Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Powershell - Getting groups members from nested groups.

Posted on 2014-02-28
16
Medium Priority
?
4,377 Views
Last Modified: 2014-03-10
Hi EE

I have the script below that pulls all the groups members , including nested groups.. but the output file does not show the name of the nested group name ..

can someone help me change this or have any other way ?


function groupmember ($group)
{
    $groupname = Get-ADGroup $group | Select -expand Name
    ([ADSISearcher]"(&(ObjectClass=Group)(samaccountname=$groupname))").FindOne() |
     % {$_.Properties.member} |
     Get-ADobject | % `
    {
        If ($_.objectclass -eq "group")
        { groupmember $_ }
        Else
        { $_ }
    }
}
Get-Content groups.txt | ForEach `
{
    $group = Get-ADGroup $_ -ErrorAction SilentlyContinue | Select -ExpandProperty Name
    If ($Group)
    {
        groupmember $group |
         Get-ADUser -Properties canonicalname |
         Select @{n="GroupName";e={$group}},Name,Samaccountname,Canonicalname
    }
} | Export-Csv Members.csv -NoTypeInformation
0
Comment
Question by:MilesLogan
  • 9
  • 7
16 Comments
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39896552
Select @{n="GroupName";e={$group.name}} should work.....

$group should give you blank info......
0
 
LVL 2

Author Comment

by:MilesLogan
ID: 39896581
Hi Justin
I modified that line and it actually removed the group name , the data now did not show even show the group name .
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39896638
From what I see, you have a txt file of the group name already, the script could be a lot simply without doing any function at all

Are you have this in multiple domain environment?
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
LVL 2

Author Comment

by:MilesLogan
ID: 39896641
Its a single domain domain..
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39896652
$Contents = Get-Content -path "your path"
Foreach ($Content in $Contents)
{
$Groups = get-adgroup $_
foreach ($Group in $Groups)
{
get-adgroupmember $group.name -properties * | Select-object @{n="GroupName";e={$group.name}},Name,Samaccountname,Canonicalname | out-file "path" -append
}
}
0
 
LVL 2

Author Comment

by:MilesLogan
ID: 39896665
Hi Justin

I added one group to the groups.txt file and modified your script to :

$Contents = Get-Content -path "E:\projects\Test\groups.txt"
Foreach ($Content in $Contents)
{
$Groups = get-adgroup $_
foreach ($Group in $Groups)
{
get-adgroupmember $group.name -properties * | Select-object @{n="GroupName";e={$group.name}},Name,Samaccountname,Canonicalname | out-file "E:\projects\Test\data.csv" -append
}
}


and I received the error below .


PS E:\Projects\Test> .\Jtest.ps1
Get-ADGroup : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument and try the command again.
At E:\Projects\Test\Jtest.ps1:4 char:23
+ $Groups = get-adgroup $_
+                       ~~
    + CategoryInfo          : InvalidData: (:) [Get-ADGroup], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADGroup
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39896702
change $_ to $content
0
 
LVL 2

Author Comment

by:MilesLogan
ID: 39896724
Changed it to this:
$Contents = Get-Content -path "E:\projects\Test\groups.txt"
Foreach ($Content in $Contents)
{
$Groups = get-adgroup $Content
foreach ($Group in $Groups)
{
get-adgroupmember $Group.name -properties * | Select-object @{n="GroupName";e={$Group.name}},Name,Samaccountname,Canonicalname | out-file "E:\projects\Test\data.csv" -append
}
}

Received this error:
PS E:\Projects\Test> .\Jtest.ps1
Get-ADGroupMember : A parameter cannot be found that matches parameter name 'properties'.
At E:\Projects\Test\Jtest.ps1:7 char:31
+ get-adgroupmember $Group.name -properties * | Select-object @{n="GroupName";e={$ ...
+                               ~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-ADGroupMember], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39896726
$Contents = Get-Content -path "E:\projects\Test\groups.txt"
Foreach ($Content in $Contents)
{
$Groups = get-adgroup $content
foreach ($Group in $Groups)
{
$users = get-adgroupmember $group.name
foreach ($user in $users)
{
get-aduser -id $users.samaccoutname -properties * | Select-object @{name="GroupName";expression={$group.name}},Name,Samaccountname,Canonicalname | out-file "E:\projects\Test\data.csv" -append
}
}
}
0
 
LVL 2

Author Comment

by:MilesLogan
ID: 39896744
I appreciate you trying .. I received the error below now .

