Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

query group membership using powershell.

Posted on 2014-02-07
7
Medium Priority
?
2,034 Views
Last Modified: 2014-02-14
Hi,

I need a PS script that allows me to enter a AD group name and return the subgroups, members (Firstname, Lastname, samid).

I see this script from the web.  Can that be used?

Please advise.  

param
(  
    [Parameter(Mandatory=$true,position=0)]
    [String]$GroupName
)

import-module activedirectory

# optional, add a wild card..
# $groups = $groups + "*"

$Groups = Get-ADGroup -filter {Name -like $GroupName} | Select-Object Name

ForEach ($Group in $Groups)
   {write-host " "
    write-host "$($group.name)"
    write-host "----------------------------"

    Get-ADGroupMember -identity $($group.name) -recursive | Select-Object samaccountname

 }
write-host "Export Comlete"
0
Comment
Question by:nav2567
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 17

Expert Comment

by:Kent Dyer
ID: 39842435
Does it have to be Powershell?  Can you browse / View Active Directory Users and Computers from a member server or DC?  You should be able to check group membership there..  Or, is this for say a regular domain user or manager to check group membership?  Need to understand the audience that would be using such a script..  And is this to add/remove membership or just to simply run queries to verify membership?
0
 
LVL 3

Expert Comment

by:Tommy_Cooper
ID: 39842783
Get-ADGroupMember -Identity MyGroupName

Open in new window



Is where to start.  If this gives you subgroups, just pipe it back to Get-ADGroupMember:

Get-ADGroupMember -Identity MyGroupName |Get-ADroupMember

Open in new window


you can use Select-Object to get the name of the account that is a member and the SamAccountName:

Get-ADGroupMember -Identity MyGroupName |Select-Object Name,SamAccountName

Open in new window

0
 

Author Comment

by:nav2567
ID: 39842888
I am getting this error when trying to execute the script.  Please advise again.

The term 'Get-ADGroupMember' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\script\list group member\list_group_members.ps1:1 char:18
+ Get-ADGroupMember <<<<  -Identity MyGroupName |Select-Object Name,SamAccountName
    + CategoryInfo          : ObjectNotFound: (Get-ADGroupMember:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 40

Expert Comment

by:Subsun
ID: 39843212
You need windows 2008 R2 domain controller to run the AD powershell commands.. If you have it then.. load the activedirectory module before you run the code. You may use Export-csv to export he details to csv file.. And if you you need to add -Recursive switch to get the recursive membership details..
Try..
Import-Module activedirectory
Get-ADGroupMember TestGroup -Recursive | Get-ADUser -Properties * | Select sAMAccountName,givenName,SN | Export-csv C:\report.csv -nti

Open in new window

0
 

Author Comment

by:nav2567
ID: 39843585
Subsun, your script works.

Would you please show me how to have the script to prompt and input a group name and export the group members and sub-group(s)?
0
 
LVL 40

Accepted Solution

by:
Subsun earned 2000 total points
ID: 39844262
Try to add parameter to script as shown in the code example which you have posted.. You need to save the code to .ps1 file format and run it from PowerShell console..
param
(  
    [Parameter(Mandatory=$true,position=0)]
    [String]$GroupName
)
Import-Module activedirectory
Get-ADGroupMember $GroupName -Recursive | Get-ADUser -Properties * | Select sAMAccountName,givenName,SN | Export-csv C:\report.csv -nti

Open in new window

Or you can Use Read-Host command..
$GroupName = Read-Host "Input the group name"
Import-Module activedirectory
Get-ADGroupMember $GroupName -Recursive | Get-ADUser -Properties * | Select sAMAccountName,givenName,SN | Export-csv C:\report.csv -nti

Open in new window

0
 

Author Closing Comment

by:nav2567
ID: 39858947
Thanks everyone.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question