Active Directory AD Group information

nss-bigbloke
nss-bigbloke used Ask the Experts™
on
Can someone help me with creating a PowerShell script that will pull from Active Directory the following report from selected AD Security groups like "Domain Admins", "Enterprise Admins" etc.

formating as followed. Name,Displayname,Title,SamAccountName,DistinguishedName(filtered by out to list only domain)

Looking for the report to be a CSV file.  Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Sam JacobsCitrix Technology Professional / Director of TechDev Services, IPM

Commented:
$filePath ="C:\filepath"
$groups = Get-Content "$($filePath)\groups.txt" 
foreach ($group in $groups) {
    Get-ADGroupMember $group |
    Select @{n='Name'; e={$group}},
    @{n='DisplayName'; e={Get-ADUser $_.sAMAccountName -Property DisplayName | Select -ExpandProperty DisplayName}},
    @{n='Title'; e={Get-ADUser $_.sAMAccountName -Property Title | Select -ExpandProperty Title}},
        SamAccountName, DistinguishedName |
    Export-Csv "$($filePath)\GroupMembers.csv" -NoTypeInformation -Append
}

Open in new window


When you ask for Name, I'm assuming that you mean the name of the group.
Not sure what you mean by " ... (filtered by out to list only domain)."
nss-bigblokeEngineer

Author

Commented:
Sorry for the miss understanding. I need to be able to run against multiple groups selected and different multiple company domains. We have 5. Is it possible to make this scipt do that ?


$Server = Read-Host -Prompt "Input the FQDN for the Domain"
$CsvPath = "c:\logs\$($Server)_Administrators_$(Get-Date -Format ddMMyyyy).csv"
$ADGroupName = "Domain Admins"
$Output = @()

$ADGroupMembers_Users = Get-ADGroupMember $ADGroupName -Recursive -Server $Server
$ADGroupMembers_Groups = Get-ADGroupMember $ADGroupName -Server $Server | Where-Object {$_.ObjectClass -eq "group"}

foreach ($m in $ADGroupMembers_Users) {
  $Output += Get-ADUser $m | Select Name,Displayname,Title,SamAccountName,DistinguishedName
}

foreach ($m in $ADGroupMembers_Groups) {
  $Output += Get-ADGroup $m -Properties Description | select Name,Description,ObjectClass
}

$Output | Export-Csv -NoTypeInformation -Path $CsvPath
Sam JacobsCitrix Technology Professional / Director of TechDev Services, IPM

Commented:
Are the domains in the same AD forest? If so, you can use the following to get your list of domains:
$domains = @((Get-ADForest).domains)

Open in new window

Are the groups the same for each domain?
Do you want separate CSVs for each domain, or have them all in the same one?
Do you want separate CSVs for each object type (groups/members) or one for both?
If the latter, you would need to have all fields in each record of the CSV, for example:
domain, group name, group description, objectClass, user name, display name, title, sAMAccountName, Distinguishedname
nss-bigblokeEngineer

Author

Commented:
Yes, The domain are in the same forest. But the Groups are not the same in all of the domains.
Citrix Technology Professional / Director of TechDev Services, IPM
Commented:
If you create a file (DomainGroups.txt) in this format:
domain1.com, group1, group2, etc.
domain2.com, group5, group6, etc.

Does this give you what you are looking for?
$filePath ="C:\filepath"
$DomainGroups = Get-Content "$($filePath)\DomainGroups.txt" 
foreach ($DomainGroup in $DomainGroups) {
    $dg = $DomainGroup.Split(",")
    $domain = $dg[0]
    for($idx=1; $idx -lt $dg.Length; $idx++) {
        $group = $dg[$idx]
        $description = 
        Get-ADGroupMember $group -Server $domain |
        Select `
        @{n='Domain'; e={$domain}},
        @{n='Group Name'; e={$group}},
        @{n='Description'; e={Get-ADGroup $group -Server $domain -Properties Description | Select -ExpandProperty Description}},
        @{n='objectClass'; e={Get-ADGroup $group -Server $domain -Properties objectClass | Select -ExpandProperty objectClass}},
        @{n='User Name'; e={Get-ADUser $_.sAMAccountName -Server $domain -Property DisplayName | Select -ExpandProperty DisplayName}},
        @{n='Title'; e={Get-ADUser $_.sAMAccountName -Server $domain -Property Title | Select -ExpandProperty Title}},
            SamAccountName, DistinguishedName |
        Export-Csv "$($filePath)\DomainGroupMembers.csv" -NoTypeInformation -Append
      
    }
}

Open in new window

nss-bigblokeEngineer

Author

Commented:
Wow, this is the perfect script for what I'm doing !!!!! Able to do an audit with one click on all domain and set groups. THANKS Guy
nss-bigblokeEngineer

Author

Commented:
THANKS !!!!
Sam JacobsCitrix Technology Professional / Director of TechDev Services, IPM

Commented:
You're most welcome.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial