Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4408
  • Last Modified:

Powershell - Getting groups members from nested groups.

Hi EE

I have the script below that pulls all the groups members , including nested groups.. but the output file does not show the name of the nested group name ..

can someone help me change this or have any other way ?


function groupmember ($group)
{
    $groupname = Get-ADGroup $group | Select -expand Name
    ([ADSISearcher]"(&(ObjectClass=Group)(samaccountname=$groupname))").FindOne() |
     % {$_.Properties.member} |
     Get-ADobject | % `
    {
        If ($_.objectclass -eq "group")
        { groupmember $_ }
        Else
        { $_ }
    }
}
Get-Content groups.txt | ForEach `
{
    $group = Get-ADGroup $_ -ErrorAction SilentlyContinue | Select -ExpandProperty Name
    If ($Group)
    {
        groupmember $group |
         Get-ADUser -Properties canonicalname |
         Select @{n="GroupName";e={$group}},Name,Samaccountname,Canonicalname
    }
} | Export-Csv Members.csv -NoTypeInformation
0
MilesLogan
Asked:
MilesLogan
  • 9
  • 7
1 Solution
 
Justin YeungSenior Systems EngineerCommented:
Select @{n="GroupName";e={$group.name}} should work.....

$group should give you blank info......
0
 
MilesLoganAuthor Commented:
Hi Justin
I modified that line and it actually removed the group name , the data now did not show even show the group name .
0
 
Justin YeungSenior Systems EngineerCommented:
From what I see, you have a txt file of the group name already, the script could be a lot simply without doing any function at all

Are you have this in multiple domain environment?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
MilesLoganAuthor Commented:
Its a single domain domain..
0
 
Justin YeungSenior Systems EngineerCommented:
$Contents = Get-Content -path "your path"
Foreach ($Content in $Contents)
{
$Groups = get-adgroup $_
foreach ($Group in $Groups)
{
get-adgroupmember $group.name -properties * | Select-object @{n="GroupName";e={$group.name}},Name,Samaccountname,Canonicalname | out-file "path" -append
}
}
0
 
MilesLoganAuthor Commented:
Hi Justin

I added one group to the groups.txt file and modified your script to :

$Contents = Get-Content -path "E:\projects\Test\groups.txt"
Foreach ($Content in $Contents)
{
$Groups = get-adgroup $_
foreach ($Group in $Groups)
{
get-adgroupmember $group.name -properties * | Select-object @{n="GroupName";e={$group.name}},Name,Samaccountname,Canonicalname | out-file "E:\projects\Test\data.csv" -append
}
}


and I received the error below .


PS E:\Projects\Test> .\Jtest.ps1
Get-ADGroup : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument and try the command again.
At E:\Projects\Test\Jtest.ps1:4 char:23
+ $Groups = get-adgroup $_
+                       ~~
    + CategoryInfo          : InvalidData: (:) [Get-ADGroup], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADGroup
0
 
Justin YeungSenior Systems EngineerCommented:
change $_ to $content
0
 
MilesLoganAuthor Commented:
Changed it to this:
$Contents = Get-Content -path "E:\projects\Test\groups.txt"
Foreach ($Content in $Contents)
{
$Groups = get-adgroup $Content
foreach ($Group in $Groups)
{
get-adgroupmember $Group.name -properties * | Select-object @{n="GroupName";e={$Group.name}},Name,Samaccountname,Canonicalname | out-file "E:\projects\Test\data.csv" -append
}
}

Received this error:
PS E:\Projects\Test> .\Jtest.ps1
Get-ADGroupMember : A parameter cannot be found that matches parameter name 'properties'.
At E:\Projects\Test\Jtest.ps1:7 char:31
+ get-adgroupmember $Group.name -properties * | Select-object @{n="GroupName";e={$ ...
+                               ~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-ADGroupMember], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
0
 
Justin YeungSenior Systems EngineerCommented:
$Contents = Get-Content -path "E:\projects\Test\groups.txt"
Foreach ($Content in $Contents)
{
$Groups = get-adgroup $content
foreach ($Group in $Groups)
{
$users = get-adgroupmember $group.name
foreach ($user in $users)
{
get-aduser -id $users.samaccoutname -properties * | Select-object @{name="GroupName";expression={$group.name}},Name,Samaccountname,Canonicalname | out-file "E:\projects\Test\data.csv" -append
}
}
}
0
 
MilesLoganAuthor Commented:
I appreciate you trying .. I received the error below now .

