Link to home
Create AccountLog in
Avatar of cawasaki
cawasaki

asked on

powershell script to export in csv all AD group and user member

hello,

i need a powershell script to export in csv all AD group and user/ or group  members.

in csv i need a description of group and OU.

thanks for help
Avatar of pr0t0c0l12
pr0t0c0l12

as simple as this:

#Import-Module ActiveDirectory -ErrorAction SilentlyContinue  
 
$basedn = 'dc=yourco,dc=com'
$outcsv = 'e:\data\ADexport\userst.csv'
 
# Note: there is a long string of attributes in the next line
get-aduser -filter * -searchbase $basedn -properties * |select CanonicalName,City,CN,codePage,Company...| export-csv $outcsv
Avatar of SubSun
If you have Quest AD cmdlets the you can try following script. If not let me know I can convert it to use Microsoft AD cmdlets..
$Groups= Get-qadgroup -IncludedProperties Description -SizeLimit 0
$Output = "C:\GroupMembers.csv"
[array]$Global:Results = $null
ForEach ($group in $Groups)
{$Global:Results += New-Object Psobject -Property @{
    "GroupeName"=$group.groupname
    "Samaccountname"=$group.Samaccountname
    "Members"=""
	"OBJ Description"=$group.Description
	"OU"=$group.ParentContainer
	"OU Description"=(Get-QADObject $group.ParentContainer -IncludedProperties Description).Description}

$Users=Get-Qadgroup $Group | Get-Qadgroupmember -SizeLimit 0 -IncludedProperties Description

ForEach ($User in $Users)
    {
    $Global:Results += New-Object Psobject -Property @{
    "GroupName"=""
    "Samaccountname"=$User.Samaccountname
	"Members"=$User.Name
	"OBJ Description"=$User.Description
	"OU"=$User.ParentContainer
	"OU Description"=(Get-QADObject $User.ParentContainer -IncludedProperties Description).Description}
    }
}
# Output results in selected format
$Global:Results | Select GroupeName,Samaccountname,"OBJ Description",Members,OU,"OU Description" | Export-CSV -Path $Output -NoTypeInformation

Open in new window

Avatar of cawasaki

ASKER

hi,

@ Subsun, you script is in test now, it will take 2 hours :) many user and groups :).

@ pr0t0c0l12, you script will only export user, i need to export all group with a list of members.

thanks
It's ok.. :-) ..  let me know if you need any modification on output..
@ Subsun: script return many error at this time like this:

Get-QADObject : Cannot validate argument on parameter 'Identity'. The argument is null or empty. Supply an argument tha
t is not null or empty and then try the command again.
At C:\script.ps1:23 char:33
+     "OU Description"=(Get-QADObject <<<<  $User.ParentContainer -IncludedProperties Description).Description}
    + CategoryInfo          : InvalidData: (:) [Get-QADObject], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlet
   s.GetGenericObjectCmdlet

Open in new window


normal?
It's probably for the groups which are empty (No members). You can add an If condition to exclude the groups which are empty.

Like

If ($Users -ne $null) {
ForEach ($User in $Users)
    {
    $Global:Results += New-Object Psobject -Property @{
    "GroupName"=""
    "Samaccountname"=$User.Samaccountname
      "Members"=$User.Name
      "OBJ Description"=$User.Description
      "OU"=$User.ParentContainer
      "OU Description"=(Get-QADObject $User.ParentContainer -IncludedProperties Description).Description}
    }

}
or

If ($Users){<Script to check users here>}
hello,

@Subsun, its work perfectly :)

its possible to get the same script to get mail enabled group and users member?

thanks
finaly, the mail enabled group is on export file.

its possible to add in this export email adress (only for group, no need to get user mail in export) ?

thanks
You can get both group and user mail address, not a big deal.. Try this..
$Groups= Get-qadgroup -IncludedProperties Description -SizeLimit 0
$Output = "C:\GroupMembers.csv"
[array]$Global:Results = $null
ForEach ($group in $Groups)
{$Global:Results += New-Object Psobject -Property @{
    "GroupeName"=$group.groupname
    "Samaccountname"=$group.Samaccountname
    "Members"=""
    "OBJ Mail"=$group.Mail
    "OBJ Description"=$group.Description
    "OU"=$group.ParentContainer
    "OU Description"=(Get-QADObject $group.ParentContainer -IncludedProperties Description).Description}

$Users=Get-Qadgroup $Group | Get-Qadgroupmember -SizeLimit 0 -IncludedProperties Description

ForEach ($User in $Users)
    {
    $Global:Results += New-Object Psobject -Property @{
    "GroupName"=""
    "Samaccountname"=$User.Samaccountname
    "Members"=$User.Name
    "OBJ Mail"=$User.Mail
    "OBJ Description"=$User.Description
    "OU"=$User.ParentContainer
    "OU Description"=(Get-QADObject $User.ParentContainer -IncludedProperties Description).Description}
    }
}
# Output results in selected format
$Global:Results | Select GroupeName,Samaccountname,"OBJ Description","OBJ Mail",Members,OU,"OU Description" | Export-CSV -Path $Output -NoTypeInformation

Open in new window

Hi,

its more visible for me if in export file i can view only mail of mail enabled group.

its possible to get only mail enabled group without user mail?

thanks
Change
$Groups= Get-qadgroup -IncludedProperties Description -SizeLimit 0

Open in new window

to
$Groups= Get-qadgroup -IncludedProperties Description -SizeLimit 0 | Where {$_.Mail -ne $null}

Open in new window

For collecting only mail enabled groups..

Change "OBJ Mail"=$User.Mail to "OBJ Mail"="" to ignore the user mail ID's..
export in progress...

its normal i get the csv file only at the end of execution of script?

not possible to see the csv file contain when script progress?
To see the progress you can print $Global:Results inside the foreach loop..
Update: If you print the $Global:Results it will show you the accumulated result so..
To see the progress you can print the variables in side the foreach loop.. :-)
hum, can you show me plz where i can add this?
ASKER CERTIFIED SOLUTION
Avatar of SubSun
SubSun
Flag of India image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
thank you work great :)