• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1034
  • Last Modified:

Active Directory User membership report

How can I create a report for the certain OUs members and to what groups they belong to?  ADUC query or need additional tools for that?
0
Tiras25
Asked:
Tiras25
4 Solutions
 
Stelian StanCommented:
If you are running 2008 or 2008 R2 run:
powershell
Get-ADGroup "GroupName" | EXPORT-CSV C:\group.csv

or
dsget group "CN=GroupName,DC=domain,DC=name,DC=com" -members

or
dsquery group -name "GroupName" | dsget group -members -expand
0
 
Tiras25Author Commented:
Hi Clony, see I have OU container that has 100s users.  Those users are members of various Global Security Groups.  So how can I generate a report per individual OU that would show me users and their memberships?
0
 
Sarang TinguriaSr EngineerCommented:
Chris has a great tool for all theese stuffs

Cjwdev | AD Info - Active Directory Reporting www.cjwdev.co.uk/Software/ADReportingTool/Info.html

Or

AdFind by joe
www.joeware.net/freetools/tools/adfind/index.htm
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Mike KlineCommented:
adinfo and adfind...sounds like an answer I've given :)

I looked at adinfo and can't see how to make it focus on one OU

adfind can

adfind -b "dn of your OU"  -f "&(objectcategory=person)(objectclass=user)" samaccountname memberof -nodn

Thanks

Mike
0
 
Sarang TinguriaSr EngineerCommented:
:) Mike thanks for detailed info
0
 
Tiras25Author Commented:
Mike, looks like it works! Thanks.
I just need to find a better output to make it more presentable.  Awesome!
0
 
Tiras25Author Commented:
IF you have an idea on how to make it more readable and presentable to non-admin people that'll be great.  So it doesn't show that extra lingo in the report. CN=xx OU=xx, DC=xx
Or if you can point me to another tool that can produce a clean report.
Thank you!
0
 
Satish AutiSenior System AdministratorCommented:
For output i have just modified Mike's command.

adfind -b "dn of your OU"  -f "&(objectcategory=person)(objectclass=user)" samaccountname memberof -nodn > C:\nameofoutputfile.txt

then you can open output fiel into comma seprated file in excel.
0
 
Tiras25Author Commented:
I did that already.  Thanks auti.  I was looking for something that can remove that AD lingo for the clients to read better.  I guess I need a paid tool for that.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now