?
Solved

Issue with powershell script / List users in child domains

Posted on 2014-11-11
6
Medium Priority
?
1,067 Views
Last Modified: 2014-11-11
I have a forest with a number of domains under it, and I need a script that will crawl the directories of the child domains and list the users in each domain.  What I have is:

Import-Module ActiveDirectory
(Get-ADForest).domains | % {
Get-ADUser -filter * -SearchBase "$((Get-ADDomain).distinguishedname)" | Select Name, sAMAccountName | Export-CSV "C:\$_ User Accounts.csv" -nti
}

Open in new window


This works and will list users in the C:\ drive labeled to the child domains but in the text file the users are all from the root forest level.  

I've tried tweaking this but can't seem to get it to produce the results I need- am I missing something obvious here?  Any help is appreciated.
0
Comment
Question by:Uptime Legal Systems
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 1000 total points
ID: 40435962
I think I am the one who gave you this script. Try this instead.

Import-Module ActiveDirectory
(Get-ADForest).domains | % {
Get-ADUser -filter * -Server $_ | Select Name,sAMAccountName | Export-CSV "C:\$_ User Accounts.csv" -nti
}

Open in new window

0
 
LVL 19

Assisted Solution

by:Raheman M. Abdul
Raheman M. Abdul earned 1000 total points
ID: 40435972
Try this:
Import-Module ActiveDirectory
(Get-ADForest).domains | % {
Get-ADUser -filter * -server "$((Get-ADDomain).distinguishedname)" | Select Name, sAMAccountName | Export-CSV "C:\$_ User Accounts.csv" -nti
}
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40435981
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 6

Author Closing Comment

by:Uptime Legal Systems
ID: 40435983
I believe you are Josh!  Thanks again for your previous (and this reply).

I got around to testing on a larger forest and found that it was only listing the users from the top level but it looks like it was a minor change.   Thanks again for both of the answers.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40435988
You're welcome!
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40436002
Also, using this

$((Get-ADDomain).distinguishedname) will always return the domain that your user account is in, that was my fault, I didnt think that through.

Rahemans post is incorrect as well.

The proper way for the other script to work is this.

Import-Module ActiveDirectory
(Get-ADForest).domains | % {
Get-ADUser -filter * -SearchBase "OU=Accounts,$((Get-ADDomain -Server $_).distinguishedname)" -Server $_ | Select Name,sAMAccountName | Export-CSV "C:\$_ User Accounts.csv" -nti
}

Open in new window


I will post the revised script on the other post as well.
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question