Get-ADUser With Specific Attributes Powershell Command

Posted on 2014-04-01
Last Modified: 2014-04-02
I need a report that will provide a list of all enabled accounts and the Name, SamAccountName, DistinguishedName, EmployeeID, and if an account is a member of a group called 'VPN'

I know I can run a Get-ADGroupMember on that group, but I need users that are members of the group to be included in the below report - is this possible, if so, how?

Get-ADUser -Filter 'Enabled -eq $true' -Properties Name, SamAccountName, DistinguishedName, EmployeeID | Select Name, SamAccountName, DistinguishedName, EmployeeID

Open in new window

Question by:fireguy1125
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 40

Expert Comment

ID: 39970641
I know I can run a Get-ADGroupMember on that group, but I need users that are members of the group to be included
This part is confusing me.  Did you mean that you need users who not members of the group as well?

Author Comment

ID: 39971096

So if my Get-ADUser command returns 1500 users, I would need all 1500 user returned when including the group name. So if 500 Users are members of the group, each user row ideally would have the group name in a new column, and the users who are not members of the group, would just be blank.

Hope that is more clear, thanks!
LVL 40

Accepted Solution

footech earned 500 total points
ID: 39971733
How about something like the following?  It's a little different than your suggestion, but you could easily change the output values from "True" or "False" to whatever you like, even an empty string ("").  It should work as long as the VPN group is not the primary group for the user (because the primary group is not included in the MemberOf attribute).
Get-ADUser -Filter 'Enabled -eq $true' -Properties Name, SamAccountName, DistinguishedName, EmployeeID, MemberOf | ForEach `
    If ( $_.MemberOf -match "CN=VPN," )
        $_ | Select Name, SamAccountName, DistinguishedName, EmployeeID, @{n="MemberOfVpnGroup";e={"True"}}
        $_ | Select Name, SamAccountName, DistinguishedName, EmployeeID, @{n="MemberOfVpnGroup";e={"False"}}

Open in new window


Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question