Solved

active directory list of users with group and email

Posted on 2009-05-12
23
1,146 Views
Last Modified: 2012-05-06
create a report showing alll users with the groups they are a member of and emails and email groups they participate in.
0
Comment
Question by:1030071002
  • 7
  • 6
  • 5
  • +2
23 Comments
 
LVL 13

Assisted Solution

by:marine7275
marine7275 earned 35 total points
ID: 24367975
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 150 total points
ID: 24368052
you could also try adfind
http://www.joeware.net/freetools/tools/adfind/index.htm
adfind -default -f "&(objectcategory=person)(objectclass=user)" samaccountname memberof proxyaddresses
see if that gives you what you need
Thanks
Mike
0
 
LVL 4

Assisted Solution

by:delyan_valchev
delyan_valchev earned 140 total points
ID: 24368181
Here is a PowerShell script with Quest's Commands for Active Directory ( http://www.quest.com/powershell ) which generates a CSV report including:
- DN
- User names
- Logon username
- Email
- List of group memberships separated by semicolons
You can import it in Excel and format it the way you like.
Hope it helps!
$act={

	$QT='"'

	echo "DN,Name,Username,email,Description,Group membership"

	Get-QADUser -SearchRoot 'mydomain.com/Users' | foreach-object {

		$grp=''

		foreach ($i in $_.memberof) 

			{$a=(Get-QADgroup -identity $i).name

			$grp=$grp+$a+";"}

		select-object	

		

		$uname=$QT + $_.name +$QT

		$udn=$QT+ $_.dn +$QT

		$usamid=$QT+ $_.samaccountname +$QT

		$uemail=$QT+ $_.email +$QT

		$udesc=$QT+ $_.description +$QT

	

		

		echo ($udn + "," + $uname + "," +$usamid+ "," +$uemail + "," + $udesc+ "," + $grp)

	}

}
 

&$act > Userlist.csv

Open in new window

0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 175 total points
ID: 24368272

@delyan_valchev

It's lovely to be able to create your own output... but... there's Export-CSV.

Something like this:

Get-QADUser -SearchRoot 'mydomain.com/Users' | `
  Select-Object Name, DN, sAMAccountName, Email, Description, `
  @{n='Groups';e={ $_.memberOf | %{ Get-QADGroup | Select-Object Name }}} | `
  Export-CSV "out.csv"

Chris
0
 

Author Comment

by:1030071002
ID: 24368336
it work how can I print this or write it to a file
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 150 total points
ID: 24368399
If you are talking about the adfind you can send it to a text file
adfind -default -f "&(objectcategory=person)(objectclass=user)" samaccountname memberof proxyaddresses  > c:\Users.txt
or if you want it in csv format
adfind -default -f "&(objectcategory=person)(objectclass=user)" samaccountname memberof proxyaddresses -csv > c:\users.csv
What chris provided should already give you a file called out.csv
Thanks
Mike
 
0
 
LVL 4

Assisted Solution

by:delyan_valchev
delyan_valchev earned 140 total points
ID: 24368407
@Chris,
Thanks for the tip! Is it also possible to have the "reduced" version of my script so that the list of group memberships is separated by semicolon, while the other fields are separated by coma? It's useful for subsequent separate formatting of the user properties and the memberships.
0
 

Author Comment

by:1030071002
ID: 24368455
Chris-Dent where do i do that
0
 

Author Comment

by:1030071002
ID: 24368479
Sage how do i get the info to print or to a file
0
 

Author Comment

by:1030071002
ID: 24368487
quest.com/powershell it says I need sp 3.5 sorry
0
 
LVL 4

Assisted Solution

by:delyan_valchev
delyan_valchev earned 140 total points
ID: 24368508
0
 

Author Comment

by:1030071002
ID: 24368541
C:\>Get-QADUser -SearchRoot 'mydomain.com/Users' | ` Select-Object Name, DN, sAM
AccountName, Email, Description, ` @{n='Groups';e={ $_.memberOf | %{ Get-QADGrou
p | Select-Object Name }}} | ` Export-CSV "out.csv"
'Get-QADUser' is not recognized as an internal or external command,
operable program or batch file.
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 175 total points
ID: 24368582

> reduced" version of my script so that the list of group memberships is separated by semicolon

Yeah, did it work as I posted? Blimey :)

Lets have Groups as an array and join it together... might work like this:

Get-QADUser -SearchRoot 'mydomain.com/Users' | `
  Select-Object Name, DN, sAMAccountName, Email, Description, `
  @{n='Groups';e={ [String]::Join(",", ($_.memberOf | %{ (Get-QADGroup $_).Name }) }} | `
  Export-CSV "out.csv"

Sorry for the lack of certainty, my server here is broken, haven't got round to fixing it so testing stuff only happens at work ;)

Chris
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 175 total points
ID: 24368590

> is not recognized as an internal or external command,

You'll need to run the PowerShell shortcut from the Quest folder in the start menu, or run this command first:

Get-PsSnapIn -Reg | Add-PsSnapIn -EA 0

It needs to load the commands before they can be used.

Chris
0
 

Author Comment

by:1030071002
ID: 24368596
mkline71 how can write the file out it run perfect but i cant write the file out
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 150 total points
ID: 24368620
mkline71 how can write the file out it run perfect but i cant write the file out
See my answer in comment ID:24368399
...gave some examples about writing to a file.
Thanks
Mike
0
 
LVL 4

Assisted Solution

by:delyan_valchev
delyan_valchev earned 140 total points
ID: 24368687
Chris,
I'm also theorizing there at home and I'm no PowerShell guru. Will test tomorrow at work as well. Noticed a small typo in the Join:
 [String]::Join(";", ($_.memberOf | %{ (Get-QADGroup $_).Name
Correct me if I'm wrong.
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 175 total points
ID: 24368720

Ahh sorry, I'd read it as comma delimited :) Anyway, I think PowerShell adds appropriate quoting to Export-CSV.

Chris
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 175 total points
ID: 24369201

If Mike's solution helped you should accept Mike's response.  Objecting to the close on the grounds that it is impolite to request closure as self answered with no good reason.

Chris
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 150 total points
ID: 24369296
...both adfind and powershell can do the trick here (as with many tasks).  I'd personally give points for both answers.  Chris & delyan did a lot here too.
Thanks
Mike
 
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24372546

Tested and fixed the PowerShell snippets... just in case.

I'd have to find a better way for a large domain, it's painful pulling the group names like this, far too many calls to AD.

Chris
Get-QADUser -SearchRoot 'mydomain.com/Users' | `

  Select-Object Name, DN, sAMAccountName, Email, Description, `

  @{n='Groups';e={ [String]::Join(";", @($_.memberOf | %{ (Get-QADGroup $_).Name })) }} | `

  Export-CSV "out.csv"

Open in new window

0
 
LVL 4

Expert Comment

by:delyan_valchev
ID: 24372738
Found a new cmdlet in AD Management Shell 1.2 - Get-QADMemberOf which should do the optimization trick. I have revised a bit the script. Seems to be working ;)

Get-QADUser -SearchRoot 'mydomain.com/Users' | `

Select-Object Name, DN, sAMAccountName, Email, Description, `

@{n='Groups';e={ [String]::Join(";",($_|Get-QADMemberOf|%{$_.Name}))}} | `

Export-Csv "out.csv"

Open in new window

0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 24372816

Mmm yes, that is rather nicer :)

Chris
0

Join & Write a Comment

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now