PS E:\Projects\Test> .\Jtest.ps1
Get-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument and try the command again.
At E:\Projects\Test\Jtest.ps1:10 char:16
+ get-aduser -id $users.samaccoutname -properties * | Select-object @{name="GroupN ...
+                ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser
 
Get-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument and try the command again.
At E:\Projects\Test\Jtest.ps1:10 char:16
+ get-aduser -id $users.samaccoutname -properties * | Select-object @{name="GroupN ...
+                ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser
0
 
Justin YeungSenior Systems EngineerCommented:
get-aduser -id $user.samaccoutname -properties *

sorry mis typed $users............

it should be $user

and out-file needs to be a txt file for append
0
 
Justin YeungSenior Systems EngineerCommented:
actually have a chance to test it today........... here is the working script

$Contents = Get-Content -path "E:\projects\Test\groups.txt"
Foreach ($Content in $Contents)
{
$Groups = get-adgroup $content
foreach ($Group in $Groups)
{
$users = get-adgroupmember $group.name
foreach ($user in $users)
{
$userinfo = get-aduser -id $user.samaccountname -properties * | Select-object @{name="GroupName";expression={$group.name}},Name,Samaccountname,Canonicalname



$array = @()

$Properties = @{"Group Name"=$group.name;Name=$user.Name;SamAccountName=$user.samaccountname;"Canonical Name"=$userinfo.canonicalname}

$Newobject = New-Object  PSObject -Property  $Properties

$Array +=$Newobject

$outpath = "your csv path"

$Array | Select-Object "Group Name",Name,SamAccountName,"Canonical Name"| export-csv $outpath -Append


}
}
}
0
 
Justin YeungSenior Systems EngineerCommented:
it requires powershell 3.0 for CSV append.

no -append option for csv in 2.0
0
 
MilesLoganAuthor Commented:
Hi Justin .. I am using 3.0

If I run your script with one user it will output the user info .. if I add a group it will error with
get-aduser : Cannot find an object with identity: and the group that I nested ..

It happened with any group that I add .

if I run Get-ADGroupMember "Test_Group" -Recursive | select Name,SamAccountName
it does output all the members but does not give me the name of the group each are in ..
0
 
Justin YeungSenior Systems EngineerCommented:
this should work


function Get-GroupHierarchy ($searchGroup)
{
$groupMember = get-adgroupmember $searchGroup | sort-object objectClass -descending
   foreach ($member in $groupMember)
    {
if ($member.objectclass -eq "user")
{
$userinfo = get-aduser $member.samaccountname -Properties *
}
if ($member.objectclass -eq "group")
{
$groupinfo = get-adgroup $member}
$array = @()
$Properties = @{"Group Name"=$groupinfo.name;Name=$member.Name;SamAccountName=$member.samaccountname;"Canonical Name"=$Userinfo.canonicalname}
$Newobject = New-Object  PSObject -Property  $Properties
$Array +=$Newobject

$outpath = "E:\projects\Test\groups.csv"

$Array | Select-Object "Group Name",Name,SamAccountName,"Canonical Name" | export-csv $outpath -Append

    if ($member.ObjectClass -eq "group")
        {Get-GroupHierarchy $member.name}}
}



$Contents = Get-Content -Path "E:\projects\Test\groups.txt"
foreach ($Content in $Contents)
{
$txtgroups = get-adgroup $Content
foreach ($txtgroup in $txtgroups)
{
Get-GroupHierarchy $txtgroup.Name
}
}
0
 
MilesLoganAuthor Commented:
Hi Justin .. sorry for the delay on this issue ... works madness ..

this worked !! thanks !!
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 9
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now