Link to home
Start Free TrialLog in
Avatar of Classic1
Classic1Flag for Canada

asked on

Display Active Directory User's Group Memberships

Hi there,
Just wondering how to properly display an AD User's Group Memberships when I create an array. What was requested, is to find all users in AD that have not logged into the network older than 90 days, do some cleanup (move their personal drive, Exchange mailbox, etc.) and to create a log of their account, and what groups they were in.

So here's what I was able to come up with:

#Create the time parameter, 90 days from last logon date

$90Days = (get-date).adddays(-90)

#Create a variable for the date stamp in the log file

$LogDate = get-date -f yyyyMMddhhmm

#Sets the OU to do the base search for all user accounts

$SearchBase = "OU=Contoso, DC=com"

#Create an empty array for the log file

$LogArray = @()

#Use ForEach to loop through all users with logon date older than date set, 90 days. Does clean up and adds to log array.

ForEach ($DeletedUser in (Get-ADUser -searchbase $SearchBase -filter {(lastlogondate -notlike "*" -OR lastlogondate -le $90days) -AND (passwordlastset -le $90days) -AND (enabled -eq $False) -AND (whencreated -le $90days)} -Properties *) )
{
	#Create new object for logging

        $obj = New-Object PSObject

        $obj | Add-Member -MemberType NoteProperty -Name “Name” -Value $DeletedUser.name

        $obj | Add-Member -MemberType NoteProperty -Name “samAccountName” -Value $DeletedUser.samaccountname

        $obj | Add-Member -MemberType NoteProperty -Name “DistinguishedName” -Value $DeletedUser.DistinguishedName

	[b]$obj | Add-Member -MemberType NoteProperty -Name "Member Of" -Value @{expression={$DeletedUser.memberof -join “;”}}[/b]

	#$obj | Add-Member -MemberType NoteProperty -Name “Home Directory” -Value $DeletedUser.homeDirectory

        $obj | Add-Member -MemberType NoteProperty -Name “Status” -Value ‘Deleted’

        #Adds object to the log array

        $LogArray += $obj
}

#Exports log array to CSV file in the temp directory with a date and time stamp in the file name.

$logArray | Export-Csv “C:\Temp\User_Report_$logDate.csv” -NoTypeInformation

Open in new window


Everything looks good, however, when it comes to the Member Of column, I get a "System.Collections.Hashtable", rather than all the groups the user was in. I think it's because I'm grabbing the data from a property that's an array, and then putting it in another array?

Just wondering what I'm missing...

Please let me know if you need additional info/details...

Thanks,
Classic
Avatar of YZlat
YZlat
Flag of United States of America image
try replacing

{$DeletedUser.memberof -join “;”}

Open in new window


with

{($DeletedUser.memberof | % { (Get-ADGroup $_).Name; }) -join ';'}

Open in new window

Avatar of Classic1
Classic1
Flag of Canada image

ASKER

Hi YZlat,
Thanks for the quick response, unfortunately, I still get the same result:

        $obj | Add-Member -MemberType NoteProperty -Name "Member Of" -Value @{expression={($DeletedUser.memberof | % { (Get-ADGroup $_).Name; }) -join ';'}}

 

-Classic1
Output.jpg
ASKER CERTIFIED SOLUTION
Avatar of footech
footech
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Classic1
Classic1
Flag of Canada image

ASKER

Thanks for the quick response and tips! That worked great!
I was going to clean up the -Properties * once my Manager agreed on what she wanted to see...

I added: | % { (Get-ADObject $_).Name } to show the actual Name of the group, rather than showing everything...

Much appreciated,
Classic
Avatar of footech
footech
Flag of United States of America image
Glad to help.