Solved

PowerShell need to pull user info from ad group

Posted on 2013-06-12
10
1,357 Views
Last Modified: 2013-07-16
I have a script that will pull the users from a group.  I also need a have the AD properties of the users.  I will show you what I have now.

Get-ADGroupMember -Identity vpn | ForEach-Object {

Get-ADUser -Filter $name  -SearchBase "ou=Users, dc=Domain, dc=com" -Properties * | Select-Object -Property Name,SamAccountName,Description,EmailAddress,LastLogonDate,Manager,Title,Department,whenCreated,Enabled,Organization | Sort-

Object -Property Name } | Export-Csv c:\temp\test1.csv

what am I doing wrong?
0
Comment
Question by:FAC_IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
10 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 39242028
You didn't define $name  anywhere in script.. Try..

Get-ADGroupMember -Identity vpn | ForEach-Object {
Get-ADUser  $_.Samaccountname  -SearchBase "ou=Users, dc=Domain, dc=com" -Properties * | Select-Object -Property Name,SamAccountName,Description,EmailAddress,LastLogonDate,Manager,Title,Department,whenCreated,Enabled,Organization | Sort-Object -Property Name } | Export-Csv c:\temp\test1.csv

Open in new window


Or

Get-ADGroupMember -Identity vpn | Get-ADUser -Filter $name  -SearchBase "ou=Users, dc=Domain, dc=com" -Properties * | Select-Object -Property Name,SamAccountName,Description,EmailAddress,LastLogonDate,Manager,Title,Department,whenCreated,Enabled,Organization | Sort-Object -Property Name } | Export-Csv c:\temp\test1.csv

Open in new window

0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39242029
You are asking for the properties of $name - which is an undefined var. You'll have to use $_.Name instead.
Get-ADGroupMember -Identity vpn | ForEach-Object {
  Get-ADUser -Filter $_.Name  -SearchBase "ou=Users, dc=Domain, dc=com" -Properties * |
  Select-Object -Property Name, SamAccountName, Description, EmailAddress, LastLogonDate, Manager, Title, Department, whenCreated, Enabled, Organization |
  Sort-Object -Property Name
} | Export-Csv c:\temp\test1.csv

Open in new window

You can prevent from such mistakes if you run
Set-StrictMode -version latest

Open in new window

as very first command of your prompt or script. That switches to a more strict policy about using undefined vars (and more), which is useful in particular to detect typos.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39242052
There is an update in the second code which I posted (I missed to remove the $name)...
Get-ADGroupMember -Identity vpn | Get-ADUser -SearchBase "ou=Users, dc=Domain, dc=com" -Properties * | Select-Object -Property Name,SamAccountName,Description,EmailAddress,LastLogonDate,Manager,Title,Department,whenCreated,Enabled,Organization | Sort-Object -Property Name } | Export-Csv c:\temp\test1.csv

Open in new window

0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 70

Expert Comment

by:Qlemo
ID: 39242061
The last approach (of Subsun, using the pipe directly) is the best one, as it just passes the object as necessary along the pipe. This often works as expected.
0
 

Author Comment

by:FAC_IT
ID: 39242071
This is the error I am getting when I use -filter $_.name: Get-ADUser : Error parsing query: 'Brandi Snead' Error Message: 'syntax error' at position: '8'.
At C:\users\user\Desktop\Users.ps1:3 char:1
+ Get-ADUser -Filter $_.name -SearchBase "ou=Users,dc=domain,dc=com" -Proper ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ParserError: (:) [Get-ADUser], ADFilterParsingException
    + FullyQualifiedErrorId : Error parsing query: 'Brandi Snead' Error Message: 'syntax error' at position: '8'.,Micr
   osoft.ActiveDirectory.Management.Commands.GetADUser


This what I get when I use $_.Samaccountname

Get-ADUser : A positional parameter cannot be found that accepts argument 'burbina'.
At C:\users\user\Desktop\Users.ps1:3 char:1
+ Get-ADUser $_.Samaccountname   -SearchBase "ou=Users,dc=Domain,dc=com" -Pr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-ADUser], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.GetADUser
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39242083
Use the syntax as shown in http:#a39242052 .
0
 

Author Comment

by:FAC_IT
ID: 39242120
Qlemo,

When I run it like you want in a39242052 it is asking for a Filter.  I try a * and it came back with everything in the users OU.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39242313
Try..
Get-ADGroupMember -Identity vpn | ?{$_.distinguishedName -like "*ou=Users,dc=Domain,dc=com"} | Get-ADUser -Properties * | Select-Object -Property Name,SamAccountName,Description,EmailAddress,LastLogonDate,Manager,Title,Department,whenCreated,Enabled,Organization | Sort-Object -Property Name | Export-Csv c:\temp\test1.csv

Open in new window

0
 

Author Comment

by:FAC_IT
ID: 39242345
I get no errors and it creates a file but there is nothing in it.  What does the ? do?
0
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 39242363
The command will display the member if they are from Users OU, is that what you want?
If yes, do you get any output for following command?
Get-ADGroupMember -Identity vpn | ?{$_.distinguishedName -like "*ou=Users,dc=Domain,dc=com"}

Open in new window

0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question