Solved

powershell AD users report

Posted on 2014-04-08
3
3,323 Views
Last Modified: 2014-04-29
Is there anyway in powershell to run the following 2 reports:

- all AD groups in a domain and their membership (users/groups) - written to CSV

- all AD users in a domain (including username, status (i.e. enabled/disabled), last login, last login timestamp, does password expire, password last set time - written to csv?

Can anyone give any pointers? I'd prefer to use powershell without the need to install any additional software on the machine.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 17

Assisted Solution

by:Emmanuel Adebayo
Emmanuel Adebayo earned 250 total points
ID: 39985651
For all AD groups in a domain and their membership (users/groups

<#
This script can be used to list group membership in Active Directory

http://portal.sivarajan.com/2010/08/list-group-members-in-active.html

www.sivarajan.com

#>
$GFile = New-Item -type file -force "C:\Scripts\GroupDetails.csv"
Import-CSV "C:\Scripts\GList.csv" | ForEach-Object {
$GName = $_.GroupName
$group = [ADSI] "LDAP://$GName"
$group.cn
$group.cn | Out-File $GFile -encoding ASCII -append
      foreach ($member in $group.member)
            {
                  $Uname = new-object directoryservices.directoryentry("LDAP://$member")
                  $Uname.cn
                  $Uname.cn | Out-File $GFile -encoding ASCII -append
            }
}

http://portal.sivarajan.com/2010/08/list-group-members-in-active.html

For all AD users in a domain (including username, status (i.e. enabled/disabled), last login, last login timestamp, does password expire, password last set time
http://www.petenetlive.com/KB/Article/0000752.htm

Also, you can get lots of script from the MS script center below

http://gallery.technet.microsoft.com/scriptcenter

regards
0
 
LVL 3

Author Comment

by:pma111
ID: 39985726
thanks... but... that second report doesnt include all the fields I require..
0
 
LVL 14

Accepted Solution

by:
Justin Yeung earned 250 total points
ID: 39986027
All AD groups and list the members to the spreadsheet (Require Powershell 3.0 for CSV -Append)
function Get-GroupHierarchy ($searchGroup)
{
$groupMember = get-adgroupmember $searchGroup | sort-object objectClass -descending
   foreach ($member in $groupMember)
    {
if ($member.objectclass -eq "user")
{
$userinfo = get-aduser $member.samaccountname -Properties *
}
if ($member.objectclass -eq "group")
{
$groupinfo = get-adgroup $member}
$array = @()
$Properties = @{"Group Name"=$groupinfo.name;Name=$member.Name;SamAccountName=$member.samaccountname;"Canonical Name"=$Userinfo.canonicalname}
$Newobject = New-Object  PSObject -Property  $Properties
$Array +=$Newobject

$outpath = "C:\Temp\ADgroups.csv"

$Array | Select-Object "Group Name",Name,SamAccountName,"Canonical Name" | export-csv $outpath -Append

    if ($member.ObjectClass -eq "group")
        {Get-GroupHierarchy $member.name}}
} 



Import-Module ActiveDirectory
$ADGroups = Get-AdGroup -Filter * -Properties *
foreach ($AdGroup in $AdGroups)
{
Get-GroupHierarchy $Adgroup.Name
}

Open in new window


For Users
Get-AdUser -Filter * -Properties * | Select-Object Name,@{Name="LastLogonTimestamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}},@{Name="Lastlgon"; Expression={[DateTime]::FromFileTime($_.lastlogon)}},Enabled,PasswordNeverExpires,@{Name="PasswordLastSet"; Expression={$_.PasswordLastSet}} | export-csv "C:\Temp\AdUsers.csv"

Open in new window

0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question