Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 255
  • Last Modified:

Powershell & Ad Users & Groups

Need to have a Powershell Script that will pull users and the group memberships they belong to.
0
rjordanbots
Asked:
rjordanbots
  • 3
  • 2
  • 2
  • +2
1 Solution
 
SubsunCommented:
To collect the group membership of all users.. Try following code.. You need to have at least Win 2008 R2 Domain controllers to use the ActiveDirectory module commands.
Import-Module ActiveDirectory
Get-ADUser -Filter * | foreach-object {
$User = $_.Name 
 Get-ADPrincipalGroupMembership $_.SamAccountName | Select @{N="User";e={$User}},@{N="User";e={$_.Name}}
}| Export-Csv c:\temp\GroupMembership.csv -nti

Open in new window

0
 
becraigCommented:
Get-ADUser -SearchBase "OU=accounts,dc=test2k8,dc=local" -filter * -properties samaccountname,memberof | select samaccountname, memberof | % {"$($_.samaccountname)`r`n$($_.memberof -join "`r`n")" | Out-File -FilePath "D:\Temp\$($_.samaccountname).txt"}
                                         

Similar  PAQ
http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_28454931.html
0
 
SubsunCommented:
There was a small typo in above code which I posted..
Import-Module ActiveDirectory
Get-ADUser -Filter * | foreach-object {
$User = $_.Name 
 Get-ADPrincipalGroupMembership $_.SamAccountName | Select @{N="User";e={$User}},@{N="Group";e={$_.Name}}
}| Export-Csv c:\temp\GroupMembership.csv -nti

Open in new window


You can also use -SearchBase parameter to search users from specific OU.
Get-ADUser -SearchBase "OU=contoso users,OU=SBG,DC=contoso,DC=com" -Filter * | foreach-object {...

Open in new window


Or read the user list from a text file (user.txt in this example)..
Import-Module ActiveDirectory
GC C:\Temp\user.txt | foreach-object {
$User = $_
 Get-ADPrincipalGroupMembership $User | Select @{N="User";e={$User}},@{N="Group";e={$_.Name}}
} | Export-Csv c:\temp\GroupMembership.csv -nti

Open in new window

0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
Vaseem MohammedCommented:
0
 
rjordanbotsAuthor Commented:
Is their a way to filter for only active accounts ?
0
 
Joshua GrantomSenior EngineerCommented:
You can add a filter to get-aduser

Get-ADUser -Filter 'enabled -eq $true'

This will only return enabled user accounts.
0
 
becraigCommented:
Slight mod on Subsun's script:

Import-Module ActiveDirectory
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False}  -SearchBase "OU=ouname,dc=domain,dc=local" | foreach-object {
$User = $_.Name 
 Get-ADPrincipalGroupMembership $_.SamAccountName | Select @{N="User";e={$User}},@{N="Group";e={$_.Name}}
}| Export-Csv c:\temp\GroupMembership.csv -nti

Open in new window

0
 
SubsunCommented:
If you can tell me the script which you are using? then I can modify it to output the enabled accounts..
0
 
rjordanbotsAuthor Commented:
Thank you for your help.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now