ISUNI
asked on
Powershell - export 'member of' for a user
Dear
For backup purposes we need an export per user that contains the memberships for that user.
Say for example user "john doe" is in 'domain.in.grp' in the OU 'users'. Then I would need an export (text or csv, doesn't realy mather) that contains a line-per-line export of all groups that user is member of. (the 'member of' tab in the user properties window)
i would like to do this in powershell (no third party software) because it is part of a bigger script.
thank you!
For backup purposes we need an export per user that contains the memberships for that user.
Say for example user "john doe" is in 'domain.in.grp' in the OU 'users'. Then I would need an export (text or csv, doesn't realy mather) that contains a line-per-line export of all groups that user is member of. (the 'member of' tab in the user properties window)
i would like to do this in powershell (no third party software) because it is part of a bigger script.
thank you!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
One additional note: the $User.MemberOf attribute does not contain the default group of the user. You either need to include the $User.PrimaryGroupId - which is numeric, and equates to the RID of the group. Digging that out gets complicated considering you can much more easily do...
...for a single user, and...
Hope that helps!
Get-QADMemberOf 'Poshoholic'
...for a single user, and...
$Users = Get-QADUser
foreach ($User in $Users) {
Write-Host "------------------------"
$User
Get-QADMemberOf $User
}
Hope that helps!
Do YOU actually change users Primary Group? I have not met a sys admin that does that in years! As the Default Default group is Domain Users and EVERY user is a member of it, I never report on it.
Actually, I found this the "hard" way at a customer where they make a practice of setting the default group on service and admin accounts to something other than Domain Users for subsequent processing by Group Policy.
So... yes, I've seen it. In a domain of 18k+ accounts, it matters.
So... yes, I've seen it. In a domain of 18k+ accounts, it matters.
ASKER
Thank you! This helps.
http://www.quest.com/powershell/activeroles-server.aspx