Solved

active directory list of users with group and email

Posted on 2009-05-12
23
1,155 Views
Last Modified: 2012-05-06
create a report showing alll users with the groups they are a member of and emails and email groups they participate in.
0
Comment
Question by:1030071002
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 5
  • +2
23 Comments
 
LVL 13

Assisted Solution

by:marine7275
marine7275 earned 35 total points
ID: 24367975
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 150 total points
ID: 24368052
you could also try adfind
http://www.joeware.net/freetools/tools/adfind/index.htm
adfind -default -f "&(objectcategory=person)(objectclass=user)" samaccountname memberof proxyaddresses
see if that gives you what you need
Thanks
Mike
0
 
LVL 4

Assisted Solution

by:delyan_valchev
delyan_valchev earned 140 total points
ID: 24368181
Here is a PowerShell script with Quest's Commands for Active Directory ( http://www.quest.com/powershell ) which generates a CSV report including:
- DN
- User names
- Logon username
- Email
- List of group memberships separated by semicolons
You can import it in Excel and format it the way you like.
Hope it helps!
$act={
	$QT='"'
	echo "DN,Name,Username,email,Description,Group membership"
	Get-QADUser -SearchRoot 'mydomain.com/Users' | foreach-object {
		$grp=''
		foreach ($i in $_.memberof) 
			{$a=(Get-QADgroup -identity $i).name
			$grp=$grp+$a+";"}
		select-object	
		
		$uname=$QT + $_.name +$QT
		$udn=$QT+ $_.dn +$QT
		$usamid=$QT+ $_.samaccountname +$QT
		$uemail=$QT+ $_.email +$QT
		$udesc=$QT+ $_.description +$QT
	
		
		echo ($udn + "," + $uname + "," +$usamid+ "," +$uemail + "," + $udesc+ "," + $grp)
	}
}
 
&$act > Userlist.csv

Open in new window

0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 175 total points
ID: 24368272

@delyan_valchev

It's lovely to be able to create your own output... but... there's Export-CSV.

Something like this:

Get-QADUser -SearchRoot 'mydomain.com/Users' | `
  Select-Object Name, DN, sAMAccountName, Email, Description, `
  @{n='Groups';e={ $_.memberOf | %{ Get-QADGroup | Select-Object Name }}} | `
  Export-CSV "out.csv"

Chris
0
 

Author Comment

by:1030071002
ID: 24368336
it work how can I print this or write it to a file
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 150 total points
ID: 24368399
If you are talking about the adfind you can send it to a text file
adfind -default -f "&(objectcategory=person)(objectclass=user)" samaccountname memberof proxyaddresses  > c:\Users.txt
or if you want it in csv format
adfind -default -f "&(objectcategory=person)(objectclass=user)" samaccountname memberof proxyaddresses -csv > c:\users.csv
What chris provided should already give you a file called out.csv
Thanks
Mike
 
0
 
LVL 4

Assisted Solution

by:delyan_valchev
delyan_valchev earned 140 total points
ID: 24368407
@Chris,
Thanks for the tip! Is it also possible to have the "reduced" version of my script so that the list of group memberships is separated by semicolon, while the other fields are separated by coma? It's useful for subsequent separate formatting of the user properties and the memberships.
0
 

Author Comment

by:1030071002
ID: 24368455
Chris-Dent where do i do that
0
 

Author Comment

by:1030071002
ID: 24368479
Sage how do i get the info to print or to a file
0
 

Author Comment

by:1030071002
ID: 24368487
quest.com/powershell it says I need sp 3.5 sorry
0
 
LVL 4

Assisted Solution

by:delyan_valchev
delyan_valchev earned 140 total points
ID: 24368508
0
 

Author Comment

by:1030071002
ID: 24368541
C:\>Get-QADUser -SearchRoot 'mydomain.com/Users' | ` Select-Object Name, DN, sAM
AccountName, Email, Description, ` @{n='Groups';e={ $_.memberOf | %{ Get-QADGrou
p | Select-Object Name }}} | ` Export-CSV "out.csv"
'Get-QADUser' is not recognized as an internal or external command,
operable program or batch file.
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 175 total points
ID: 24368582

> reduced" version of my script so that the list of group memberships is separated by semicolon

Yeah, did it work as I posted? Blimey :)

Lets have Groups as an array and join it together... might work like this:

Get-QADUser -SearchRoot 'mydomain.com/Users' | `
  Select-Object Name, DN, sAMAccountName, Email, Description, `
  @{n='Groups';e={ [String]::Join(",", ($_.memberOf | %{ (Get-QADGroup $_).Name }) }} | `
  Export-CSV "out.csv"

Sorry for the lack of certainty, my server here is broken, haven't got round to fixing it so testing stuff only happens at work ;)

Chris
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 175 total points
ID: 24368590

> is not recognized as an internal or external command,

You'll need to run the PowerShell shortcut from the Quest folder in the start menu, or run this command first:

Get-PsSnapIn -Reg | Add-PsSnapIn -EA 0

It needs to load the commands before they can be used.

Chris
0
 

Author Comment

by:1030071002
ID: 24368596
mkline71 how can write the file out it run perfect but i cant write the file out
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 150 total points
ID: 24368620
mkline71 how can write the file out it run perfect but i cant write the file out
See my answer in comment ID:24368399
...gave some examples about writing to a file.
Thanks
Mike
0
 
LVL 4

Assisted Solution

by:delyan_valchev
delyan_valchev earned 140 total points
ID: 24368687
Chris,
I'm also theorizing there at home and I'm no PowerShell guru. Will test tomorrow at work as well. Noticed a small typo in the Join:
 [String]::Join(";", ($_.memberOf | %{ (Get-QADGroup $_).Name
Correct me if I'm wrong.
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 175 total points
ID: 24368720

Ahh sorry, I'd read it as comma delimited :) Anyway, I think PowerShell adds appropriate quoting to Export-CSV.

Chris
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 175 total points
ID: 24369201

If Mike's solution helped you should accept Mike's response.  Objecting to the close on the grounds that it is impolite to request closure as self answered with no good reason.

Chris
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 150 total points
ID: 24369296
...both adfind and powershell can do the trick here (as with many tasks).  I'd personally give points for both answers.  Chris & delyan did a lot here too.
Thanks
Mike
 
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24372546

Tested and fixed the PowerShell snippets... just in case.

I'd have to find a better way for a large domain, it's painful pulling the group names like this, far too many calls to AD.

Chris
Get-QADUser -SearchRoot 'mydomain.com/Users' | `
  Select-Object Name, DN, sAMAccountName, Email, Description, `
  @{n='Groups';e={ [String]::Join(";", @($_.memberOf | %{ (Get-QADGroup $_).Name })) }} | `
  Export-CSV "out.csv"

Open in new window

0
 
LVL 4

Expert Comment

by:delyan_valchev
ID: 24372738
Found a new cmdlet in AD Management Shell 1.2 - Get-QADMemberOf which should do the optimization trick. I have revised a bit the script. Seems to be working ;)

Get-QADUser -SearchRoot 'mydomain.com/Users' | `
Select-Object Name, DN, sAMAccountName, Email, Description, `
@{n='Groups';e={ [String]::Join(";",($_|Get-QADMemberOf|%{$_.Name}))}} | `
Export-Csv "out.csv"

Open in new window

0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24372816

Mmm yes, that is rather nicer :)

Chris
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question