Solved

powershell AD users report

Posted on 2014-04-08
3
3,178 Views
Last Modified: 2014-04-29
Is there anyway in powershell to run the following 2 reports:

- all AD groups in a domain and their membership (users/groups) - written to CSV

- all AD users in a domain (including username, status (i.e. enabled/disabled), last login, last login timestamp, does password expire, password last set time - written to csv?

Can anyone give any pointers? I'd prefer to use powershell without the need to install any additional software on the machine.
0
Comment
Question by:pma111
3 Comments
 
LVL 16

Assisted Solution

by:Emmanuel Adebayo
Emmanuel Adebayo earned 250 total points
Comment Utility
For all AD groups in a domain and their membership (users/groups

<#
This script can be used to list group membership in Active Directory

http://portal.sivarajan.com/2010/08/list-group-members-in-active.html

www.sivarajan.com

#>
$GFile = New-Item -type file -force "C:\Scripts\GroupDetails.csv"
Import-CSV "C:\Scripts\GList.csv" | ForEach-Object {
$GName = $_.GroupName
$group = [ADSI] "LDAP://$GName"
$group.cn
$group.cn | Out-File $GFile -encoding ASCII -append
      foreach ($member in $group.member)
            {
                  $Uname = new-object directoryservices.directoryentry("LDAP://$member")
                  $Uname.cn
                  $Uname.cn | Out-File $GFile -encoding ASCII -append
            }
}

http://portal.sivarajan.com/2010/08/list-group-members-in-active.html

For all AD users in a domain (including username, status (i.e. enabled/disabled), last login, last login timestamp, does password expire, password last set time
http://www.petenetlive.com/KB/Article/0000752.htm

Also, you can get lots of script from the MS script center below

http://gallery.technet.microsoft.com/scriptcenter

regards
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
thanks... but... that second report doesnt include all the fields I require..
0
 
LVL 14

Accepted Solution

by:
Justin Yeung earned 250 total points
Comment Utility
All AD groups and list the members to the spreadsheet (Require Powershell 3.0 for CSV -Append)
function Get-GroupHierarchy ($searchGroup)
{
$groupMember = get-adgroupmember $searchGroup | sort-object objectClass -descending
   foreach ($member in $groupMember)
    {
if ($member.objectclass -eq "user")
{
$userinfo = get-aduser $member.samaccountname -Properties *
}
if ($member.objectclass -eq "group")
{
$groupinfo = get-adgroup $member}
$array = @()
$Properties = @{"Group Name"=$groupinfo.name;Name=$member.Name;SamAccountName=$member.samaccountname;"Canonical Name"=$Userinfo.canonicalname}
$Newobject = New-Object  PSObject -Property  $Properties
$Array +=$Newobject

$outpath = "C:\Temp\ADgroups.csv"

$Array | Select-Object "Group Name",Name,SamAccountName,"Canonical Name" | export-csv $outpath -Append

    if ($member.ObjectClass -eq "group")
        {Get-GroupHierarchy $member.name}}
} 



Import-Module ActiveDirectory
$ADGroups = Get-AdGroup -Filter * -Properties *
foreach ($AdGroup in $AdGroups)
{
Get-GroupHierarchy $Adgroup.Name
}

Open in new window


For Users
Get-AdUser -Filter * -Properties * | Select-Object Name,@{Name="LastLogonTimestamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}},@{Name="Lastlgon"; Expression={[DateTime]::FromFileTime($_.lastlogon)}},Enabled,PasswordNeverExpires,@{Name="PasswordLastSet"; Expression={$_.PasswordLastSet}} | export-csv "C:\Temp\AdUsers.csv"

Open in new window

0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Microsoft Windows Server Update Service (WSUS) is free for everyone, but it lacks of some desirable features like send an e-mail to the administrator with the status of all computers on the WSUS server. This article is based on my PowerShell script …
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now