[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

I Need to Get Group and User Info from AD

Posted on 2013-12-10
7
Medium Priority
?
399 Views
Last Modified: 2013-12-13
Points of My Scenario:
1. I am admin of a Windows Server 2008 R2 domain.
2. I need a powershell script that will create the following CSV or XLS output: (a) Retrieve all AD groups, then (b) List members for each group, next (c) provide last logon date/time, enabled/disabled status, and creation date for each member of the group.
3. The output will be used to create the following style XLS report attached.

SUMMARY: Please provide a powershell script that can provide the information in the attached spreadsheet (also explained in points 1 thru 3).
User-Review-Template.xlsx
0
Comment
Question by:waltforbes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 6

Expert Comment

by:Pavel Nagaev
ID: 39710628
Try this one.

import-module activedirectory



Get-ADGroup -filter * | Sort -Property Name |%{

"Group:$($_.Name)"

  Get-ADGroupMember $_ | sort -Property objectClass,Name  |%{
 
    if ($_.objectClass -eq "group"){
     "           +------- subgroup   $($_.name )"

    }else
    {

   $user= Get-ADUser -identity $_.distinguishedName -Properties DisplayName, Enabled,LastLogonDate,whenCreated 

    "                  $($User.samaccountname,  $User.DisplayName, $User.Enabled, $User.LastLogonDate, $User.whenCreated )"
  
    }

  }
}

Open in new window

0
 

Author Comment

by:waltforbes
ID: 39712623
Hi pgnev:
this is an awesome script - wow! However, I noted 2 errors:
1. The Domain Controllers group & the Domain Computers group listed my domain account for each computer account in the respective groups.
2. Other computer groups did similarly - i.e., they listed a service account instead of the computers - for each computer in the group.

Question: Why does this happen? Is there a fix?
0
 
LVL 6

Expert Comment

by:Pavel Nagaev
ID: 39713298
I modified script. Please replace "d:\temp1.csv" to correct path.

You will get what you wanted.

This script isn't ideal but it works.

import-module activedirectory

Get-ADGroup -filter * | Sort -Property Name |%{

$mGroup=$_.Name

Get-ADGroupMember $_ | sort -Property objectClass,Name  |%{
 
 $Mpar=$_

switch ($Mpar.objectClass)
{
    'group' {
    }
     
    'user' {
                    $user= Get-ADUser -identity $Mpar.distinguishedName -Properties DisplayName, Enabled,LastLogonDate,whenCreated -ErrorAction SilentlyContinue

"$mGroup$($User.samaccountname)`t$($User.DisplayName)`t$($User.Enabled)`t$($User.LastLogonDate)`t$($User.whenCreated )`t" >>d:\temp1.csv

    }
   'computer'{
    }
    Default {}
}

  }
}

Open in new window

0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Author Comment

by:waltforbes
ID: 39714417
To pnagaev: The Group name and username are concatenated. How to correct this?
0
 
LVL 6

Accepted Solution

by:
Pavel Nagaev earned 2000 total points
ID: 39715841
Sorry,

replace $mGroup$($User.samaccountname) with

$mGroup`t$($User.samaccountname)
0
 

Author Closing Comment

by:waltforbes
ID: 39717832
Bravo! Bravo! You did it, Pnagaev! Many thanks!
0
 
LVL 6

Expert Comment

by:Pavel Nagaev
ID: 39718282
you are welcome!
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question