I Need to Get Group and User Info from AD
Points of My Scenario:
1. I am admin of a Windows Server 2008 R2 domain.
2. I need a powershell script that will create the following CSV or XLS output: (a) Retrieve all AD groups, then (b) List members for each group, next (c) provide last logon date/time, enabled/disabled status, and creation date for each member of the group.
3. The output will be used to create the following style XLS report attached.
SUMMARY: Please provide a powershell script that can provide the information in the attached spreadsheet (also explained in points 1 thru 3).
User-Review-Template.xlsx
1. I am admin of a Windows Server 2008 R2 domain.
2. I need a powershell script that will create the following CSV or XLS output: (a) Retrieve all AD groups, then (b) List members for each group, next (c) provide last logon date/time, enabled/disabled status, and creation date for each member of the group.
3. The output will be used to create the following style XLS report attached.
SUMMARY: Please provide a powershell script that can provide the information in the attached spreadsheet (also explained in points 1 thru 3).
User-Review-Template.xlsx
ASKER
Hi pgnev:
this is an awesome script - wow! However, I noted 2 errors:
1. The Domain Controllers group & the Domain Computers group listed my domain account for each computer account in the respective groups.
2. Other computer groups did similarly - i.e., they listed a service account instead of the computers - for each computer in the group.
Question: Why does this happen? Is there a fix?
this is an awesome script - wow! However, I noted 2 errors:
1. The Domain Controllers group & the Domain Computers group listed my domain account for each computer account in the respective groups.
2. Other computer groups did similarly - i.e., they listed a service account instead of the computers - for each computer in the group.
Question: Why does this happen? Is there a fix?
I modified script. Please replace "d:\temp1.csv" to correct path.
You will get what you wanted.
This script isn't ideal but it works.
You will get what you wanted.
This script isn't ideal but it works.
import-module activedirectory
Get-ADGroup -filter * | Sort -Property Name |%{
$mGroup=$_.Name
Get-ADGroupMember $_ | sort -Property objectClass,Name |%{
$Mpar=$_
switch ($Mpar.objectClass)
{
'group' {
}
'user' {
$user= Get-ADUser -identity $Mpar.distinguishedName -Properties DisplayName, Enabled,LastLogonDate,whenCreated -ErrorAction SilentlyContinue
"$mGroup$($User.samaccountname)`t$($User.DisplayName)`t$($User.Enabled)`t$($User.LastLogonDate)`t$($User.whenCreated )`t" >>d:\temp1.csv
}
'computer'{
}
Default {}
}
}
}ASKER
To pnagaev: The Group name and username are concatenated. How to correct this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Bravo! Bravo! You did it, Pnagaev! Many thanks!
you are welcome!
Open in new window