Solved

A Script to audit AD to show every user, with every group they are in

Posted on 2009-04-01
7
683 Views
Last Modified: 2013-12-24
Hi,
I have been give the above task, i immediately thought of powershell, which i am still a novice at. I just prefer the one liners to get the job done.
I borrowed and burgled some code to get the below:

function func_Member_of()
{
# Builds a group membership for a given user, computer or group
# Returns only direct group membership

$input | ForEach-Object {
      if ($_.primaryGroupID) {
            $_.SID.Value -replace '-\d+$',"-$($_.PrimaryGroupID)" |Get-QADGroup -Connection $_.Connection
      }
      if ($_.memberOf) {
            $_.memberOf | Get-QADGroup -Connection $_.Connection
      }
}
}


 Get-QADUser -SizeLimit 0 -ErrorAction SilentlyContinue | func_Member_of | Select-Object -Property `
"name","Office","group","company" |Export-Csv c:\adgroup.csv

This unfortunately only returns the groups, no mention of the users or any of the other parameters i would like to sort on further down the line.
I figure that the fuction needs to be expanded to accommodate this.

If you have an answer thats not PS, thats fine.

Thanks in advance.
0
Comment
Question by:cplit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 18

Expert Comment

by:BSonPosh
ID: 24045665
change

if ($_.memberOf) {
            $_.memberOf | Get-QADGroup -Connection $_.Connection
      }

to

if ($_.memberOf) {
            $_.memberOf | Get-QADObject -Connection $_.Connection
      }
0
 

Author Comment

by:cplit
ID: 24045824
Hi BSonPosh,
That has cleaned up the group names, thanks for that.
There is still the issue of a long list of groups (approx 4000), but it still doesn't show the users.

All i have managed to show with this script is a long list of groups.
I also need to show the users relative to their group membership.

The script seems to order the groups the right way (per user), but the user has been omitted from the output.
0
 
LVL 18

Expert Comment

by:BSonPosh
ID: 24045945
Doh!... not sure what I was thinking. memberof only contains groups :)
0
Office 365 Training for Admins

Learn how to provision tenants, synchronize on-premise Active Directory, and implement Single Sign-On with these master level course.  Only from Platform Scholar

 
LVL 18

Expert Comment

by:BSonPosh
ID: 24046035
if you are in a single domain try this

Get-QADUser -sl 0 -ea 0| Select-Object name,Office,group,company,TokenGroups | Export-Csv c:\adgroup.csv -NoType
0
 
LVL 18

Accepted Solution

by:
BSonPosh earned 500 total points
ID: 24046083
whoops.. that doesn't work

try this
Get-QADUser -sl 0 -ea 0| Select-Object name,Office,group,company,@{n="Groups";e={$_.TokenGroups | %{$_.Name}}} | export-csv C:\temp\adgroup2.csv -NoType

Open in new window

0
 

Author Comment

by:cplit
ID: 24046424
BSonPosh,
Thanks so much for your prompt help.
That worked a treat

Thanks again
0
 

Author Closing Comment

by:cplit
ID: 31565595
Thanks
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

742 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question