Powershell - export 'member of' for a user

Posted on 2011-09-26
Last Modified: 2012-05-12

For backup purposes we need an export per user that contains the memberships for that user.

Say for example user "john doe" is in '' in the OU 'users'. Then I would need an export (text or csv, doesn't realy mather) that contains a line-per-line export of all groups that user is member of. (the 'member of' tab in the user properties window)

i would like to do this in powershell (no third party software) because it is part of a bigger script.

thank you!
Question by:ISUNI
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 37

Accepted Solution

Neil Russell earned 500 total points
ID: 36597692
The easiest way is to install the Quest QAD Commandlets for powershell. This is just a set of commandlets that add on to powershells functionality. After all powershell is basically just an extensible shell.

For a single user use...

$user = Get-QADUser 'Poshoholic'
$user.memberOf | Get-QADGroup

And for ALL users use

$Users = Get-QADUser
foreach ($User in $Users)
Write-Host "------------------------"
$user.memberof | Get-QADGroup  
LVL 37

Expert Comment

by:Neil Russell
ID: 36597979
Sorry, forgot link to powershell extensions by Quest

Expert Comment

ID: 36600884
One additional note: the $User.MemberOf attribute does not contain the default group of the user.  You either need to include the $User.PrimaryGroupId - which is numeric, and equates to the RID of the group.  Digging that out gets complicated considering you can much more easily do...

Get-QADMemberOf 'Poshoholic'

Open in new window

...for a single user, and...

$Users = Get-QADUser
foreach ($User in $Users) {
    Write-Host "------------------------"
    Get-QADMemberOf $User 

Open in new window

Hope that helps!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 37

Expert Comment

by:Neil Russell
ID: 36601236
Do YOU actually change users Primary Group? I have not met a sys admin that does that in years! As the Default Default group is Domain Users and EVERY user is a member of it, I never report on it.

Expert Comment

ID: 36601261
Actually, I found this the "hard" way at a customer where they make a practice of setting the default group on service and admin accounts to something other than Domain Users for subsequent processing by Group Policy.

So... yes, I've seen it. In a domain of 18k+ accounts, it matters.

Author Closing Comment

ID: 36954114
Thank you! This helps.

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
Windows 10 came with  a lot of built in applications, Some organisations leave them there, some will control them using GPO's. This Article is useful for those who do not want to have any applications in their image (example:me).
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question