[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 560
  • Last Modified:

Help getting a table with a user's group (direct and indirect) membership with Powershell

Hello Experts,
Once again, I’m coming to you with what I’m sure is going to be an easy question that I’m pulling my hair out over.  I want to generate a list of all the groups that all of the members of our technical sales department belongs to and create a csv file with that information.  The basic output would look like the following:
TSD Member                        Group
Nickd                              Domain Users
Nickd                              TSD
Nickd                              Sales-General
JoeF                              Domain Users
JoeF                              TSD
JoeF                              Sales-General
JoeF                              Sales-North
KrisG                              Domain Users
KrisG                              TSD
KrisG                              TSD-Marketing
KrisG                              TSD-Sales      

Here is the code I have to get users of the technical sales division (I know it si messy, but if filters the way I need it to in our Active Directory):
$TSDMembers = Get-ADObject -Properties * -Filter {objectclass -eq "user" -and objectCategory -eq "Person"} -SearchBase "OU=Technical Sales division,OU=phoenix,DC=mycompany,DC=local" | where-object {$_.st -eq "AL"} | select -ExpandProperty samaccountname | sort samaccountname

Foreach ($TSDMember in $TSDMembers){
Get-QADGroup -ContainsMember $TSDuser.samaccountname -ContainsIndirectMember $TSDuser.samaccountname | select `
    @{n="Name";e="$TSDuser.samaccountname"},
    @{n="Groups";e="$_.name"}
}

When I run this, my table has the column headers, but no data.  What am I doing wrong here?

Thanks in advance for your help.
0
ndalmolin_13
Asked:
ndalmolin_13
1 Solution
 
SubsunCommented:
$TSDuser.samaccountname won’t return any value First it is not defined in the script, you have used $TSDMember as a variable in Foreach but inside loop you were using $TSDuser which was not defined anywhere in script.
 Secondly, you have used Select –ExpandProperty samaccountname to create the list of samaccountname’s, so the property name samaccountname will not be available as the array $TSDMembers you create is just a list of strings (list of samaccountname)

The custom property syntax was incorrect..

Lastly, not need to use both -ContainsMember & -ContainsIndirectMember. -ContainsIndirectMember parameter will give you the details which you are looking for..

I also replaced Get-ADObject with Get-QADObject
Try..
$TSDMembers = Get-QADObject -Type User -SearchRoot "OU=Technical Sales division,OU=phoenix,DC=mycompany,DC=local" | where-object {$_.st -eq "AL"} | select -ExpandProperty samaccountname | sort samaccountname

Foreach ($TSDMember in $TSDMembers){
Get-QADGroup -ContainsIndirectMember $TSDMember | select `
    @{n="User";e={$TSDMember}},
    @{n="Groups";e={$_.name}}
}

Open in new window

0
 
ndalmolin_13Author Commented:
Awesome.  Thanks for the explanation.  It really helped.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now