Get-ADUser With Specific Attributes Powershell Command

Posted on 2014-04-01
Last Modified: 2014-04-02
I need a report that will provide a list of all enabled accounts and the Name, SamAccountName, DistinguishedName, EmployeeID, and if an account is a member of a group called 'VPN'

I know I can run a Get-ADGroupMember on that group, but I need users that are members of the group to be included in the below report - is this possible, if so, how?

Get-ADUser -Filter 'Enabled -eq $true' -Properties Name, SamAccountName, DistinguishedName, EmployeeID | Select Name, SamAccountName, DistinguishedName, EmployeeID

Open in new window

Question by:fireguy1125
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 40

Expert Comment

ID: 39970641
I know I can run a Get-ADGroupMember on that group, but I need users that are members of the group to be included
This part is confusing me.  Did you mean that you need users who not members of the group as well?

Author Comment

ID: 39971096

So if my Get-ADUser command returns 1500 users, I would need all 1500 user returned when including the group name. So if 500 Users are members of the group, each user row ideally would have the group name in a new column, and the users who are not members of the group, would just be blank.

Hope that is more clear, thanks!
LVL 40

Accepted Solution

footech earned 500 total points
ID: 39971733
How about something like the following?  It's a little different than your suggestion, but you could easily change the output values from "True" or "False" to whatever you like, even an empty string ("").  It should work as long as the VPN group is not the primary group for the user (because the primary group is not included in the MemberOf attribute).
Get-ADUser -Filter 'Enabled -eq $true' -Properties Name, SamAccountName, DistinguishedName, EmployeeID, MemberOf | ForEach `
    If ( $_.MemberOf -match "CN=VPN," )
        $_ | Select Name, SamAccountName, DistinguishedName, EmployeeID, @{n="MemberOfVpnGroup";e={"True"}}
        $_ | Select Name, SamAccountName, DistinguishedName, EmployeeID, @{n="MemberOfVpnGroup";e={"False"}}

Open in new window


Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question