Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Display Active Directory User's Group Memberships

Posted on 2016-08-17
5
Medium Priority
?
73 Views
Last Modified: 2016-08-17
Hi there,
Just wondering how to properly display an AD User's Group Memberships when I create an array. What was requested, is to find all users in AD that have not logged into the network older than 90 days, do some cleanup (move their personal drive, Exchange mailbox, etc.) and to create a log of their account, and what groups they were in.

So here's what I was able to come up with:

#Create the time parameter, 90 days from last logon date

$90Days = (get-date).adddays(-90)

#Create a variable for the date stamp in the log file

$LogDate = get-date -f yyyyMMddhhmm

#Sets the OU to do the base search for all user accounts

$SearchBase = "OU=Contoso, DC=com"

#Create an empty array for the log file

$LogArray = @()

#Use ForEach to loop through all users with logon date older than date set, 90 days. Does clean up and adds to log array.

ForEach ($DeletedUser in (Get-ADUser -searchbase $SearchBase -filter {(lastlogondate -notlike "*" -OR lastlogondate -le $90days) -AND (passwordlastset -le $90days) -AND (enabled -eq $False) -AND (whencreated -le $90days)} -Properties *) )
{
	#Create new object for logging

        $obj = New-Object PSObject

        $obj | Add-Member -MemberType NoteProperty -Name “Name” -Value $DeletedUser.name

        $obj | Add-Member -MemberType NoteProperty -Name “samAccountName” -Value $DeletedUser.samaccountname

        $obj | Add-Member -MemberType NoteProperty -Name “DistinguishedName” -Value $DeletedUser.DistinguishedName

	[b]$obj | Add-Member -MemberType NoteProperty -Name "Member Of" -Value @{expression={$DeletedUser.memberof -join “;”}}[/b]

	#$obj | Add-Member -MemberType NoteProperty -Name “Home Directory” -Value $DeletedUser.homeDirectory

        $obj | Add-Member -MemberType NoteProperty -Name “Status” -Value ‘Deleted’

        #Adds object to the log array

        $LogArray += $obj
}

#Exports log array to CSV file in the temp directory with a date and time stamp in the file name.

$logArray | Export-Csv “C:\Temp\User_Report_$logDate.csv” -NoTypeInformation

Open in new window


Everything looks good, however, when it comes to the Member Of column, I get a "System.Collections.Hashtable", rather than all the groups the user was in. I think it's because I'm grabbing the data from a property that's an array, and then putting it in another array?

Just wondering what I'm missing...

Please let me know if you need additional info/details...

Thanks,
Classic
0
Comment
Question by:Classic1
  • 2
  • 2
5 Comments
 
LVL 35

Expert Comment

by:YZlat
ID: 41759676
try replacing

{$DeletedUser.memberof -join “;”}

Open in new window


with

{($DeletedUser.memberof | % { (Get-ADGroup $_).Name; }) -join ';'}

Open in new window

0
 

Author Comment

by:Classic1
ID: 41759735
Hi YZlat,
Thanks for the quick response, unfortunately, I still get the same result:

        $obj | Add-Member -MemberType NoteProperty -Name "Member Of" -Value @{expression={($DeletedUser.memberof | % { (Get-ADGroup $_).Name; }) -join ';'}}

 

-Classic1
Output.jpg
0
 
LVL 41

Accepted Solution

by:
footech earned 2000 total points
ID: 41759810
What you're seeing is kind of a combination of things.  When you use Export-CSV, all the values for the fields can really only be strings.  So having the "Member Of" field be a hashtable will not display correctly in a .CSV (even though it might display properly if you were outputting directly to console).
The following should work.
$obj | Add-Member -MemberType NoteProperty -Name "Member Of" -Value ($DeletedUser.memberof -join ";")

Open in new window


Beyond that, I would change your code to not use the Add-Member cmdlet, as it's typically very inefficient.  A better way would be:
Get-ADUser -searchbase $SearchBase -filter {(lastlogondate -notlike "*" -OR lastlogondate -le $90days) -AND (passwordlastset -le $90days) -AND (enabled -eq $False) -AND (whencreated -le $90days)} -Properties Name,samAccountName,DistinguishedName,MemberOf |
 Select Name,samAccountName,DistinguishedName,
        @{n="Member Of";e={$_.memberof -join ";"}},
        @{n="Status";e={"Deleted"}} |
 Export-Csv "C:\Temp\User_Report_$logDate.csv" -NoTypeInformation

Open in new window

Notice I also replaced the -properties * of the Get-ADUser command to retrieve only the attributes you want.
1
 

Author Closing Comment

by:Classic1
ID: 41760016
Thanks for the quick response and tips! That worked great!
I was going to clean up the -Properties * once my Manager agreed on what she wanted to see...

I added: | % { (Get-ADObject $_).Name } to show the actual Name of the group, rather than showing everything...

Much appreciated,
Classic
0
 
LVL 41

Expert Comment

by:footech
ID: 41760116
Glad to help.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question