Solved

get-quadgroup and get-qadgroupmember: empty data when using -exportcsv (Powershell version 4)

Posted on 2016-11-16
8
91 Views
Last Modified: 2017-01-17
I am attempting to create a csv file which grabs all the groups and membership from Active Directory to a csv file. My goal is to list all users and the groups that they are members of. This may not be the best script. If you have a suggestion for a different script, I would be glad to see your suggestions.

When I run this command in Powershell I can see all the groups.

Add-PSSnapin Quest.ActiveRoles.ADManagement
get-qadgroup -Identity '* *' | foreach-object {
"`nGroup: $($_.name)"
get-qadgroupmember ($_)
}


However, when I add the -exportcsv command, the csv file is empty. I do see an error at multiple locations in the Powershell window while the command is running. The error is:

get-qadgroupmember : The trust relationship between the primary domain and the trusted domain failed.
At line:4 char:1
+ get-qadgroupmember ($_)
+ ~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-QADGroupMember], SystemException
    + FullyQualifiedErrorId : System.SystemException,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.GetGroupMemberCmdlet
0
Comment
Question by:Intelli-Seeker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
8 Comments
 

Author Comment

by:Intelli-Seeker
ID: 41890360
I think I fixed the trust relationship issue. There were some orphaned objects from an old domain. I ran the same script and now the file only has this listed:

#TYPE System.String
"Length"
"20"


What am I missing? It shows on the powershell window if I do not pipe it to a csv.
0
 
LVL 82

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 41890447
why are you not using the native comands

get-adgroup -Identity '* *' | select-object name | foreach-object {
     get-adgroupmember ($_)
}

Open in new window

0
 

Author Comment

by:Intelli-Seeker
ID: 41890513
The command you suggested above outputs the following error:

get-adgroup : The term 'get-adgroup' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path
was included, verify that the path is correct and try again.
At line:1 char:1
+ get-adgroup -Identity '* *' | select-object name | foreach-object {
+ ~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (get-adgroup:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 41890558
do you have the RSAT tools installed on that computer as it should have automatically done the 'import-module activedirectory '
0
 

Author Comment

by:Intelli-Seeker
ID: 41891437
I do not have RSAT installed. I am running the script on a Windows 2012 R2 server. Do I need that installed on the server where I am running the script?
0
 

Author Comment

by:Intelli-Seeker
ID: 41893086
I found a similar post to what you are suggesting (thanks for leading me in this direction).

The post is located here Powershell script Export list of all users and there group membership and export to CSV.

Now my question regarding this is how do I add more properties besides the DisplayName and memberof? For example, I would like to include the EmployeeId attribute that is in Active Directory.
0
 

Author Comment

by:Intelli-Seeker
ID: 41893327
This forum is awesome! Thanks for your help. I figured out the script with your guidance and the script found in another post. Here is the final version of the script (with the searchbase container names redacted).

Import-Module Activedirectory
Get-ADUser -Filter * -Properties DisplayName,EmployeeID,memberof -searchbase 'OU=Users,OU=WCNB,DC=wcnb,DC=local' | % {
  New-Object PSObject -Property @{
      UserName = $_.DisplayName
      EmployeeID = $_.EmployeeID
      Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -join ","
      }
} | Select UserName,EmployeeID,Groups | Export-Csv C:\Reports\ADreport.csv -NTI

Open in new window

0
 

Author Closing Comment

by:Intelli-Seeker
ID: 41893329
Thanks for your assistance in pointing me in the right direction. I had to install the AD feature on the server where I was running the script. After that I was able to create the script that I listed in the comments.
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question