Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Powershell & Ad Users & Groups

Posted on 2014-10-10
9
241 Views
Last Modified: 2014-10-14
Need to have a Powershell Script that will pull users and the group memberships they belong to.
0
Comment
Question by:rjordanbots
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 40374246
To collect the group membership of all users.. Try following code.. You need to have at least Win 2008 R2 Domain controllers to use the ActiveDirectory module commands.
Import-Module ActiveDirectory
Get-ADUser -Filter * | foreach-object {
$User = $_.Name 
 Get-ADPrincipalGroupMembership $_.SamAccountName | Select @{N="User";e={$User}},@{N="User";e={$_.Name}}
}| Export-Csv c:\temp\GroupMembership.csv -nti

Open in new window

0
 
LVL 29

Expert Comment

by:becraig
ID: 40374248
Get-ADUser -SearchBase "OU=accounts,dc=test2k8,dc=local" -filter * -properties samaccountname,memberof | select samaccountname, memberof | % {"$($_.samaccountname)`r`n$($_.memberof -join "`r`n")" | Out-File -FilePath "D:\Temp\$($_.samaccountname).txt"}
                                         

Similar  PAQ
http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_28454931.html
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40374255
There was a small typo in above code which I posted..
Import-Module ActiveDirectory
Get-ADUser -Filter * | foreach-object {
$User = $_.Name 
 Get-ADPrincipalGroupMembership $_.SamAccountName | Select @{N="User";e={$User}},@{N="Group";e={$_.Name}}
}| Export-Csv c:\temp\GroupMembership.csv -nti

Open in new window


You can also use -SearchBase parameter to search users from specific OU.
Get-ADUser -SearchBase "OU=contoso users,OU=SBG,DC=contoso,DC=com" -Filter * | foreach-object {...

Open in new window


Or read the user list from a text file (user.txt in this example)..
Import-Module ActiveDirectory
GC C:\Temp\user.txt | foreach-object {
$User = $_
 Get-ADPrincipalGroupMembership $User | Select @{N="User";e={$User}},@{N="Group";e={$_.Name}}
} | Export-Csv c:\temp\GroupMembership.csv -nti

Open in new window

0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 40374772
0
 

Author Comment

by:rjordanbots
ID: 40380512
Is their a way to filter for only active accounts ?
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40380533
You can add a filter to get-aduser

Get-ADUser -Filter 'enabled -eq $true'

This will only return enabled user accounts.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40380541
Slight mod on Subsun's script:

Import-Module ActiveDirectory
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False}  -SearchBase "OU=ouname,dc=domain,dc=local" | foreach-object {
$User = $_.Name 
 Get-ADPrincipalGroupMembership $_.SamAccountName | Select @{N="User";e={$User}},@{N="Group";e={$_.Name}}
}| Export-Csv c:\temp\GroupMembership.csv -nti

Open in new window

0
 
LVL 40

Expert Comment

by:Subsun
ID: 40380544
If you can tell me the script which you are using? then I can modify it to output the enabled accounts..
0
 

Author Closing Comment

by:rjordanbots
ID: 40381216
Thank you for your help.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a PowerShell web interface I use to manage some task as a network administrator. Clicking an action button on the left frame will display a form in the middle frame to input some data in textboxes, process this data in PowerShell and display…
Windows 10 came with  a lot of built in applications, Some organisations leave them there, some will control them using GPO's. This Article is useful for those who do not want to have any applications in their image (example:me).
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question