Thank you Neally this is working. And thank you everyone to answer that quickly.
But now it looks like I need something like that. We want to be able to filter neither by groups or users. THANK YOU SO MUCH IN ADVANCE !
Jim
Hi everyone,
I need help with something. I don’t really have any background or experience using Powershell. So everything is pretty new for me.
This is where I am :
$domains = (Get-ADForest).Domains
$usrs = Get-Content "C:\tmp\users.txt"
$finalresults = "C:\Users\admgiambatj\Desktop\Projet\finalresults.txt"
foreach ($domain in $domains) {foreach ($usr in $usrs) {Get-ADPrincipalGroupMembership -Server $domain $usr | where-object Name -match "GRP" | select name | Out-File -Append $finalresults}}
This is my result:
name
GRP_1
GRP_4
GRP_5
name
GRP_3
GRP_4
GRP_8
GRP_9
name
GRP_1
GRP_3
GRP_5
But this is what I need (in csv). I need to have the username and the name of the users :
Tomas Jones jonest
GRP_1
GRP_4
GRP_5
Leo Sim siml
GRP_3
GRP_4
GRP_8
GRP_9
Rick Mark markr
GRP_1
GRP_3
GRP_5
Thank you in advance for you help.
Jim
5 Spice ups
Neally
(Neally)
2
Welcome.
If you post code, please use the ‘Insert Code’ button. Please and thank you!
dbaker
(Darrin1964)
3
Hi spicehead-616z6,
Clear-host
$OUpath = 'OU=Users,DC=globex,DC=ca'
$Report = @()
#Collect all users:
#Spicific OU set $OUpath
#$Users = Get-ADUser -Filter * -SearchBase $OUpath -Properties Name, GivenName, SurName, SamAccountName, UserPrincipalName, MemberOf, Enabled, DistinguishedName, mail, UserPrincipalName -ResultSetSize $Null
#All accounts in AD (big list)
#$Users = Get-ADUser -Filter * -Properties Name, GivenName, SurName, SamAccountName, UserPrincipalName, MemberOf, Enabled, DistinguishedName, mail, UserPrincipalName, description -ResultSetSize $Null
$Users = Get-ADUser -Filter * -Properties * -ResultSetSize $Null
# Use ForEach loop, as we need group membership for every account that is collected.
# MemberOf property of User object has the list of groups and is available in DN format.
Foreach($User in $users){
$UserGroupCollection = $User.MemberOf
#This Array will hold Group Names to which the user belongs.
$UserGroupMembership = @()
#To get the Group Names from DN format we will again use Foreach loop to query every DN and retrieve the Name property of Group.
Foreach($UserGroup in $UserGroupCollection){
$GroupDetails = Get-ADGroup -Identity $UserGroup
#Here we will add each group Name to UserGroupMembership array
$UserGroupMembership += $GroupDetails.Name
}
#As the UserGroupMembership is array we need to join element with ‘,’ as the seperator
$Groups = $UserGroupMembership -join ‘, ‘
#Creating custom objects
$Out = New-Object PSObject
$Out | Add-Member -MemberType noteproperty -Name Name -Value $User.Name
$Out | Add-Member -MemberType noteproperty -Name UserName -Value $User.SamAccountName
$Out | Add-Member -MemberType noteproperty -Name Enabled -Value $User.Enabled
$Out | Add-Member -MemberType noteproperty -Name Email -Value $User.mail
$Out | Add-Member -MemberType noteproperty -Name description -Value $User.description
$Out | Add-Member -MemberType noteproperty -Name UserPrincipalName -Value $User.UserPrincipalName
$Out | Add-Member -MemberType noteproperty -Name DistinguishedName -Value $User.DistinguishedName
$Out | Add-Member -MemberType noteproperty -Name Groups -Value $Groups
$Out | Add-Member -MemberType noteproperty -Name JobTitle -Value $User.Title
$Out | Add-Member -MemberType noteproperty -Name Department -Value $User.Department
$Out | Add-Member -MemberType noteproperty -Name CanonicalName -Value $User.CanonicalName
$Report += $Out
}
#Output to screen as well as csv file.
$Filename = "C:\Temp\users " + $((Get-Date).Tostring(“yyyy-MM-dd hh-mm-ss”)) + ".csv"
$Report | Sort-Object Name | FT -AutoSize
$Report | Sort-Object Name | Export-Csv -Path $Filename -NoTypeInformation
I got the above from I don’t remember where, but it was a great help in getting all the info I needed, just have to modify it, so you get what you actually want.
Neally
(Neally)
4
that is not a valid CSV format though, how about so:
$domains = (Get-ADForest).Domains
$usrs = Get-Content "C:\tmp\users.txt"
$finalresults = "finalresults.csv"
$report =
foreach ($domain in $domains){
foreach ($usr in $usrs) {
[pscustomobject]@{
Name = $usr
samaccountname = (get-aduser $usr -server $domain).samaccountname
memberof =
(
Get-ADPrincipalGroupMembership $usr -Server $domain |
where-object Name -match "GRP"
).name -join "`r`n"
}
}
}
$report |
export-csv $finalresults -NoTypeInformation -Force
Thank you so much Neally, it works. Have any idea now how I can get my data like this ? I think it will suit my needs better. I have been on that for hours and I can’t get even close.
