Powershell - export 'member of' for a user

Dear

For backup purposes we need an export per user that contains the memberships for that user.

Say for example user "john doe" is in 'domain.in.grp' in the OU 'users'. Then I would need an export (text or csv, doesn't realy mather) that contains a line-per-line export of all groups that user is member of. (the 'member of' tab in the user properties window)

i would like to do this in powershell (no third party software) because it is part of a bigger script.

thank you!
ISUNIAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Neil RussellConnect With a Mentor Technical Development LeadCommented:
The easiest way is to install the Quest QAD Commandlets for powershell. This is just a set of commandlets that add on to powershells functionality. After all powershell is basically just an extensible shell.

For a single user use...

$user = Get-QADUser 'Poshoholic'
$user.memberOf | Get-QADGroup

And for ALL users use

$Users = Get-QADUser
foreach ($User in $Users)
{
Write-Host "------------------------"
$user
$user.memberof | Get-QADGroup  
}
0
 
Neil RussellTechnical Development LeadCommented:
Sorry, forgot link to powershell extensions by Quest

http://www.quest.com/powershell/activeroles-server.aspx
0
 
netjgrnautCommented:
One additional note: the $User.MemberOf attribute does not contain the default group of the user.  You either need to include the $User.PrimaryGroupId - which is numeric, and equates to the RID of the group.  Digging that out gets complicated considering you can much more easily do...

Get-QADMemberOf 'Poshoholic'

Open in new window


...for a single user, and...

$Users = Get-QADUser
foreach ($User in $Users) {
    Write-Host "------------------------"
    $User
    Get-QADMemberOf $User 
} 

Open in new window


Hope that helps!
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
Neil RussellTechnical Development LeadCommented:
Do YOU actually change users Primary Group? I have not met a sys admin that does that in years! As the Default Default group is Domain Users and EVERY user is a member of it, I never report on it.
0
 
netjgrnautCommented:
Actually, I found this the "hard" way at a customer where they make a practice of setting the default group on service and admin accounts to something other than Domain Users for subsequent processing by Group Policy.

So... yes, I've seen it. In a domain of 18k+ accounts, it matters.
0
 
ISUNIAuthor Commented:
Thank you! This helps.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.