Get-ADUser With Specific Attributes Powershell Command

Posted on 2014-04-01
Last Modified: 2014-04-02
I need a report that will provide a list of all enabled accounts and the Name, SamAccountName, DistinguishedName, EmployeeID, and if an account is a member of a group called 'VPN'

I know I can run a Get-ADGroupMember on that group, but I need users that are members of the group to be included in the below report - is this possible, if so, how?

Get-ADUser -Filter 'Enabled -eq $true' -Properties Name, SamAccountName, DistinguishedName, EmployeeID | Select Name, SamAccountName, DistinguishedName, EmployeeID

Open in new window

Question by:fireguy1125
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 40

Expert Comment

ID: 39970641
I know I can run a Get-ADGroupMember on that group, but I need users that are members of the group to be included
This part is confusing me.  Did you mean that you need users who not members of the group as well?

Author Comment

ID: 39971096

So if my Get-ADUser command returns 1500 users, I would need all 1500 user returned when including the group name. So if 500 Users are members of the group, each user row ideally would have the group name in a new column, and the users who are not members of the group, would just be blank.

Hope that is more clear, thanks!
LVL 40

Accepted Solution

footech earned 500 total points
ID: 39971733
How about something like the following?  It's a little different than your suggestion, but you could easily change the output values from "True" or "False" to whatever you like, even an empty string ("").  It should work as long as the VPN group is not the primary group for the user (because the primary group is not included in the MemberOf attribute).
Get-ADUser -Filter 'Enabled -eq $true' -Properties Name, SamAccountName, DistinguishedName, EmployeeID, MemberOf | ForEach `
    If ( $_.MemberOf -match "CN=VPN," )
        $_ | Select Name, SamAccountName, DistinguishedName, EmployeeID, @{n="MemberOfVpnGroup";e={"True"}}
        $_ | Select Name, SamAccountName, DistinguishedName, EmployeeID, @{n="MemberOfVpnGroup";e={"False"}}

Open in new window


Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question