Thank you again.
Jim
Neally
(Neally)
6
Post the code you have tried and where you are stuck.
Neally
(Neally)
7
like so
$domains = (Get-ADForest).Domains
$usrs = Get-Content "C:\tmp\users.txt"
$finalresults = "finalresults.csv"
$report =
foreach ($domain in $domains){
foreach ($usr in $usrs) {
$groups = Get-ADPrincipalGroupMembership -Identity $usr -Server $domain
foreach($grp in $groups){
[pscustomobject]@{
Name = $usr
Samaccountname = (get-aduser $usrs -server $domain).samaccountname
group = $grp.name
groupDescription = (get-adgroup $grp.name -Properties description).description
}
}
}
}
$report |
export-csv $finalresults -NoTypeInformation -Force
Ok so I was using your code to get my data per user
$domains = (Get-ADForest).Domains
$usrs = Get-Content "C:\tmp\users.txt"
$finalresults = "C:\tmp\finalresults.csv"
$report =
foreach ($domain in $domains){
foreach ($usr in $usrs) {
[pscustomobject]@{
Name = (get-aduser $usr -server $domain).Name
samaccountname = (get-aduser $usr -server $domain).samaccountname
memberof =
(
Get-ADPrincipalGroupMembership $usr -Server $domain |
where-object Name -match "GRP"
).name -join "`r`n"
description = (Get-ADGroup -Filter "Name -like 'GRP*'" -SearchBase "OU=Groups,OU=Weblogic,OU=Corporate Services,DC=exemple,DC=exemple2,DC=ca" | Get-ADGroup -Properties * | select description).description -join "`r`n"
}
}
}
$report |
export-csv $finalresults -NoTypeInformation -Force
This gave me a list of users and from what groups starting by GRP they are members of. But then I was thinking it would be nice to also have a list of all the groups starting by GRP and the name of they members.
So I did that :
$grps = Get-Content "C:\tmp\groups.txt"
$finalresults = "C:\tmp\finalresults2.csv"
$report =
foreach ($grp in $grps) {
[pscustomobject]@{
Name = (Get-ADGroup $grp | select name).Name
SamAccountName = (Get-ADGroupMember $grp | select SamAccountName).SamAccountName -join "`r`n"
}
}
$report |
export-csv $finalresults2 -NoTypeInformation -Force
And it works. But I have too many users and too many groups. The files are hard to read. So it could be better if I can merge both result in one file so the result would look like this :
Username Name Group Description
userjim jim GRP1 Group1 desc
userjim jim GRP3 Group3 desc
userjim jim GRP7 Group7 desc
userpaul paul GRP4 Group4 desc
userpaul paul GRP7 Group7 desc
userrick rick GRP5 Group5 desc
userrick rick GRP6 Group6 desc
userrick rick GRP8 Group8 desc
userrick rick GRP9 Group9 desc
But honestly I have no idea where to start. I was thinking of something like
foreach ($domain in $domains){
foreach ($usr in $usrs) {
foreach ($grp in $grps) {
I don’t know. I need to be able to sort my file by users and by groups.
Any help is appreciate.
Thank you.
Jim
Neally
(Neally)
9
I’m not following what else you need? Doesn’t what I posted do that?
Good morning Neally. Yes thank you I didn’t saw your last message at first yesterday. Then I was sooo tired. I have too much work and of top of that I need to make this works :S ! But, I’m almost there thanks to you 
So here is where I am :
$domains = (Get-ADForest).Domains
$usrs = Get-Content "C:\tmp\users.txt"
$names = foreach ($usr in $usrs) {(get-aduser $usr -server $domain | select name)}
$upn = foreach ($domain in $domains) {foreach ($usr in $usrs) {Get-ADUser $usr -server $domain | select UserPrincipalName}}
$finalresults = "C:\tmp\finalresults3.csv"
$report =
#Had to move this in $groups because I was getting 3 times the results
#foreach ($domain in $domains){
foreach ($usr in $usrs) {
$groups = foreach ($domain in $domains) {Get-ADPrincipalGroupMembership -Server $domain $usr | where-object Name -match "GRP"}
foreach($grp in $groups){
[pscustomobject]@{
#Have not been able to get the name of the users, only the username
Name = $usr
#This gave me no result at the end
#Samaccountname = (get-aduser $usrs -server $domain).samaccountname
#Have not been able to get the users description. It gaves me no result at the end.
#Description = (get-aduser $usr -Server $domain -Properties description | select description).description
group = $grp.name
groupDescription = (get-adgroup $grp.name -Properties description).description
}
}
}
#}
$report |
export-csv $finalresults -NoTypeInformation -Force
Result :
But I have not been able to get the name and the users description. Everything I tried gave me no result in the end.
Thank you again.
Jim
Neally
(Neally)
11
you did not mention anywhere that was a requirement.
