• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4514
  • Last Modified:

Powershell - Getting groups members from nested groups.

Hi EE

I have the script below that pulls all the groups members , including nested groups.. but the output file does not show the name of the nested group name ..

can someone help me change this or have any other way ?


function groupmember ($group)
{
    $groupname = Get-ADGroup $group | Select -expand Name
    ([ADSISearcher]"(&(ObjectClass=Group)(samaccountname=$groupname))").FindOne() |
     % {$_.Properties.member} |
     Get-ADobject | % `
    {
        If ($_.objectclass -eq "group")
        { groupmember $_ }
        Else
        { $_ }
    }
}
Get-Content groups.txt | ForEach `
{
    $group = Get-ADGroup $_ -ErrorAction SilentlyContinue | Select -ExpandProperty Name
    If ($Group)
    {
        groupmember $group |
         Get-ADUser -Properties canonicalname |
         Select @{n="GroupName";e={$group}},Name,Samaccountname,Canonicalname
    }
} | Export-Csv Members.csv -NoTypeInformation
0
MilesLogan
Asked:
MilesLogan
  • 9
  • 7
1 Solution
 
Justin YeungSenior Systems EngineerCommented:
Select @{n="GroupName";e={$group.name}} should work.....

$group should give you blank info......
0
 
MilesLoganAuthor Commented:
Hi Justin
I modified that line and it actually removed the group name , the data now did not show even show the group name .
0
 
Justin YeungSenior Systems EngineerCommented:
From what I see, you have a txt file of the group name already, the script could be a lot simply without doing any function at all

Are you have this in multiple domain environment?
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
MilesLoganAuthor Commented:
Its a single domain domain..
0
 
Justin YeungSenior Systems EngineerCommented:
$Contents = Get-Content -path "your path"
Foreach ($Content in $Contents)
{
$Groups = get-adgroup $_
foreach ($Group in $Groups)
{
get-adgroupmember $group.name -properties * | Select-object @{n="GroupName";e={$group.name}},Name,Samaccountname,Canonicalname | out-file "path" -append
}
}
0
 
MilesLoganAuthor Commented:
Hi Justin

I added one group to the groups.txt file and modified your script to :

$Contents = Get-Content -path "E:\projects\Test\groups.txt"
Foreach ($Content in $Contents)
{
$Groups = get-adgroup $_
foreach ($Group in $Groups)
{
get-adgroupmember $group.name -properties * | Select-object @{n="GroupName";e={$group.name}},Name,Samaccountname,Canonicalname | out-file "E:\projects\Test\data.csv" -append
}
}


and I received the error below .


PS E:\Projects\Test> .\Jtest.ps1
Get-ADGroup : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument and try the command again.
At E:\Projects\Test\Jtest.ps1:4 char:23
+ $Groups = get-adgroup $_
+                       ~~
    + CategoryInfo          : InvalidData: (:) [Get-ADGroup], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADGroup
0
 
Justin YeungSenior Systems EngineerCommented:
change $_ to $content
0
 
MilesLoganAuthor Commented:
Changed it to this:
$Contents = Get-Content -path "E:\projects\Test\groups.txt"
Foreach ($Content in $Contents)
{
$Groups = get-adgroup $Content
foreach ($Group in $Groups)
{
get-adgroupmember $Group.name -properties * | Select-object @{n="GroupName";e={$Group.name}},Name,Samaccountname,Canonicalname | out-file "E:\projects\Test\data.csv" -append
}
}

Received this error:
PS E:\Projects\Test> .\Jtest.ps1
Get-ADGroupMember : A parameter cannot be found that matches parameter name 'properties'.
At E:\Projects\Test\Jtest.ps1:7 char:31
+ get-adgroupmember $Group.name -properties * | Select-object @{n="GroupName";e={$ ...
+                               ~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-ADGroupMember], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
0
 
Justin YeungSenior Systems EngineerCommented:
$Contents = Get-Content -path "E:\projects\Test\groups.txt"
Foreach ($Content in $Contents)
{
$Groups = get-adgroup $content
foreach ($Group in $Groups)
{
$users = get-adgroupmember $group.name
foreach ($user in $users)
{
get-aduser -id $users.samaccoutname -properties * | Select-object @{name="GroupName";expression={$group.name}},Name,Samaccountname,Canonicalname | out-file "E:\projects\Test\data.csv" -append
}
}
}
0
 
MilesLoganAuthor Commented:
I appreciate you trying .. I received the error below now .

