Solved

powershell AD users report

Posted on 2014-04-08
3
3,230 Views
Last Modified: 2014-04-29
Is there anyway in powershell to run the following 2 reports:

- all AD groups in a domain and their membership (users/groups) - written to CSV

- all AD users in a domain (including username, status (i.e. enabled/disabled), last login, last login timestamp, does password expire, password last set time - written to csv?

Can anyone give any pointers? I'd prefer to use powershell without the need to install any additional software on the machine.
0
Comment
Question by:pma111
3 Comments
 
LVL 17

Assisted Solution

by:Emmanuel Adebayo
Emmanuel Adebayo earned 250 total points
ID: 39985651
For all AD groups in a domain and their membership (users/groups

<#
This script can be used to list group membership in Active Directory

http://portal.sivarajan.com/2010/08/list-group-members-in-active.html

www.sivarajan.com

#>
$GFile = New-Item -type file -force "C:\Scripts\GroupDetails.csv"
Import-CSV "C:\Scripts\GList.csv" | ForEach-Object {
$GName = $_.GroupName
$group = [ADSI] "LDAP://$GName"
$group.cn
$group.cn | Out-File $GFile -encoding ASCII -append
      foreach ($member in $group.member)
            {
                  $Uname = new-object directoryservices.directoryentry("LDAP://$member")
                  $Uname.cn
                  $Uname.cn | Out-File $GFile -encoding ASCII -append
            }
}

http://portal.sivarajan.com/2010/08/list-group-members-in-active.html

For all AD users in a domain (including username, status (i.e. enabled/disabled), last login, last login timestamp, does password expire, password last set time
http://www.petenetlive.com/KB/Article/0000752.htm

Also, you can get lots of script from the MS script center below

http://gallery.technet.microsoft.com/scriptcenter

regards
0
 
LVL 3

Author Comment

by:pma111
ID: 39985726
thanks... but... that second report doesnt include all the fields I require..
0
 
LVL 14

Accepted Solution

by:
Justin Yeung earned 250 total points
ID: 39986027
All AD groups and list the members to the spreadsheet (Require Powershell 3.0 for CSV -Append)
function Get-GroupHierarchy ($searchGroup)
{
$groupMember = get-adgroupmember $searchGroup | sort-object objectClass -descending
   foreach ($member in $groupMember)
    {
if ($member.objectclass -eq "user")
{
$userinfo = get-aduser $member.samaccountname -Properties *
}
if ($member.objectclass -eq "group")
{
$groupinfo = get-adgroup $member}
$array = @()
$Properties = @{"Group Name"=$groupinfo.name;Name=$member.Name;SamAccountName=$member.samaccountname;"Canonical Name"=$Userinfo.canonicalname}
$Newobject = New-Object  PSObject -Property  $Properties
$Array +=$Newobject

$outpath = "C:\Temp\ADgroups.csv"

$Array | Select-Object "Group Name",Name,SamAccountName,"Canonical Name" | export-csv $outpath -Append

    if ($member.ObjectClass -eq "group")
        {Get-GroupHierarchy $member.name}}
} 



Import-Module ActiveDirectory
$ADGroups = Get-AdGroup -Filter * -Properties *
foreach ($AdGroup in $AdGroups)
{
Get-GroupHierarchy $Adgroup.Name
}

Open in new window


For Users
Get-AdUser -Filter * -Properties * | Select-Object Name,@{Name="LastLogonTimestamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}},@{Name="Lastlgon"; Expression={[DateTime]::FromFileTime($_.lastlogon)}},Enabled,PasswordNeverExpires,@{Name="PasswordLastSet"; Expression={$_.PasswordLastSet}} | export-csv "C:\Temp\AdUsers.csv"

Open in new window

0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
A brief introduction to what I consider to be the best editor for PowerShell.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question