Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Issue with powershell script / List users in child domains

Posted on 2014-11-11
6
Medium Priority
?
1,145 Views
Last Modified: 2014-11-11
I have a forest with a number of domains under it, and I need a script that will crawl the directories of the child domains and list the users in each domain.  What I have is:

Import-Module ActiveDirectory
(Get-ADForest).domains | % {
Get-ADUser -filter * -SearchBase "$((Get-ADDomain).distinguishedname)" | Select Name, sAMAccountName | Export-CSV "C:\$_ User Accounts.csv" -nti
}

Open in new window


This works and will list users in the C:\ drive labeled to the child domains but in the text file the users are all from the root forest level.  

I've tried tweaking this but can't seem to get it to produce the results I need- am I missing something obvious here?  Any help is appreciated.
0
Comment
Question by:Uptime Legal Systems
  • 4
6 Comments
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 1000 total points
ID: 40435962
I think I am the one who gave you this script. Try this instead.

Import-Module ActiveDirectory
(Get-ADForest).domains | % {
Get-ADUser -filter * -Server $_ | Select Name,sAMAccountName | Export-CSV "C:\$_ User Accounts.csv" -nti
}

Open in new window

0
 
LVL 19

Assisted Solution

by:Raheman M. Abdul
Raheman M. Abdul earned 1000 total points
ID: 40435972
Try this:
Import-Module ActiveDirectory
(Get-ADForest).domains | % {
Get-ADUser -filter * -server "$((Get-ADDomain).distinguishedname)" | Select Name, sAMAccountName | Export-CSV "C:\$_ User Accounts.csv" -nti
}
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40435981
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 6

Author Closing Comment

by:Uptime Legal Systems
ID: 40435983
I believe you are Josh!  Thanks again for your previous (and this reply).

I got around to testing on a larger forest and found that it was only listing the users from the top level but it looks like it was a minor change.   Thanks again for both of the answers.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40435988
You're welcome!
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40436002
Also, using this

$((Get-ADDomain).distinguishedname) will always return the domain that your user account is in, that was my fault, I didnt think that through.

Rahemans post is incorrect as well.

The proper way for the other script to work is this.

Import-Module ActiveDirectory
(Get-ADForest).domains | % {
Get-ADUser -filter * -SearchBase "OU=Accounts,$((Get-ADDomain -Server $_).distinguishedname)" -Server $_ | Select Name,sAMAccountName | Export-CSV "C:\$_ User Accounts.csv" -nti
}

Open in new window


I will post the revised script on the other post as well.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question