PS E:\Projects\Test> .\Jtest.ps1
Get-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument and try the command again.
At E:\Projects\Test\Jtest.ps1:10 char:16
+ get-aduser -id $users.samaccoutname -properties * | Select-object @{name="GroupN ...
+                ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser
 
Get-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument and try the command again.
At E:\Projects\Test\Jtest.ps1:10 char:16
+ get-aduser -id $users.samaccoutname -properties * | Select-object @{name="GroupN ...
+                ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39900493
get-aduser -id $user.samaccoutname -properties *

sorry mis typed $users............

it should be $user

and out-file needs to be a txt file for append
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39900715
actually have a chance to test it today........... here is the working script

$Contents = Get-Content -path "E:\projects\Test\groups.txt"
Foreach ($Content in $Contents)
{
$Groups = get-adgroup $content
foreach ($Group in $Groups)
{
$users = get-adgroupmember $group.name
foreach ($user in $users)
{
$userinfo = get-aduser -id $user.samaccountname -properties * | Select-object @{name="GroupName";expression={$group.name}},Name,Samaccountname,Canonicalname



$array = @()

$Properties = @{"Group Name"=$group.name;Name=$user.Name;SamAccountName=$user.samaccountname;"Canonical Name"=$userinfo.canonicalname}

$Newobject = New-Object  PSObject -Property  $Properties

$Array +=$Newobject

$outpath = "your csv path"

$Array | Select-Object "Group Name",Name,SamAccountName,"Canonical Name"| export-csv $outpath -Append


}
}
}
0
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 39901371
it requires powershell 3.0 for CSV append.

no -append option for csv in 2.0
0
 
LVL 2

Author Comment

by:MilesLogan
ID: 39901868
Hi Justin .. I am using 3.0

If I run your script with one user it will output the user info .. if I add a group it will error with
get-aduser : Cannot find an object with identity: and the group that I nested ..

It happened with any group that I add .

if I run Get-ADGroupMember "Test_Group" -Recursive | select Name,SamAccountName
it does output all the members but does not give me the name of the group each are in ..
0
 
LVL 14

Accepted Solution

by:
Justin Yeung earned 2000 total points
ID: 39904107
this should work


function Get-GroupHierarchy ($searchGroup)
{
$groupMember = get-adgroupmember $searchGroup | sort-object objectClass -descending
   foreach ($member in $groupMember)
    {
if ($member.objectclass -eq "user")
{
$userinfo = get-aduser $member.samaccountname -Properties *
}
if ($member.objectclass -eq "group")
{
$groupinfo = get-adgroup $member}
$array = @()
$Properties = @{"Group Name"=$groupinfo.name;Name=$member.Name;SamAccountName=$member.samaccountname;"Canonical Name"=$Userinfo.canonicalname}
$Newobject = New-Object  PSObject -Property  $Properties
$Array +=$Newobject

$outpath = "E:\projects\Test\groups.csv"

$Array | Select-Object "Group Name",Name,SamAccountName,"Canonical Name" | export-csv $outpath -Append

    if ($member.ObjectClass -eq "group")
        {Get-GroupHierarchy $member.name}}
}



$Contents = Get-Content -Path "E:\projects\Test\groups.txt"
foreach ($Content in $Contents)
{
$txtgroups = get-adgroup $Content
foreach ($txtgroup in $txtgroups)
{
Get-GroupHierarchy $txtgroup.Name
}
}
0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 39918166
Hi Justin .. sorry for the delay on this issue ... works madness ..

this worked !! thanks !!
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question