Solved

Powershell: Find users who are member of groups with certain name

Posted on 2013-11-18
9
529 Views
Last Modified: 2013-11-18
Hi,

I'm working at some company where a lot, about 50%, of the global security groupnames start with: "GGCTX-"
I would like to have a powershell script which I can feed a CSV file with usernames and that gives me only the groupnames that starts with "GGCTX"  the user is member of.

I'm a lousy scripter. Scripts i've found on the internet that looked promising and that I tried to adjust did not do the trick and gave me at best a screen full of garble.

Is there anyone who can help me on this, or at least give me a kick into the right direction ?

Thanks
0
Comment
Question by:Loyall
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
9 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39655825
You can try below code

Import-Module ActiveDirectory
Get-ADUser -SearchBase "OU=Users,DC=domain,DC=local" -Filter * | foreach-object {
write-host "User:" $_.Name -foreground green
    Get-ADPrincipalGroupMembership $_.SamAccountName | foreach-object {
        write-host "Member Of:" $_.name
    }
}

the code will simply query all users in specified OU and return there group membership
I tried to chnage \ redirect output to csv format unsuccessfully.
If you could change the code so that you can get output in .csv format
later on you can filter excel file on the basis of group mentioned in question.
0
 
LVL 2

Author Comment

by:Loyall
ID: 39655827
Hi, MaheshPM

Thank tou for your comment.
I already found a solution like yours, but I would like to have a script that only gives me the "GGCTX" groups.
0
 
LVL 2

Author Comment

by:Loyall
ID: 39656541
This is the script that gives me a screen full of errors and garble:

Import-CSV "C:\Temp\Test\Test.csv" -Delimiter ';' | ForEach-Object {

$user = $_.samaccountname
$dn  = (Get-ADUser $user).DistinguishedName    

$GrpArr = @()
$Groups = get-adgroup -filter {name -like "GGCTX*"} -searchbase "dc=company,dc=local" | select $dn
foreach ($group in $groups)
{
    $GrpArr += $group
    $members = get-adgroupmember $group | select $dn
    foreach ($member in $members)
    {
        $memprops = get-aduser $member -properties company
        $comp = $memprops.company
        $grpArr += "$member,$comp"
    }
}
}
$grpArr | export-csv C:\Temp\Test\Groups.csv -NoTypeInformation
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 40

Expert Comment

by:footech
ID: 39656940
How about the following?  Not sure exactly what information you want returned.
Get-ADUser -filter * -Properties memberof | Where {$_.memberof -match "GGCTX"} | ForEach `
{
    $samaccountname = $_.samaccountname
    Get-ADPrincipalGroupMembership $_.samaccountname |
     Where {$_.name -like "GGCTX*"} |
     Select @{n="samaccountname";e={$samaccountname}},@{n="GroupName";e={$_.name}}
} | Export-CSV groups.csv -notype

Open in new window

0
 
LVL 2

Author Comment

by:Loyall
ID: 39657279
Hi footech,

You really helped me on this one !
I made a little adjustment, so now it grabs the sAMAccountname from a csv:

Import-CSV "C:\Temp\Users.csv" -Delimiter ',' | ForEach-Object {
Get-ADUser -filter * -Properties memberof | Where {$_.memberof -match "GGCTX"} | ForEach `
{
    $samaccountname = $_.samaccountname
    Get-ADPrincipalGroupMembership $_.samaccountname |
     Where {$_.name -like "GGCTX*"} |
     Select @{n="samaccountname";e={$samaccountname}},@{n="GroupName";e={$_.name}}
} | Export-CSV C:\Temp\groups.csv -notype
}

Open in new window

0
 
LVL 2

Author Comment

by:Loyall
ID: 39657438
I've requested that this question be closed as follows:

Accepted answer: 0 points for Loyall's comment #a39657279
Assisted answer: 500 points for footech's comment #a39656940

for the following reason:

Footech gave me the handle to adjust the script exactly to my wishes.
0
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 39657346
Just in case you haven't noticed yet in testing, the script you posted wouldn't actually work the way I think you want, since it doesn't base any of its queries or output on information obtained from the .CSV.  It would actually just run the script I provided repeatedly for each line in the .CSV.
You would need to adjust the Get-ADUser query to limit it to the specific username from the .CSV, and also move the pipe to Export-CSV after the last brace.
I'm not sure what the purpose of the users.csv file is.  If it's just to limit which users are returned, I think the following would perform better since you wouldn't be doing as many queries to AD.
Given a .CSV like
username
user1
user2
user3

Open in new window

$users = Import-CSV "C:\Temp\Users.csv" -Delimiter ',' | Select -ExpandProperty username
Get-ADUser -filter * -Properties memberof | Where {$_.memberof -match "GGCTX" -and $users -contains $_.samaccountname } | ForEach `
{
    $samaccountname = $_.samaccountname
    Get-ADPrincipalGroupMembership $_.samaccountname |
        Where {$_.name -like "GGCTX*"} |
        Select @{n="samaccountname";e={$samaccountname}},@{n="GroupName";e={$_.name}}
} | Export-CSV C:\Temp\groups.csv -notype

Open in new window

0
 
LVL 2

Author Closing Comment

by:Loyall
ID: 39657439
Footech delivered a script that really works ! ;-)
0
 
LVL 2

Author Comment

by:Loyall
ID: 39657448
Footech,

As I already wrote in my question, i'm a lousy scripter. ;-)
Thanks a lot for helping me !

Loyall
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
The following article is intended as a guide to using PowerShell as a more versatile and reliable form of application detection in SCCM.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the adminiā€¦

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question