Help generating a csv file of users group membership with PowerShell

Hello Powershell Experts,

I'm trying to recreate my work domain on a virtual machine on my laptop to do some testing on. I have recreated the OU structure. I have recreated all of the groups (and they are in the proper OUs). I have recreated all of the user accounts (and they are in the proper OUs). I have used Powershell and CSV files to do all of the work up this point. Now I would like to recreate group membership using Poweshell. My thought was to do something like this in the production domain:

$Users = Get-QADUser | select samaccountname

foreach ($User in $Users){Get-QADGroup -ContainsMember $user.SamAccountName | select `
@{n="SamAccountName";e="$User.samaccountname"},
@{n="Group";e="$_.samaccountname"}
}

I was anticipating an output like:
SamAccountName Group
NickD Domain Users
NickD Accounting
JimJ Domain Users
JimJ IT
JimJ Local Admins
DrewB Domain Users
DrewB HR
DrewB Benefit Admin
DrewB Payroll

I could then take this output and export it to a csv file to move to the test domains and add membership from this file.

The problem is my code doesn't generate any output. I just get:
SamAccountName Group

If I run the following, I get an accurate list of groups for the $user.samaccountname:
get-qadgroup -containsmember $user.samaccountname

Please help me out with what I'm doing wrong on this.

Thanks,
Nick

Get-ADUser -filter {objectClass -eq "user"} | foreach { $samAccountName = $_.samaccountname Get-ADPrincipalGroupMembership -Identity $($samAccountName) | Select -ExpandProperty Name | Select @{n='User';e={$($samAccountName)}},@{n='Group';e={$_}} } | Export-Csv -Path ".\UsersAndGroups.txt" -NoTypeInformation

Get-ADUser -filter {objectClass -eq "user"} | foreach { $samAccountName = $_.samaccountname Get-ADPrincipalGroupMembership -Identity $($samAccountName) | Select -ExpandProperty Name | Select @{n='User';e={$($samAccountName)}},@{n='Group';e={$_}} } | Sort-Object Group | Export-Csv -Path ".\UsersAndGroups.txt" -NoTypeInformation

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LVL 65

RobSampsonCommented: 2015-02-25

Hi, this should generate that CSV file for you.

Regards,

Rob.

Open in new window

Oh, and Get-QADUser is a Quest cmdlet, Powershell now has built in AD cmdlets if you have RSAT installed.

Rob.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial

LVL 25

Mohammed KhawajaManager - Infrastructure: Information TechnologyCommented: 2015-02-25

AD Web services is not available if all your DCs are Win2K3. Get-ADUSER will work with Win2K8 DCs (or if you have a Win2K8 or higher DC) with AD Web Services running on it.

LVL 1

ndalmolin_13Author Commented: 2015-02-26

This is awsome! If I wanted to resort based on groups, where would I put the sort-object command?

RobSampsonCommented: 2015-02-26

Hi, if you want the same data, just sorted by group, put the sort before the Export-CSV cmdlet.

Help generating a csv file of users group membership with PowerShell

Who is Participating?