$($_.Name)'" -Properties $properties
if(-not $adUser) {
Write-Warning "'$($_.Name)' could not be found on AD"
return # Go next
}
$adUser
} | Select-Object $properties | Sort-Object Displayname | Format-Table
So i am trying to write a script that basically gets a list of AD groups, and then with each group, gets the members and memberof.
So far i have this :
Import-Module ActiveDirectory
$groupList = get-adgroup -filter *| select-object Name | sort-object -property name
Which works fine. nice and simple. No problem. When i run write-output $groupList, it spits out the list of my AD groups. Happy days!
Then I add this :
foreach($group in $groupList){
Get-ADGroupMember -Identity $group
So my code block looks like this :
Import-Module ActiveDirectory
$groupList = get-adgroup -filter *| select-object Name | sort-object -property name
foreach($group in $groupList){
Get-ADGroupMember -Identity $group
}
And get this error :
Get-ADGroupMember : Cannot bind parameter 'Identity'. Cannot create object of type
"Microsoft.ActiveDirectory.Management.ADGroup". The adapter cannot set the value of property "Name".
I have also tried this :
Get-ADGroup -filter * -Properties MemberOf | Where-Object {$_.MemberOf -ne $null} | Select-Object Name,MemberOf
Which works great in Powershell:
Image of working script results
Yet strangley, when i then add the export-csv on the end, that same error returns :
Exported-CSV image
Can someone please educate me, as no doubt its myself being a little stoopid.
Thanks.
$groupList does not directly contain an array of strings / names.
Use the following command to get only the names:
$groupList = Get-ADGroup -Filter * | Sort-Object -Property Name | Select-Object -ExpandProperty Name
MemberOf and Members are arrays. Export-Csv does not know how to export them into a file. Here an example, how to handle this.
Get-ADGroup -Filter * -Properties MemberOf, Members | `
Select-Object -Property Name, #{Name = 'MemberOf'; Expression = {$_.MemberOf -join ';'}}, #{Name = 'Members'; Expression = {$_.Members -join ';'}} | `
Export-Csv -Path 'path' -NoClobber -NoTypeInformation
My Get-ADComputer script gives too much information. I would like to shorten it out a little.
$Computer = Read-Host -Prompt 'Input computer name'
$ManagedBy = Get-ADComputer $Computer -Properties ManagedBy |
foreach { $_.ManagedBy }
Write-Output $ManagedBy
When I tried to run my scrip it gives this to output
CN=Last Name First Name ,OU=XX ,OU=XXX ,OU=XXX ,DC=XXX,DC=XXX
I would like to get only CN in the output (First name and Las Name).
Your code returns the distinguished name of the computer's manager. You can use that DN to query the AD user object and obtain the desired properties from that (like FullName, or DisplayName, or the individual values FirstName and LastName).
Get-ADComputer $Computer -Properties ManagedBy |
Select-Object -Expand ManagedBy |
Get-ADUser -Property FullName |
Select-Object -Expand FullName
Firstly have you looked at the objects properties?
These Properties are auto assigned to the variable, when created.
You can see them with:
$ManagedBy | Get-Member
You may well find that $ManagedBy.Name will give exactly what you want.
Further reading for you: https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/get-member?view=powershell-6
i'm trying to find all users that belong to the group "Windows".
i want to display their id, last name, first name.
desired output format:
Windows Users,1234567,John,Doe
Windows Administators,7654321,Jane,Doe
this one-liner does do more less what i want but i need to modify the parameter identity everytime from "Windows Users" to "Windows PowerUsers" to "Windows Administrators" etc.
example:
Get-ADGroupMember -identity "Windows Users" -Recursive | Get-ADUser | select SamAccountName, Surname, GivenName
so i attempted to put it all together by but it's giving me errors.
$ADGroups = Get-ADGroup -Filter {name -like "Windows*"}
foreach ($ADGroup in $ADGroups) {
Get-ADGroup -filter {Name -eq $ADGroup.Name} | Get-ADGroupMember -identity
$ADGroup.Name -Recursive | Get-ADUser | select SamAccountName, Surname, GivenName
}
any ideas will be greatly appreciated. i can't figure out how to capture all users that belong to the group Windows* such as "Windows Users" to "Windows PowerUsers" to "Windows Administrators" etc
note: i looked into this but it's not quite what i'm looking for Powershell script to display all Users in a Group AD
thank you.
Your example is a good start.
Try this one. It should do the job:
Get-ADGroup -Filter {name -like "Windows*"} | foreach {
$currentGroup = $_.Name
$_ | Get-ADGroupMember | foreach {
$_ | Get-ADUser | select #{name="Group"; expression={ $currentGroup }}, SamAccountName, Surname, GivenName
}
}
I don't have my access to AD at the moment, but i would give this a try
get-aduser -filter {memberof -like "Windows*"} -property samaccountname,surname,givenname,memberof | select samaccountname,surname,givenname
OR you could try this inside your original foreach loop...
get-adgroup -filter {name -eq $adgroup.name} | select -expand members | get-aduser $_ | select samaccountname,surname,givenname
I can't remember what "members" produces, I believe it is samaccountname if not you could add an ldap filter to get-aduser -filter {whatever -eq $_}
I've been trying to get an extract of AD users and select mail, name, memberof. I then need to list only specific groups from the memberof output so I end up with a list for each user than contains their name, email address and specific groups that match a certain name and not all of the groups they are a member of.
Get-ADUser username -Properties memberof | Select-Object memberof
I can't seem to find a way of doing this as I end up with either noteproperty above or an empty pipeline. Is there a way to achieve what I am trying to do?
The memberOf attribute contains a list of distinguishedName (DN) values, each corresponding to a group.
Retrieve the groups you are interested in, before you run Get-ADUser, that way you can compare the Group DN to the entry in memberOf:
$GroupDNs = Get-ADGroup -Filter {Name -like "*finance*" -or Name -like "*creditcontrol*"} | Select-Object -ExpandProperty DistinguishedName
Now, you can use those DN's to filter the group memberships with a calculated property, like so:
$UserInfo = foreach($username in #("bob","alice","joe")){
$User = Get-ADUser -Identity $username -Properties mail,memberOf |Select Name,mail,memberof
$User | Select-Object Name,mail,#{Label="GroupDNs";Expr = {$_.memberof | Where-Object {$Groups -contains $_}}}
}
without doing a new Get-ADGroup query for each memberof entry.
If you want a string of group names, rather than a NoteProperty containing an array of strings, you could fill the Groups into a hashtable and use that to "look up" the memberof entries using the ContainsKey() method:
$Groups = #{}
Get-ADGroup -Filter {Name -like "*finance*" -or Name -like "*creditcontrol*"} | ForEach-Object {
$Groups[$_.DistinguishedName] = $_
}
$UserInfo = foreach($username in #("bob","alice","joe")){
$User = Get-ADUser -Identity $username -Properties mail,memberOf |Select Name,mail,memberof
$User | Select-Object Name,mail,#{Label="Groups";Expr = { ($_.memberof | Where-Object {$Groups.ContainsKey($_)} | ForEach-Object { $Groups[$_].Name}) -join ";" }}
}
$UserInfo | Export-Csv C:\aduserinfo.csv -NoTypeInformation