Improve company productivity with a Business Account.Sign Up

x
?
Solved

powershell AD users report

Posted on 2014-04-08
3
Medium Priority
?
3,457 Views
Last Modified: 2014-04-29
Is there anyway in powershell to run the following 2 reports:

- all AD groups in a domain and their membership (users/groups) - written to CSV

- all AD users in a domain (including username, status (i.e. enabled/disabled), last login, last login timestamp, does password expire, password last set time - written to csv?

Can anyone give any pointers? I'd prefer to use powershell without the need to install any additional software on the machine.
0
Comment
Question by:pma111
3 Comments
 
LVL 18

Assisted Solution

by:Emmanuel Adebayo
Emmanuel Adebayo earned 1000 total points
ID: 39985651
For all AD groups in a domain and their membership (users/groups

<#
This script can be used to list group membership in Active Directory

http://portal.sivarajan.com/2010/08/list-group-members-in-active.html

www.sivarajan.com

#>
$GFile = New-Item -type file -force "C:\Scripts\GroupDetails.csv"
Import-CSV "C:\Scripts\GList.csv" | ForEach-Object {
$GName = $_.GroupName
$group = [ADSI] "LDAP://$GName"
$group.cn
$group.cn | Out-File $GFile -encoding ASCII -append
      foreach ($member in $group.member)
            {
                  $Uname = new-object directoryservices.directoryentry("LDAP://$member")
                  $Uname.cn
                  $Uname.cn | Out-File $GFile -encoding ASCII -append
            }
}

http://portal.sivarajan.com/2010/08/list-group-members-in-active.html

For all AD users in a domain (including username, status (i.e. enabled/disabled), last login, last login timestamp, does password expire, password last set time
http://www.petenetlive.com/KB/Article/0000752.htm

Also, you can get lots of script from the MS script center below

http://gallery.technet.microsoft.com/scriptcenter

regards
0
 
LVL 3

Author Comment

by:pma111
ID: 39985726
thanks... but... that second report doesnt include all the fields I require..
0
 
LVL 14

Accepted Solution

by:
Justin Yeung earned 1000 total points
ID: 39986027
All AD groups and list the members to the spreadsheet (Require Powershell 3.0 for CSV -Append)
function Get-GroupHierarchy ($searchGroup)
{
$groupMember = get-adgroupmember $searchGroup | sort-object objectClass -descending
   foreach ($member in $groupMember)
    {
if ($member.objectclass -eq "user")
{
$userinfo = get-aduser $member.samaccountname -Properties *
}
if ($member.objectclass -eq "group")
{
$groupinfo = get-adgroup $member}
$array = @()
$Properties = @{"Group Name"=$groupinfo.name;Name=$member.Name;SamAccountName=$member.samaccountname;"Canonical Name"=$Userinfo.canonicalname}
$Newobject = New-Object  PSObject -Property  $Properties
$Array +=$Newobject

$outpath = "C:\Temp\ADgroups.csv"

$Array | Select-Object "Group Name",Name,SamAccountName,"Canonical Name" | export-csv $outpath -Append

    if ($member.ObjectClass -eq "group")
        {Get-GroupHierarchy $member.name}}
} 



Import-Module ActiveDirectory
$ADGroups = Get-AdGroup -Filter * -Properties *
foreach ($AdGroup in $AdGroups)
{
Get-GroupHierarchy $Adgroup.Name
}

Open in new window


For Users
Get-AdUser -Filter * -Properties * | Select-Object Name,@{Name="LastLogonTimestamp"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}},@{Name="Lastlgon"; Expression={[DateTime]::FromFileTime($_.lastlogon)}},Enabled,PasswordNeverExpires,@{Name="PasswordLastSet"; Expression={$_.PasswordLastSet}} | export-csv "C:\Temp\AdUsers.csv"

Open in new window

0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
Excel allows various different methods to link Excel files to each other. This includes relative paths, mapped drives (or the local drive) and UNC paths. UNC paths are the least robust of the three.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Screencast - Getting to Know the Pipeline

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question