?
Solved

Pull Computer objects from AD group with Powershell

Posted on 2014-08-15
6
Medium Priority
?
1,073 Views
Last Modified: 2014-08-15
Hi EE

I have the script below that pulls the members of the AD groups listed in the groups.txt file , but it does not pull computer objects .. can someone help me modify it so it also does ?

Import-Module Activedirectory
[array]$Members=$null
GC groups.txt | % {
$Group = Get-ADGroup $_  -ErrorAction SilentlyContinue
If ($Group){
$members += Get-ADGroup $Group.Name -Properties Members |  
                Select-Object -ExpandProperty Members |  
                Get-ADObject -properties Samaccountname |  
                ?{$_.ObjectClass -eq "user"}  | Get-aduser -Properties * |
        Select @{L='GroupName';e={$Group.Name}},Name,Samaccountname,Enabled,Mail,LastLogonDate
 }
}
$Members | Select * | Export-Csv Groupinfo_$((Get-Date -Format MM-dd-yyyy)).csv -NoTypeInformation
0
Comment
Question by:MilesLogan
6 Comments
 
LVL 14

Expert Comment

by:Brad Groux
ID: 40263240
I'd utilize Get-ADUser to query results for users and Get-ADComputer to query results for computers.

Get-ADUser -Filter * -Properties * | Select-Object -Property Name,MemberOf,PrimaryGroup | Sort-Object -Property Name

Open in new window

0
 
LVL 29

Expert Comment

by:becraig
ID: 40263276
Brad is perfectly correct this can be so much easier using get-aduser and get-adcomputer where memberof $group

anywho to do what you need you will also have to add a where clause:
?{$_.ObjectClass -eq "computer"}

I can whip a quick script to do both in one for you if you want.
0
 
LVL 2

Author Comment

by:MilesLogan
ID: 40263286
thanks guys .. so I can add ?{$_.ObjectClass -eq "computer"} to my existing script ?

Id like to keep the existing script since I use that to pull from groups that have more then 10k objects.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 29

Expert Comment

by:becraig
ID: 40263295
You will have to add some extra logic then, since you have the statement piping into get-aduser etc.

However yes that will get you what you need.


you can open a new question if you need someone to rework the script for you.
0
 
LVL 40

Accepted Solution

by:
Subsun earned 2000 total points
ID: 40263876
Are you trying to pull both Users and computer objects? If yes.. Following is the slightly modified version of the code (untested).. which will export all members.. Check and let me know if you find any issues..
Import-Module Activedirectory
[array]$Members=$null
GC groups.txt | % {
$Group = Get-ADGroup $_  -ErrorAction SilentlyContinue
If ($Group){
$members += Get-ADGroup $Group.Name -Properties Members |  
  Select-Object -ExpandProperty Members |  
  Get-ADObject -properties * | %{
	$obj = $_
      Switch ($_.ObjectClass){
	   User {$obj | Get-aduser -Pr * | Select @{L='GroupName';e={$Group.Name}},Name,Samaccountname,Enabled,Mail,LastLogonDate,ObjectClass}
	 computer {$obj | Get-adcomputer -Pr * | Select @{L='GroupName';e={$Group.Name}},Name,Samaccountname,Enabled,Mail,LastLogonDate,ObjectClass}
	default {$obj | Select @{L='GroupName';e={$Group.Name}},Name,Samaccountname,Enabled,Mail,LastLogonDate,ObjectClass}
	}
    }
 }
}
$Members | Select * | Export-Csv Groupinfo_$((Get-Date -Format MM-dd-yyyy)).csv -NoTypeInformation

Open in new window

0
 
LVL 2

Author Closing Comment

by:MilesLogan
ID: 40264032
Thank you Subsun !
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question