Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Powershell - export 'member of' for a user

Posted on 2011-09-26
6
Medium Priority
?
1,911 Views
Last Modified: 2012-05-12
Dear

For backup purposes we need an export per user that contains the memberships for that user.

Say for example user "john doe" is in 'domain.in.grp' in the OU 'users'. Then I would need an export (text or csv, doesn't realy mather) that contains a line-per-line export of all groups that user is member of. (the 'member of' tab in the user properties window)

i would like to do this in powershell (no third party software) because it is part of a bigger script.

thank you!
0
Comment
Question by:ISUNI
  • 3
  • 2
6 Comments
 
LVL 37

Accepted Solution

by:
Neil Russell earned 2000 total points
ID: 36597692
The easiest way is to install the Quest QAD Commandlets for powershell. This is just a set of commandlets that add on to powershells functionality. After all powershell is basically just an extensible shell.

For a single user use...

$user = Get-QADUser 'Poshoholic'
$user.memberOf | Get-QADGroup

And for ALL users use

$Users = Get-QADUser
foreach ($User in $Users)
{
Write-Host "------------------------"
$user
$user.memberof | Get-QADGroup  
}
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36597979
Sorry, forgot link to powershell extensions by Quest

http://www.quest.com/powershell/activeroles-server.aspx
0
 
LVL 6

Expert Comment

by:netjgrnaut
ID: 36600884
One additional note: the $User.MemberOf attribute does not contain the default group of the user.  You either need to include the $User.PrimaryGroupId - which is numeric, and equates to the RID of the group.  Digging that out gets complicated considering you can much more easily do...

Get-QADMemberOf 'Poshoholic'

Open in new window


...for a single user, and...

$Users = Get-QADUser
foreach ($User in $Users) {
    Write-Host "------------------------"
    $User
    Get-QADMemberOf $User 
} 

Open in new window


Hope that helps!
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 37

Expert Comment

by:Neil Russell
ID: 36601236
Do YOU actually change users Primary Group? I have not met a sys admin that does that in years! As the Default Default group is Domain Users and EVERY user is a member of it, I never report on it.
0
 
LVL 6

Expert Comment

by:netjgrnaut
ID: 36601261
Actually, I found this the "hard" way at a customer where they make a practice of setting the default group on service and admin accounts to something other than Domain Users for subsequent processing by Group Policy.

So... yes, I've seen it. In a domain of 18k+ accounts, it matters.
0
 

Author Closing Comment

by:ISUNI
ID: 36954114
Thank you! This helps.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
Welcome to 2018! Exciting things lie ahead in the world of tech. To start things off, we compiled great member articles on how to stay safe, ways to learn, and much more! Read on to start your new year right.
Loops Section Overview
Screencast - Getting to Know the Pipeline

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question