?
Solved

I Need to Get Group and User Info from AD

Posted on 2013-12-10
7
Medium Priority
?
398 Views
Last Modified: 2013-12-13
Points of My Scenario:
1. I am admin of a Windows Server 2008 R2 domain.
2. I need a powershell script that will create the following CSV or XLS output: (a) Retrieve all AD groups, then (b) List members for each group, next (c) provide last logon date/time, enabled/disabled status, and creation date for each member of the group.
3. The output will be used to create the following style XLS report attached.

SUMMARY: Please provide a powershell script that can provide the information in the attached spreadsheet (also explained in points 1 thru 3).
User-Review-Template.xlsx
0
Comment
Question by:waltforbes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 5

Expert Comment

by:Pavel Nagaev
ID: 39710628
Try this one.

import-module activedirectory



Get-ADGroup -filter * | Sort -Property Name |%{

"Group:$($_.Name)"

  Get-ADGroupMember $_ | sort -Property objectClass,Name  |%{
 
    if ($_.objectClass -eq "group"){
     "           +------- subgroup   $($_.name )"

    }else
    {

   $user= Get-ADUser -identity $_.distinguishedName -Properties DisplayName, Enabled,LastLogonDate,whenCreated 

    "                  $($User.samaccountname,  $User.DisplayName, $User.Enabled, $User.LastLogonDate, $User.whenCreated )"
  
    }

  }
}

Open in new window

0
 

Author Comment

by:waltforbes
ID: 39712623
Hi pgnev:
this is an awesome script - wow! However, I noted 2 errors:
1. The Domain Controllers group & the Domain Computers group listed my domain account for each computer account in the respective groups.
2. Other computer groups did similarly - i.e., they listed a service account instead of the computers - for each computer in the group.

Question: Why does this happen? Is there a fix?
0
 
LVL 5

Expert Comment

by:Pavel Nagaev
ID: 39713298
I modified script. Please replace "d:\temp1.csv" to correct path.

You will get what you wanted.

This script isn't ideal but it works.

import-module activedirectory

Get-ADGroup -filter * | Sort -Property Name |%{

$mGroup=$_.Name

Get-ADGroupMember $_ | sort -Property objectClass,Name  |%{
 
 $Mpar=$_

switch ($Mpar.objectClass)
{
    'group' {
    }
     
    'user' {
                    $user= Get-ADUser -identity $Mpar.distinguishedName -Properties DisplayName, Enabled,LastLogonDate,whenCreated -ErrorAction SilentlyContinue

"$mGroup$($User.samaccountname)`t$($User.DisplayName)`t$($User.Enabled)`t$($User.LastLogonDate)`t$($User.whenCreated )`t" >>d:\temp1.csv

    }
   'computer'{
    }
    Default {}
}

  }
}

Open in new window

0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:waltforbes
ID: 39714417
To pnagaev: The Group name and username are concatenated. How to correct this?
0
 
LVL 5

Accepted Solution

by:
Pavel Nagaev earned 2000 total points
ID: 39715841
Sorry,

replace $mGroup$($User.samaccountname) with

$mGroup`t$($User.samaccountname)
0
 

Author Closing Comment

by:waltforbes
ID: 39717832
Bravo! Bravo! You did it, Pnagaev! Many thanks!
0
 
LVL 5

Expert Comment

by:Pavel Nagaev
ID: 39718282
you are welcome!
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month12 days, 18 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question