?
Solved

PowerShell need to pull user info from ad group

Posted on 2013-06-12
10
Medium Priority
?
1,497 Views
Last Modified: 2013-07-16
I have a script that will pull the users from a group.  I also need a have the AD properties of the users.  I will show you what I have now.

Get-ADGroupMember -Identity vpn | ForEach-Object {

Get-ADUser -Filter $name  -SearchBase "ou=Users, dc=Domain, dc=com" -Properties * | Select-Object -Property Name,SamAccountName,Description,EmailAddress,LastLogonDate,Manager,Title,Department,whenCreated,Enabled,Organization | Sort-

Object -Property Name } | Export-Csv c:\temp\test1.csv

what am I doing wrong?
0
Comment
Question by:FAC_IT
  • 4
  • 3
  • 3
10 Comments
 
LVL 40

Expert Comment

by:Subsun
ID: 39242028
You didn't define $name  anywhere in script.. Try..

Get-ADGroupMember -Identity vpn | ForEach-Object {
Get-ADUser  $_.Samaccountname  -SearchBase "ou=Users, dc=Domain, dc=com" -Properties * | Select-Object -Property Name,SamAccountName,Description,EmailAddress,LastLogonDate,Manager,Title,Department,whenCreated,Enabled,Organization | Sort-Object -Property Name } | Export-Csv c:\temp\test1.csv

Open in new window


Or

Get-ADGroupMember -Identity vpn | Get-ADUser -Filter $name  -SearchBase "ou=Users, dc=Domain, dc=com" -Properties * | Select-Object -Property Name,SamAccountName,Description,EmailAddress,LastLogonDate,Manager,Title,Department,whenCreated,Enabled,Organization | Sort-Object -Property Name } | Export-Csv c:\temp\test1.csv

Open in new window

0
 
LVL 71

Expert Comment

by:Qlemo
ID: 39242029
You are asking for the properties of $name - which is an undefined var. You'll have to use $_.Name instead.
Get-ADGroupMember -Identity vpn | ForEach-Object {
  Get-ADUser -Filter $_.Name  -SearchBase "ou=Users, dc=Domain, dc=com" -Properties * |
  Select-Object -Property Name, SamAccountName, Description, EmailAddress, LastLogonDate, Manager, Title, Department, whenCreated, Enabled, Organization |
  Sort-Object -Property Name
} | Export-Csv c:\temp\test1.csv

Open in new window

You can prevent from such mistakes if you run
Set-StrictMode -version latest

Open in new window

as very first command of your prompt or script. That switches to a more strict policy about using undefined vars (and more), which is useful in particular to detect typos.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39242052
There is an update in the second code which I posted (I missed to remove the $name)...
Get-ADGroupMember -Identity vpn | Get-ADUser -SearchBase "ou=Users, dc=Domain, dc=com" -Properties * | Select-Object -Property Name,SamAccountName,Description,EmailAddress,LastLogonDate,Manager,Title,Department,whenCreated,Enabled,Organization | Sort-Object -Property Name } | Export-Csv c:\temp\test1.csv

Open in new window

0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 71

Expert Comment

by:Qlemo
ID: 39242061
The last approach (of Subsun, using the pipe directly) is the best one, as it just passes the object as necessary along the pipe. This often works as expected.
0
 

Author Comment

by:FAC_IT
ID: 39242071
This is the error I am getting when I use -filter $_.name: Get-ADUser : Error parsing query: 'Brandi Snead' Error Message: 'syntax error' at position: '8'.
At C:\users\user\Desktop\Users.ps1:3 char:1
+ Get-ADUser -Filter $_.name -SearchBase "ou=Users,dc=domain,dc=com" -Proper ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ParserError: (:) [Get-ADUser], ADFilterParsingException
    + FullyQualifiedErrorId : Error parsing query: 'Brandi Snead' Error Message: 'syntax error' at position: '8'.,Micr
   osoft.ActiveDirectory.Management.Commands.GetADUser


This what I get when I use $_.Samaccountname

Get-ADUser : A positional parameter cannot be found that accepts argument 'burbina'.
At C:\users\user\Desktop\Users.ps1:3 char:1
+ Get-ADUser $_.Samaccountname   -SearchBase "ou=Users,dc=Domain,dc=com" -Pr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-ADUser], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.GetADUser
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 39242083
Use the syntax as shown in http:#a39242052 .
0
 

Author Comment

by:FAC_IT
ID: 39242120
Qlemo,

When I run it like you want in a39242052 it is asking for a Filter.  I try a * and it came back with everything in the users OU.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39242313
Try..
Get-ADGroupMember -Identity vpn | ?{$_.distinguishedName -like "*ou=Users,dc=Domain,dc=com"} | Get-ADUser -Properties * | Select-Object -Property Name,SamAccountName,Description,EmailAddress,LastLogonDate,Manager,Title,Department,whenCreated,Enabled,Organization | Sort-Object -Property Name | Export-Csv c:\temp\test1.csv

Open in new window

0
 

Author Comment

by:FAC_IT
ID: 39242345
I get no errors and it creates a file but there is nothing in it.  What does the ? do?
0
 
LVL 40

Accepted Solution

by:
Subsun earned 1500 total points
ID: 39242363
The command will display the member if they are from Users OU, is that what you want?
If yes, do you get any output for following command?
Get-ADGroupMember -Identity vpn | ?{$_.distinguishedName -like "*ou=Users,dc=Domain,dc=com"}

Open in new window

0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question