PS E:\Projects\Test> .\Jtest.ps1
Get-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument and try the command again.
At E:\Projects\Test\Jtest.ps1:10 char:16
+ get-aduser -id $users.samaccoutname -properties * | Select-object @{name="GroupN ...
+                ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser
 
Get-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument and try the command again.
At E:\Projects\Test\Jtest.ps1:10 char:16
+ get-aduser -id $users.samaccoutname -properties * | Select-object @{name="GroupN ...
+                ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser
0
 
Justin YeungSenior Systems EngineerCommented:
get-aduser -id $user.samaccoutname -properties *

sorry mis typed $users............

it should be $user

and out-file needs to be a txt file for append
0
 
Justin YeungSenior Systems EngineerCommented:
actually have a chance to test it today........... here is the working script

$Contents = Get-Content -path "E:\projects\Test\groups.txt"
Foreach ($Content in $Contents)
{
$Groups = get-adgroup $content
foreach ($Group in $Groups)
{
$users = get-adgroupmember $group.name
foreach ($user in $users)
{
$userinfo = get-aduser -id $user.samaccountname -properties * | Select-object @{name="GroupName";expression={$group.name}},Name,Samaccountname,Canonicalname



$array = @()

$Properties = @{"Group Name"=$group.name;Name=$user.Name;SamAccountName=$user.samaccountname;"Canonical Name"=$userinfo.canonicalname}

$Newobject = New-Object  PSObject -Property  $Properties

$Array +=$Newobject

$outpath = "your csv path"

$Array | Select-Object "Group Name",Name,SamAccountName,"Canonical Name"| export-csv $outpath -Append


}
}
}
0
 
Justin YeungSenior Systems EngineerCommented:
it requires powershell 3.0 for CSV append.

no -append option for csv in 2.0
0
 
MilesLoganAuthor Commented:
Hi Justin .. I am using 3.0

If I run your script with one user it will output the user info .. if I add a group it will error with
get-aduser : Cannot find an object with identity: and the group that I nested ..

It happened with any group that I add .

if I run Get-ADGroupMember "Test_Group" -Recursive | select Name,SamAccountName
it does output all the members but does not give me the name of the group each are in ..
0
 
Justin YeungSenior Systems EngineerCommented:
this should work


function Get-GroupHierarchy ($searchGroup)
{
$groupMember = get-adgroupmember $searchGroup | sort-object objectClass -descending
   foreach ($member in $groupMember)
    {
if ($member.objectclass -eq "user")
{
$userinfo = get-aduser $member.samaccountname -Properties *
}
if ($member.objectclass -eq "group")
{
$groupinfo = get-adgroup $member}
$array = @()
$Properties = @{"Group Name"=$groupinfo.name;Name=$member.Name;SamAccountName=$member.samaccountname;"Canonical Name"=$Userinfo.canonicalname}
$Newobject = New-Object  PSObject -Property  $Properties
$Array +=$Newobject

$outpath = "E:\projects\Test\groups.csv"

$Array | Select-Object "Group Name",Name,SamAccountName,"Canonical Name" | export-csv $outpath -Append

    if ($member.ObjectClass -eq "group")
        {Get-GroupHierarchy $member.name}}
}



$Contents = Get-Content -Path "E:\projects\Test\groups.txt"
foreach ($Content in $Contents)
{
$txtgroups = get-adgroup $Content
foreach ($txtgroup in $txtgroups)
{
Get-GroupHierarchy $txtgroup.Name
}
}
0
 
MilesLoganAuthor Commented:
Hi Justin .. sorry for the delay on this issue ... works madness ..

this worked !! thanks !!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 9
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now