Neally
(Neally)
12
does just that give you results? (if you fill in a real domain)
get-aduser arpinr -properties description -server $domain
Neally
(Neally)
13
that should be either:
#this:
Description = (get-aduser $usr -Server $domain -Properties description).description
# or this
Description = get-aduser $usr -Server $domain -Properties description | select -ExpandProperty description
This give me result for my main domain :
get-aduser rondeaup -properties description | select description
description
Technicien, Centre Services TI
This for other domains
foreach ($domain in $domains) {get-aduser arpinr -Server $domain -Properties description | select description}
description
Receveur/expediteur
get-aduser $usr -Server $domain -Properties description | select -ExpandProperty description
This is working but the command stop when it gets no result from one domain
Sorry I’m retarted
This is working !!! Yeah
get-aduser $usr -Server $domain -Properties description | select -ExpandProperty description
Neally
(Neally)
17
does $USR contain “rondeaup” and “arpinr” ? I assume so, if that resolves it should work in the custom object as well.
this seems to work just fine for me.
clear
$domains = (Get-ADForest).Domains
$usrs = Get-Content "C:\tmp\users.txt"
#$names = foreach ($usr in $usrs) {(get-aduser $usr -server $domain | select name)}
#$upn = foreach ($domain in $domains) {foreach ($usr in $usrs) {Get-ADUser $usr -server $domain | select UserPrincipalName}}
$finalresults = "C:\tmp\finalresults3.csv"
$report =
#Had to move this in $groups because I was getting 3 times the results
#foreach ($domain in $domains){
foreach ($usr in $usrs) {
$groups = foreach ($domain in $domains) {Get-ADPrincipalGroupMembership $usr -Server $domain <#| where-object Name -match "GRP"#>}
foreach($grp in $groups){
$fullname = $null
$fullname = Get-aduser $usr -Properties description
[pscustomobject]@{
#Have not been able to get the name of the users, only the username
Name = $usr
FullName = if($fullname.name){$fullname.name}else{"-"}
description = if($fullname.Description){$fullname.Description}else{"-"}
group = $grp.name
groupDescription = (get-adgroup $grp.name -Properties description).description
}
}
}
#}
$report |
export-csv $finalresults -NoTypeInformation -Force
Beautiful thank you soo much. And have a nice day !!!
Here’s the final results
$domains = (Get-ADForest).Domains
$usrs = Get-Content C:\tmp\users.txt
$finalresults = "C:\tmp\finalresults.csv"
$report =
foreach ($usr in $usrs) {
$groups = foreach ($domain in $domains) {Get-ADPrincipalGroupMembership -Server $domain $usr | where-object Name -match "GRP"}
foreach($grp in $groups){
[pscustomobject]@{
Name = $usr
RealName = get-aduser $usr -Server $domain -Properties name | select -ExpandProperty name
Description = get-aduser $usr -Server $domain -Properties description | select -ExpandProperty description
group = $grp.name
groupDescription = (get-adgroup $grp.name -Properties description).description
}
}
}
$report |
export-csv $finalresults -NoTypeInformation -Force
Jim
Neally
(Neally)
19
you are querying AD more times than you need to.
there was a reason I wrote it the way I did, it reduces AD queries.
Your right, its working like you said now. Thank you !
I just don’t know why I can’t keep my special characters (french results) in the csv file ? Bah, it is not a big deal
Have a good day.
Jim
$domains = (Get-ADForest).Domains
#Create groups list in requested OU starting with requested characters
#Get-ADGroup -Filter "Name -like 'GRP*'" -SearchBase "OU=Groups,OU=Weblogic,OU=Corporate Services,DC=domA,DC=dom,DC=ca" |
#Get-ADGroup -Properties name |
#select -ExpandProperty name |
#Out-file C:\tmp\groups.txt
#Create list of all the users member of at less one group within requested parameters
#$grps = Get-Content "C:\tmp\groups.txt"
#foreach ($grp in $grps) {Get-ADGroupMember -identity $grp -Recursive | select -ExpandProperty SamAccountName | Out-File -Append "c:\tmp\userstmp.txt"}
#gc "c:\tmp\userstmp.txt" | sort | get-unique > "c:\tmp\users.txt"
#Remove-Item "c:\tmp\userstmp.txt"
###
#Script generating the final result
$usrs = Get-Content C:\tmp\users.txt
$finalresults = "C:\tmp\finalresults.csv"
$report =
foreach ($domain in $domains) {
foreach ($usr in $usrs) {
$groups = Get-ADPrincipalGroupMembership -Server $domain $usr | where-object Name -match "GRP"
foreach($grp in $groups){
[pscustomobject]@{
Name = $usr
RealName = get-aduser $usr -Server $domain -Properties name | select -ExpandProperty name
Description = get-aduser $usr -Server $domain -Properties description | select -ExpandProperty description
group = $grp.name
groupDescription = (get-adgroup $grp.name -Properties description).description
}
}
}
}
$report |
export-csv $finalresults -NoTypeInformation -Force
![2021-04-16_11_08_21-Remote_Desktop_Manager_Free_[SCORCON01].png](https://us1.discourse-cdn.com/spiceworks/optimized/4X/2/1/4/214301d85ec3e386fc1bb896494263a71dbcfe99_2_690x286.png)
