Powershell Script Listing Users and Groups

martinsaunders7874 · 2018-01-17T16:24:23.000Z

Hi everyone.

I’m looking for a basic script that has two parts:

output all the groups in AD
take that output and query group memberships for each group and output everything to a CSV file.

Any help would be greatly appreciated!

Neally · 2018-01-17T16:25:53.000Z

what have you tried so far? Where are you stuck? Errors?

If you post code, please use the ‘Insert Code’ button. Please and thank you!

martinsaunders7874 · 2018-01-17T16:46:12.000Z

I’ve run this script: (found here on Spiceworks using the search feature

 Param (
    [Parameter(Mandatory=$true,ValueFromPipeLine=$true)]
    [Alias("ID","Users","Name")]
    [string[]]$User
)
Begin {
    Try { Import-Module ActiveDirectory -ErrorAction Stop }
    Catch { Write-Host "Unable to load Active Directory module, is RSAT installed?"; Break }
}

Process {
    ForEach ($U in $User)
#Get-ADUser -Filter {Enabled -eq "True"}
    {   $UN = Get-ADUser $U -Properties MemberOf
        $Groups = ForEach ($Group in ($UN.MemberOf))
        {   (Get-ADGroup $Group).Name
        }
        $Groups = $Groups | Sort
        ForEach ($Group in $Groups)
        {   New-Object PSObject -Property @{
                Name = $UN.Name
                Group = $Group
            }
        }
    }
}

With the following command:

Get-ADUser -Filter {Enabled -eq $true} -SearchBase "ou=XX,dc=XX,dc=ca" | .\Get-UserGroupMemberships.ps1 | Export-CSV d:\UserMembers.csv

It works fine. However, the output doesn’t tell me how to distinguish a Distribution Group from a Security group.

Neally · 2018-01-17T16:48:48.000Z

That script works however differently than what you asked in the OP, the script you found queries the group membership of each user.

It does not find all groups and then it’s members.

thomasblhmann7922 · 2018-01-17T16:53:45.000Z

I guess this could work: https://community.spiceworks.com/topic/1472794-how-to-table-all-ad-groups-and-members-of-each-group-then-export-to-csv-psscript

jitensh · 2018-01-17T17:05:52.000Z

Try this

Get-ADUser -Filter {Enabled -eq $true} -SearchBase "ou=XX,dc=XX,dc=ca" -Properties DisplayName,memberof | % {
  New-Object PSObject -Property @{
	UserName = $_.DisplayName
	Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -join ","
	}
} | Select UserName,Groups |Sort-Object -Property Name| Export-Csv C:\treport.csv -NTI

molan · 2018-01-17T18:05:03.000Z

not a script, but check out this tool Cjwdev | AD Permissions Reporter

from

cjwdev.com

Cjwdev | Free Software For IT Professionals

Applications and utilities for IT Professionals, designed and developed by Chris Wright

martinsaunders7874 · 2018-01-17T18:34:02.000Z

Ended up using this:

$Groups = Get-ADGroup -Filter * -SearchBase 'OU=XX,DC=XX,DC=XX'

$Results = foreach( $Group in $Groups ){

    Get-ADGroupMember -Identity $Group | foreach {

        [pscustomobject]@{

            GroupName = $Group.Name

            Name = $_.Name

            }

        }

    }

$Results | Export-Csv -Path d:\groups1.csv -NoTypeInformation

Works really well.

Thanks everyone for their input!