Link to home
Start Free TrialLog in
Avatar of NOC123
NOC123

asked on

AD Query Script for Sec Groups

I am looking for an AD script to help us audit our security groups. I would like to be able to get an output of all the Sec groups we have and their members. Is this possible?
Avatar of Jeremy Weisinger
Jeremy Weisinger
A while back a wrote a script to do just that... Here's an excerpt. 
$filedate = Get-Date -Format yyyyMMdd
$exportfile = 'D:\Utils\GroupMembershipReports\' + $filedate + 'GrpReport.csv' #Path to where you want to put the CSV results


$ADGroups = Get-ADGroup -Filter * -Properties CanonicalName,Created,Description,DisplayName,Members,Modified,SamAccountName -resultsetsize $null


#Build a table to format the results 
$table = New-Object system.Data.DataTable "GroupMembership" 
$col1 = New-Object system.Data.DataColumn GroupName,([string]) 
$table.columns.add($col1) 
$col2 = New-Object system.Data.DataColumn GroupCanonicalName,([string]) 
$table.columns.add($col2) 
$col3 = New-Object system.Data.DataColumn GroupDisplayName,([string]) 
$table.columns.add($col3) 
$col4 = New-Object system.Data.DataColumn GroupDescription,([string]) 
$table.columns.add($col4)
$col5 = New-Object system.Data.DataColumn GroupCreated,([datetime]) 
$table.columns.add($col5)
$col6 = New-Object system.Data.DataColumn GroupModified,([datetime]) 
$table.columns.add($col6)
$col7 = New-Object system.Data.DataColumn MemberName,([string]) 
$table.columns.add($col7)    
$col8 = New-Object system.Data.DataColumn MemberCanonicalName,([string]) 
$table.columns.add($col8)    
$col9 = New-Object system.Data.DataColumn MemberType,([string]) 
$table.columns.add($col9)    

#Loop through Groups
Foreach($grp in $ADGroups){

    #Loop through group members and write to table
    Foreach($grpmem in $grp.Members){
        $memobj = Get-ADObject $grpmem -Properties CanonicalName,SamAccountName,ObjectClass
        $row = $table.NewRow() 
        $row.GroupName = $grp.SamAccountName
        $row.GroupCanonicalName = $grp.CanonicalName
        $row.GroupDisplayName = $grp.DisplayName
        $row.GroupDescription = $grp.Description
        $row.GroupCreated = $grp.Created
        $row.GroupModified = $grp.Modified
        $row.MemberName = $memobj.SamAccountName
        $row.MemberCanonicalName =$memobj.CanonicalName
        $row.MemberType = $memobj.ObjectClass
        $table.Rows.Add($row)
        }
    }    


#write output to CSV
$table | Export-Csv $exportfile -NoTypeInformation

Open in new window

Avatar of NOC123
NOC123

ASKER

Im sure I am missing a step, but just tried to run that script and it only spit out a blank CSV
Avatar of Jeremy Weisinger
Jeremy Weisinger
What version of Windows are you running? Do you get any errors? Are you running it from a computer that has the Active Directory Powershell module on it?
Avatar of NOC123
NOC123

ASKER

Server 2008 R2 and yes a few errors:

Get-adgroup is not recognized

get-adobject is not recognized

exception setting groupcreated

exception setting groupmodified
ASKER CERTIFIED SOLUTION
Avatar of Jeremy Weisinger
Jeremy Weisinger
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of NOC123
NOC123

ASKER

worked great and exactly what i needed! thanks!
Avatar of Jeremy Weisinger
Jeremy Weisinger
Glad to help. :)