Solved

I Need to Get Group and User Info from AD

Posted on 2013-12-10
7
395 Views
Last Modified: 2013-12-13
Points of My Scenario:
1. I am admin of a Windows Server 2008 R2 domain.
2. I need a powershell script that will create the following CSV or XLS output: (a) Retrieve all AD groups, then (b) List members for each group, next (c) provide last logon date/time, enabled/disabled status, and creation date for each member of the group.
3. The output will be used to create the following style XLS report attached.

SUMMARY: Please provide a powershell script that can provide the information in the attached spreadsheet (also explained in points 1 thru 3).
User-Review-Template.xlsx
0
Comment
Question by:waltforbes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 5

Expert Comment

by:Pavel Nagaev
ID: 39710628
Try this one.

import-module activedirectory



Get-ADGroup -filter * | Sort -Property Name |%{

"Group:$($_.Name)"

  Get-ADGroupMember $_ | sort -Property objectClass,Name  |%{
 
    if ($_.objectClass -eq "group"){
     "           +------- subgroup   $($_.name )"

    }else
    {

   $user= Get-ADUser -identity $_.distinguishedName -Properties DisplayName, Enabled,LastLogonDate,whenCreated 

    "                  $($User.samaccountname,  $User.DisplayName, $User.Enabled, $User.LastLogonDate, $User.whenCreated )"
  
    }

  }
}

Open in new window

0
 

Author Comment

by:waltforbes
ID: 39712623
Hi pgnev:
this is an awesome script - wow! However, I noted 2 errors:
1. The Domain Controllers group & the Domain Computers group listed my domain account for each computer account in the respective groups.
2. Other computer groups did similarly - i.e., they listed a service account instead of the computers - for each computer in the group.

Question: Why does this happen? Is there a fix?
0
 
LVL 5

Expert Comment

by:Pavel Nagaev
ID: 39713298
I modified script. Please replace "d:\temp1.csv" to correct path.

You will get what you wanted.

This script isn't ideal but it works.

import-module activedirectory

Get-ADGroup -filter * | Sort -Property Name |%{

$mGroup=$_.Name

Get-ADGroupMember $_ | sort -Property objectClass,Name  |%{
 
 $Mpar=$_

switch ($Mpar.objectClass)
{
    'group' {
    }
     
    'user' {
                    $user= Get-ADUser -identity $Mpar.distinguishedName -Properties DisplayName, Enabled,LastLogonDate,whenCreated -ErrorAction SilentlyContinue

"$mGroup$($User.samaccountname)`t$($User.DisplayName)`t$($User.Enabled)`t$($User.LastLogonDate)`t$($User.whenCreated )`t" >>d:\temp1.csv

    }
   'computer'{
    }
    Default {}
}

  }
}

Open in new window

0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 

Author Comment

by:waltforbes
ID: 39714417
To pnagaev: The Group name and username are concatenated. How to correct this?
0
 
LVL 5

Accepted Solution

by:
Pavel Nagaev earned 500 total points
ID: 39715841
Sorry,

replace $mGroup$($User.samaccountname) with

$mGroup`t$($User.samaccountname)
0
 

Author Closing Comment

by:waltforbes
ID: 39717832
Bravo! Bravo! You did it, Pnagaev! Many thanks!
0
 
LVL 5

Expert Comment

by:Pavel Nagaev
ID: 39718282
you are welcome!
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question