Help generating a csv file of users group membership with PowerShell

Hello Powershell Experts,

I'm trying to recreate my work domain on a virtual machine on my laptop to do some testing on.  I have recreated the OU structure.  I have recreated all of the groups (and they are in the proper OUs).  I have recreated all of the user accounts (and they are in the proper OUs).  I have used Powershell and CSV files to do all of the work up this point.  Now I would like to recreate group membership using Poweshell.  My thought was to do something like this in the production domain:

$Users = Get-QADUser  | select samaccountname

foreach ($User in $Users){Get-QADGroup -ContainsMember $user.SamAccountName | select `
    @{n="SamAccountName";e="$User.samaccountname"},
    @{n="Group";e="$_.samaccountname"}
    }

I was anticipating an output like:
SamAccountName                                                                   Group
NickD                                                                                           Domain Users
NickD                                                                                          Accounting
JimJ                                                                                              Domain Users
JimJ                                                                                              IT
JimJ                                                                                             Local Admins
DrewB                                                                                        Domain Users
DrewB                                                                                        HR
DrewB                                                                                        Benefit Admin
DrewB                                                                                        Payroll

I could then take this output and export it to a csv file to move to the test domains and add membership from this file.

The problem is my code doesn't generate any output.  I just get:
SamAccountName                                                               Group





If I run the following, I get an accurate list of groups for the $user.samaccountname:
get-qadgroup -containsmember $user.samaccountname

Please help me out with what I'm doing wrong on this.

Thanks,
Nick
LVL 1
ndalmolin_13Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RobSampsonCommented:
Hi, this should generate that CSV file for you.

Regards,

Rob.

Get-ADUser -filter {objectClass -eq "user"} | 
foreach {
    $samAccountName = $_.samaccountname
    Get-ADPrincipalGroupMembership -Identity $($samAccountName) | 
    Select -ExpandProperty Name | Select @{n='User';e={$($samAccountName)}},@{n='Group';e={$_}}
} | Export-Csv -Path ".\UsersAndGroups.txt" -NoTypeInformation

Open in new window

0
RobSampsonCommented:
Oh, and Get-QADUser is a Quest cmdlet, Powershell now has built in AD cmdlets if you have RSAT installed.

Rob.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
AD Web services is not available if all your DCs are Win2K3.  Get-ADUSER will work with Win2K8 DCs (or if you have a Win2K8 or higher DC) with AD Web Services running on it.
0
ndalmolin_13Author Commented:
This is awsome!  If I wanted to resort based on groups, where would I put the sort-object command?
0
RobSampsonCommented:
Hi, if you want the same data, just sorted by group, put the sort before the Export-CSV cmdlet.

Get-ADUser -filter {objectClass -eq "user"} | 
foreach {
    $samAccountName = $_.samaccountname
    Get-ADPrincipalGroupMembership -Identity $($samAccountName) | 
    Select -ExpandProperty Name | Select @{n='User';e={$($samAccountName)}},@{n='Group';e={$_}}
} | Sort-Object Group | Export-Csv -Path ".\UsersAndGroups.txt" -NoTypeInformation

Open in new window

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.