[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 551
  • Last Modified:

Powershell: Find users who are member of groups with certain name

Hi,

I'm working at some company where a lot, about 50%, of the global security groupnames start with: "GGCTX-"
I would like to have a powershell script which I can feed a CSV file with usernames and that gives me only the groupnames that starts with "GGCTX"  the user is member of.

I'm a lousy scripter. Scripts i've found on the internet that looked promising and that I tried to adjust did not do the trick and gave me at best a screen full of garble.

Is there anyone who can help me on this, or at least give me a kick into the right direction ?

Thanks
0
Loyall
Asked:
Loyall
  • 6
  • 2
1 Solution
 
MaheshArchitectCommented:
You can try below code

Import-Module ActiveDirectory
Get-ADUser -SearchBase "OU=Users,DC=domain,DC=local" -Filter * | foreach-object {
write-host "User:" $_.Name -foreground green
    Get-ADPrincipalGroupMembership $_.SamAccountName | foreach-object {
        write-host "Member Of:" $_.name
    }
}

the code will simply query all users in specified OU and return there group membership
I tried to chnage \ redirect output to csv format unsuccessfully.
If you could change the code so that you can get output in .csv format
later on you can filter excel file on the basis of group mentioned in question.
0
 
LoyallAuthor Commented:
Hi, MaheshPM

Thank tou for your comment.
I already found a solution like yours, but I would like to have a script that only gives me the "GGCTX" groups.
0
 
LoyallAuthor Commented:
This is the script that gives me a screen full of errors and garble:

Import-CSV "C:\Temp\Test\Test.csv" -Delimiter ';' | ForEach-Object {

$user = $_.samaccountname
$dn  = (Get-ADUser $user).DistinguishedName    

$GrpArr = @()
$Groups = get-adgroup -filter {name -like "GGCTX*"} -searchbase "dc=company,dc=local" | select $dn
foreach ($group in $groups)
{
    $GrpArr += $group
    $members = get-adgroupmember $group | select $dn
    foreach ($member in $members)
    {
        $memprops = get-aduser $member -properties company
        $comp = $memprops.company
        $grpArr += "$member,$comp"
    }
}
}
$grpArr | export-csv C:\Temp\Test\Groups.csv -NoTypeInformation
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
footechCommented:
How about the following?  Not sure exactly what information you want returned.
Get-ADUser -filter * -Properties memberof | Where {$_.memberof -match "GGCTX"} | ForEach `
{
    $samaccountname = $_.samaccountname
    Get-ADPrincipalGroupMembership $_.samaccountname |
     Where {$_.name -like "GGCTX*"} |
     Select @{n="samaccountname";e={$samaccountname}},@{n="GroupName";e={$_.name}}
} | Export-CSV groups.csv -notype

Open in new window

0
 
LoyallAuthor Commented:
Hi footech,

You really helped me on this one !
I made a little adjustment, so now it grabs the sAMAccountname from a csv:

Import-CSV "C:\Temp\Users.csv" -Delimiter ',' | ForEach-Object {
Get-ADUser -filter * -Properties memberof | Where {$_.memberof -match "GGCTX"} | ForEach `
{
    $samaccountname = $_.samaccountname
    Get-ADPrincipalGroupMembership $_.samaccountname |
     Where {$_.name -like "GGCTX*"} |
     Select @{n="samaccountname";e={$samaccountname}},@{n="GroupName";e={$_.name}}
} | Export-CSV C:\Temp\groups.csv -notype
}

Open in new window

0
 
LoyallAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for Loyall's comment #a39657279
Assisted answer: 500 points for footech's comment #a39656940

for the following reason:

Footech gave me the handle to adjust the script exactly to my wishes.
0
 
footechCommented:
Just in case you haven't noticed yet in testing, the script you posted wouldn't actually work the way I think you want, since it doesn't base any of its queries or output on information obtained from the .CSV.  It would actually just run the script I provided repeatedly for each line in the .CSV.
You would need to adjust the Get-ADUser query to limit it to the specific username from the .CSV, and also move the pipe to Export-CSV after the last brace.
I'm not sure what the purpose of the users.csv file is.  If it's just to limit which users are returned, I think the following would perform better since you wouldn't be doing as many queries to AD.
Given a .CSV like
username
user1
user2
user3

Open in new window

$users = Import-CSV "C:\Temp\Users.csv" -Delimiter ',' | Select -ExpandProperty username
Get-ADUser -filter * -Properties memberof | Where {$_.memberof -match "GGCTX" -and $users -contains $_.samaccountname } | ForEach `
{
    $samaccountname = $_.samaccountname
    Get-ADPrincipalGroupMembership $_.samaccountname |
        Where {$_.name -like "GGCTX*"} |
        Select @{n="samaccountname";e={$samaccountname}},@{n="GroupName";e={$_.name}}
} | Export-CSV C:\Temp\groups.csv -notype

Open in new window

0
 
LoyallAuthor Commented:
Footech delivered a script that really works ! ;-)
0
 
LoyallAuthor Commented:
Footech,

As I already wrote in my question, i'm a lousy scripter. ;-)
Thanks a lot for helping me !

Loyall
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 6
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now