P S
asked on
Need to find all user account with specific attribute and it's value
I have a task to find out all user accounts with an attribute "abc" of value 1 which are part of all "XXXX_def" and "XXXX_tuv" group in the entire domain and the output should be in a CSV file.
Where "XXXX" represents OU name. could be anything.
Can some one help me out?.
let me know if any other details are required.
Where "XXXX" represents OU name. could be anything.
Can some one help me out?.
let me know if any other details are required.
Please clarify: are you searching for these users based on their AD group membership ("all "XXXX_def" and "XXXX_tuv" group") or based on the OU ("Where "XXXX" represents OU name")?
ASKER
@oBdA: I am trying to search these users based on their AD group membership. All the user with attribute "abc" of value "1" are part of AD groups "XXXX_def" and "XXXX_tuv".
I've CSV file of all the users with attribute "abc" of value "1".
Hope this helps!!!
I've CSV file of all the users with attribute "abc" of value "1".
Hope this helps!!!
$GroupList = 'XXXX_def' and 'XXXX_tuv'
$Attribute = 'abcr'
$AttributeValue = 1
$CsvFile = 'C:\Temp\ADUsers.csv'
$Return = @{}
$GroupList | ForEach-Object {
Get-ADGroupMember -Identity $_ |
Where-Object {$_.objectClass -eq 'user'} |
ForEach-Object {
If (($ADUser = Get-ADUser -Identity $_.distinguishedName -Property $Attribute).$Attribute -eq $AttributeValue) {
$Return[$_.distinguishedName] = $ADUser
}
}
}
$Return.Values |
Select-Object -Property SamAccountName, DisplayName, distinguishedName, $Attribute |
Export-Csv -NoTypeInformation -Path $CsvFileASKER
Thanks oBdA, but this script did not help me. Basically, there are so many users in the domain in different OU's with attribute name "abc" and having a value "1". Additionally, there are many corresponding AD groups like "XXXX_tuv" and "XXXX_def".
I have a CSV file with samaccountnames having an attribute name "abc" set with value "1". Now I need to find out if these samaccountnames are part of any group which has a name "_def" or "_tuv".
Note: "XXXX" can change as it is based on the OU name. For ex group name could be like "ATLA_abc" or "BALT_tuv".
It's an annoying task but any help would be deeply appriciated. Let me know if anything else is required
I have a CSV file with samaccountnames having an attribute name "abc" set with value "1". Now I need to find out if these samaccountnames are part of any group which has a name "_def" or "_tuv".
Note: "XXXX" can change as it is based on the OU name. For ex group name could be like "ATLA_abc" or "BALT_tuv".
It's an annoying task but any help would be deeply appriciated. Let me know if anything else is required
$Attribute = 'abc'
$AttributeValue = 1
$ExportCsv = 'C:\Temp\ADUsers.csv'
$GroupDNs = Get-ADGroup -Filter "(Name -like '*_def') -or (Name -like '*_tuv')" | Select-Object -ExpandProperty DistinguishedName
Get-ADUser -Filter "$($Attribute) -eq $($AttributeValue)" -Property memberOf -ResultSetSize $Null |
Where-Object {Compare-Object -ReferenceObject $GroupDNs -DifferenceObject $_.memberOf -IncludeEqual -ExcludeDifferent} |
Select-Object -Property SamAccountName, DisplayName, distinguishedName, $Attribute |
Export-Csv -NoTypeInformation -Path $ExportCsvASKER
@oBdA: I ran the script but unfortunately did not get any output. Should i be changing the header of the CSV file which has samaccountname of attribute 'abc' with value 1?. I am keeping the header as "samaccountname" for now of the CSV file.
Thanks.
Thanks.
It's not reading an input file - it's querying AD directly for all users where $Attribute -eq $AttributeValue, then compares whether any of their group membership matches one of the *_def or *_tuv groups, and exports these to the csv file specified in $ExportCsv. So look at the contents of the file defined in line 3.
Only issue is that it currently doesn't export the attribute, that's corrected here:
Only issue is that it currently doesn't export the attribute, that's corrected here:
$Attribute = 'abc'
$AttributeValue = 1
$ExportCsv = 'C:\Temp\ADUsers.csv'
$GroupDNs = Get-ADGroup -Filter "(Name -like '*_def') -or (Name -like '*_tuv')" | Select-Object -ExpandProperty DistinguishedName
"Comparing against the following groups:" | Write-Host
$GroupDNs | % {" - '$($_)'" | Write-Host}
Get-ADUser -Filter "$($Attribute) -eq $($AttributeValue)" -Property memberOf, $Attribute -ResultSetSize $Null |
Where-Object {Compare-Object -ReferenceObject $GroupDNs -DifferenceObject $_.memberOf -IncludeEqual -ExcludeDifferent} |
Select-Object -Property SamAccountName, DisplayName, distinguishedName, $Attribute |
Export-Csv -NoTypeInformation -Path $ExportCsvASKER
I appreciate your help oBdA. Well something did happen but not what i was expecting it to do. Let me re-iterate my question again as i may not have made myself clear in the first place.
I need to find all the accounts in the domain which has the attribute "abc" set with value as "1" and if the same accounts are part of AD groups like "XXXX_def" or "XXXX_tuv". The output CSV file should write down the name of the account along with the above requested AD group name it's part of (if they're actually part of).
Presently, i've the list of samaccountnames in a CSV file and i've set the header of CSV as 'samaccountname'.
Thanks again for your patience on this matter.
I need to find all the accounts in the domain which has the attribute "abc" set with value as "1" and if the same accounts are part of AD groups like "XXXX_def" or "XXXX_tuv". The output CSV file should write down the name of the account along with the above requested AD group name it's part of (if they're actually part of).
Presently, i've the list of samaccountnames in a CSV file and i've set the header of CSV as 'samaccountname'.
Thanks again for your patience on this matter.
Help me out here.
On the one hand, you're repeatedly saying "I need to find all the accounts in the domain which has the attribute "abc" set with value as "1" ", on the other hand, you're saying ""I have a CSV file with samaccountnames having an attribute name "abc" set with value "1".
What is the basis of the membership search supposed to be
- accounts in the domain which have the attribute "abc", or
- a CSV file with samaccountnames
On the one hand, you're repeatedly saying "I need to find all the accounts in the domain which has the attribute "abc" set with value as "1" ", on the other hand, you're saying ""I have a CSV file with samaccountnames having an attribute name "abc" set with value "1".
What is the basis of the membership search supposed to be
- accounts in the domain which have the attribute "abc", or
- a CSV file with samaccountnames
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks oBdA. Script worked for me. You just made my day. I can't thank you enough.