Solved

powershell AD users report

Posted on 2014-04-08
3
3,297 Views
Last Modified: 2014-04-29
Is there anyway in powershell to run the following 2 reports:

- all AD groups in a domain and their membership (users/groups) - written to CSV

- all AD users in a domain (including username, status (i.e. enabled/disabled), last login, last login timestamp, does password expire, password last set time - written to csv?

Can anyone give any pointers? I'd prefer to use powershell without the need to install any additional software on the machine.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 17

Assisted Solution

by:Emmanuel Adebayo
Emmanuel Adebayo earned 250 total points
ID: 39985651
For all AD groups in a domain and their membership (users/groups

<#
This script can be used to list group membership in Active Directory

http://portal.sivarajan.com/2010/08/list-group-members-in-active.html

www.sivarajan.com

#>
$GFile = New-Item -type file -force "C:\Scripts\GroupDetails.csv"
Import-CSV "C:\Scripts\GList.csv" | ForEach-Object {
$GName = $_.GroupName
$group = [ADSI] "LDAP://$GName"
$group.cn
$group.cn | Out-File $GFile -encoding ASCII -append
      foreach ($member in $group.member)
            {
                  $Uname = new-object directoryservices.directoryentry("LDAP://$member")
                  $Uname.cn
                  $Uname.cn | Out-File $GFile -encoding ASCII -append
            }
}

http://portal.sivarajan.com/2010/08/list-group-members-in-active.html

For all AD users in a domain (including username, status (i.e. enabled/disabled), last login, last login timestamp, does password expire, password last set time
http://www.petenetlive.com/KB/Article/0000752.htm

Also, you can get lots of script from the MS script center below

http://gallery.technet.microsoft.com/scriptcenter

regards
0
 
LVL 3

Author Comment

by:pma111
ID: 39985726
thanks... but... that second report doesnt include all the fields I require..
0
 
LVL 14

Accepted Solution

by:
Justin Yeung earned 250 total points
ID: 39986027
All AD groups and list the members to the spreadsheet (Require Powershell 3.0 for CSV -Append)
function Get-GroupHierarchy ($searchGroup)
{
$groupMember = get-adgroupmember $searchGroup | sort-object objectClass -descending
   foreach ($member in $groupMember)
    {
if ($member.objectclass -eq "user")
{
$userinfo = get-aduser $member.samaccountname -Properties *
}
if ($member.objectclass -eq "group")
{
$groupinfo = get-adgroup $member}
$array = @()
$Properties = @{"Group Name"=$groupinfo.name;Name=$member.Name;SamAccountName=$member.samaccountname;"Canonical Name"=$Userinfo.canonicalname}
$Newobject = New-Object  PSObject -Property  $Properties
$Array +=$Newobject

$outpath = "C:\Temp\ADgroups.csv"

$Array | Select-Object "Group Name",Name,SamAccountName,"Canonical Name" | export-csv $outpath -Append

    if ($member.ObjectClass -eq "group")
        {Get-GroupHierarchy $member.name}}
} 



Import-Module ActiveDirectory
$ADGroups = Get-AdGroup -Filter * -Properties *
foreach ($AdGroup in $AdGroups)
{
Get-GroupHierarchy $Adgroup.Name
}

Open in new window


For Users
Get-AdUser -Filter * -Properties * | Select-Object Name,@{Name="LastLogonTimestamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}},@{Name="Lastlgon"; Expression={[DateTime]::FromFileTime($_.lastlogon)}},Enabled,PasswordNeverExpires,@{Name="PasswordLastSet"; Expression={$_.PasswordLastSet}} | export-csv "C:\Temp\AdUsers.csv"

Open in new window

0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question