Solved

active directory list of users with group and email

Posted on 2009-05-12
23
1,154 Views
Last Modified: 2012-05-06
create a report showing alll users with the groups they are a member of and emails and email groups they participate in.
0
Comment
Question by:1030071002
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 5
  • +2
23 Comments
 
LVL 13

Assisted Solution

by:marine7275
marine7275 earned 35 total points
ID: 24367975
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 150 total points
ID: 24368052
you could also try adfind
http://www.joeware.net/freetools/tools/adfind/index.htm
adfind -default -f "&(objectcategory=person)(objectclass=user)" samaccountname memberof proxyaddresses
see if that gives you what you need
Thanks
Mike
0
 
LVL 4

Assisted Solution

by:delyan_valchev
delyan_valchev earned 140 total points
ID: 24368181
Here is a PowerShell script with Quest's Commands for Active Directory ( http://www.quest.com/powershell ) which generates a CSV report including:
- DN
- User names
- Logon username
- Email
- List of group memberships separated by semicolons
You can import it in Excel and format it the way you like.
Hope it helps!
$act={
	$QT='"'
	echo "DN,Name,Username,email,Description,Group membership"
	Get-QADUser -SearchRoot 'mydomain.com/Users' | foreach-object {
		$grp=''
		foreach ($i in $_.memberof) 
			{$a=(Get-QADgroup -identity $i).name
			$grp=$grp+$a+";"}
		select-object	
		
		$uname=$QT + $_.name +$QT
		$udn=$QT+ $_.dn +$QT
		$usamid=$QT+ $_.samaccountname +$QT
		$uemail=$QT+ $_.email +$QT
		$udesc=$QT+ $_.description +$QT
	
		
		echo ($udn + "," + $uname + "," +$usamid+ "," +$uemail + "," + $udesc+ "," + $grp)
	}
}
 
&$act > Userlist.csv

Open in new window

0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 175 total points
ID: 24368272

@delyan_valchev

It's lovely to be able to create your own output... but... there's Export-CSV.

Something like this:

Get-QADUser -SearchRoot 'mydomain.com/Users' | `
  Select-Object Name, DN, sAMAccountName, Email, Description, `
  @{n='Groups';e={ $_.memberOf | %{ Get-QADGroup | Select-Object Name }}} | `
  Export-CSV "out.csv"

Chris
0
 

Author Comment

by:1030071002
ID: 24368336
it work how can I print this or write it to a file
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 150 total points
ID: 24368399
If you are talking about the adfind you can send it to a text file
adfind -default -f "&(objectcategory=person)(objectclass=user)" samaccountname memberof proxyaddresses  > c:\Users.txt
or if you want it in csv format
adfind -default -f "&(objectcategory=person)(objectclass=user)" samaccountname memberof proxyaddresses -csv > c:\users.csv
What chris provided should already give you a file called out.csv
Thanks
Mike
 
0
 
LVL 4

Assisted Solution

by:delyan_valchev
delyan_valchev earned 140 total points
ID: 24368407
@Chris,
Thanks for the tip! Is it also possible to have the "reduced" version of my script so that the list of group memberships is separated by semicolon, while the other fields are separated by coma? It's useful for subsequent separate formatting of the user properties and the memberships.
0
 

Author Comment

by:1030071002
ID: 24368455
Chris-Dent where do i do that
0
 

Author Comment

by:1030071002
ID: 24368479
Sage how do i get the info to print or to a file
0
 

Author Comment

by:1030071002
ID: 24368487
quest.com/powershell it says I need sp 3.5 sorry
0
 
LVL 4

Assisted Solution

by:delyan_valchev
delyan_valchev earned 140 total points
ID: 24368508
0
 

Author Comment

by:1030071002
ID: 24368541
C:\>Get-QADUser -SearchRoot 'mydomain.com/Users' | ` Select-Object Name, DN, sAM
AccountName, Email, Description, ` @{n='Groups';e={ $_.memberOf | %{ Get-QADGrou
p | Select-Object Name }}} | ` Export-CSV "out.csv"
'Get-QADUser' is not recognized as an internal or external command,
operable program or batch file.
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 175 total points
ID: 24368582

> reduced" version of my script so that the list of group memberships is separated by semicolon

Yeah, did it work as I posted? Blimey :)

Lets have Groups as an array and join it together... might work like this:

Get-QADUser -SearchRoot 'mydomain.com/Users' | `
  Select-Object Name, DN, sAMAccountName, Email, Description, `
  @{n='Groups';e={ [String]::Join(",", ($_.memberOf | %{ (Get-QADGroup $_).Name }) }} | `
  Export-CSV "out.csv"

Sorry for the lack of certainty, my server here is broken, haven't got round to fixing it so testing stuff only happens at work ;)

Chris
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 175 total points
ID: 24368590

> is not recognized as an internal or external command,

You'll need to run the PowerShell shortcut from the Quest folder in the start menu, or run this command first:

Get-PsSnapIn -Reg | Add-PsSnapIn -EA 0

It needs to load the commands before they can be used.

Chris
0
 

Author Comment

by:1030071002
ID: 24368596
mkline71 how can write the file out it run perfect but i cant write the file out
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 150 total points
ID: 24368620
mkline71 how can write the file out it run perfect but i cant write the file out
See my answer in comment ID:24368399
...gave some examples about writing to a file.
Thanks
Mike
0
 
LVL 4

Assisted Solution

by:delyan_valchev
delyan_valchev earned 140 total points
ID: 24368687
Chris,
I'm also theorizing there at home and I'm no PowerShell guru. Will test tomorrow at work as well. Noticed a small typo in the Join:
 [String]::Join(";", ($_.memberOf | %{ (Get-QADGroup $_).Name
Correct me if I'm wrong.
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 175 total points
ID: 24368720

Ahh sorry, I'd read it as comma delimited :) Anyway, I think PowerShell adds appropriate quoting to Export-CSV.

Chris
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 175 total points
ID: 24369201

If Mike's solution helped you should accept Mike's response.  Objecting to the close on the grounds that it is impolite to request closure as self answered with no good reason.

Chris
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 150 total points
ID: 24369296
...both adfind and powershell can do the trick here (as with many tasks).  I'd personally give points for both answers.  Chris & delyan did a lot here too.
Thanks
Mike
 
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24372546

Tested and fixed the PowerShell snippets... just in case.

I'd have to find a better way for a large domain, it's painful pulling the group names like this, far too many calls to AD.

Chris
Get-QADUser -SearchRoot 'mydomain.com/Users' | `
  Select-Object Name, DN, sAMAccountName, Email, Description, `
  @{n='Groups';e={ [String]::Join(";", @($_.memberOf | %{ (Get-QADGroup $_).Name })) }} | `
  Export-CSV "out.csv"

Open in new window

0
 
LVL 4

Expert Comment

by:delyan_valchev
ID: 24372738
Found a new cmdlet in AD Management Shell 1.2 - Get-QADMemberOf which should do the optimization trick. I have revised a bit the script. Seems to be working ;)

Get-QADUser -SearchRoot 'mydomain.com/Users' | `
Select-Object Name, DN, sAMAccountName, Email, Description, `
@{n='Groups';e={ [String]::Join(";",($_|Get-QADMemberOf|%{$_.Name}))}} | `
Export-Csv "out.csv"

Open in new window

0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24372816

Mmm yes, that is rather nicer :)

Chris
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question