Active Directory AD Group information

Can someone help me with creating a PowerShell script that will pull from Active Directory the following report from selected AD Security groups like "Domain Admins", "Enterprise Admins" etc.

formating as followed. Name,Displayname,Title,SamAccountName,DistinguishedName(filtered by out to list only domain)

Looking for the report to be a CSV file.  Thanks
nss-bigblokeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sam JacobsDirector of Technology Development, IPMCommented:
$filePath ="C:\filepath"
$groups = Get-Content "$($filePath)\groups.txt" 
foreach ($group in $groups) {
    Get-ADGroupMember $group |
    Select @{n='Name'; e={$group}},
    @{n='DisplayName'; e={Get-ADUser $_.sAMAccountName -Property DisplayName | Select -ExpandProperty DisplayName}},
    @{n='Title'; e={Get-ADUser $_.sAMAccountName -Property Title | Select -ExpandProperty Title}},
        SamAccountName, DistinguishedName |
    Export-Csv "$($filePath)\GroupMembers.csv" -NoTypeInformation -Append
}

Open in new window


When you ask for Name, I'm assuming that you mean the name of the group.
Not sure what you mean by " ... (filtered by out to list only domain)."
nss-bigblokeAuthor Commented:
Sorry for the miss understanding. I need to be able to run against multiple groups selected and different multiple company domains. We have 5. Is it possible to make this scipt do that ?


$Server = Read-Host -Prompt "Input the FQDN for the Domain"
$CsvPath = "c:\logs\$($Server)_Administrators_$(Get-Date -Format ddMMyyyy).csv"
$ADGroupName = "Domain Admins"
$Output = @()

$ADGroupMembers_Users = Get-ADGroupMember $ADGroupName -Recursive -Server $Server
$ADGroupMembers_Groups = Get-ADGroupMember $ADGroupName -Server $Server | Where-Object {$_.ObjectClass -eq "group"}

foreach ($m in $ADGroupMembers_Users) {
  $Output += Get-ADUser $m | Select Name,Displayname,Title,SamAccountName,DistinguishedName
}

foreach ($m in $ADGroupMembers_Groups) {
  $Output += Get-ADGroup $m -Properties Description | select Name,Description,ObjectClass
}

$Output | Export-Csv -NoTypeInformation -Path $CsvPath
Sam JacobsDirector of Technology Development, IPMCommented:
Are the domains in the same AD forest? If so, you can use the following to get your list of domains:
$domains = @((Get-ADForest).domains)

Open in new window

Are the groups the same for each domain?
Do you want separate CSVs for each domain, or have them all in the same one?
Do you want separate CSVs for each object type (groups/members) or one for both?
If the latter, you would need to have all fields in each record of the CSV, for example:
domain, group name, group description, objectClass, user name, display name, title, sAMAccountName, Distinguishedname
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

nss-bigblokeAuthor Commented:
Yes, The domain are in the same forest. But the Groups are not the same in all of the domains.
Sam JacobsDirector of Technology Development, IPMCommented:
If you create a file (DomainGroups.txt) in this format:
domain1.com, group1, group2, etc.
domain2.com, group5, group6, etc.

Does this give you what you are looking for?
$filePath ="C:\filepath"
$DomainGroups = Get-Content "$($filePath)\DomainGroups.txt" 
foreach ($DomainGroup in $DomainGroups) {
    $dg = $DomainGroup.Split(",")
    $domain = $dg[0]
    for($idx=1; $idx -lt $dg.Length; $idx++) {
        $group = $dg[$idx]
        $description = 
        Get-ADGroupMember $group -Server $domain |
        Select `
        @{n='Domain'; e={$domain}},
        @{n='Group Name'; e={$group}},
        @{n='Description'; e={Get-ADGroup $group -Server $domain -Properties Description | Select -ExpandProperty Description}},
        @{n='objectClass'; e={Get-ADGroup $group -Server $domain -Properties objectClass | Select -ExpandProperty objectClass}},
        @{n='User Name'; e={Get-ADUser $_.sAMAccountName -Server $domain -Property DisplayName | Select -ExpandProperty DisplayName}},
        @{n='Title'; e={Get-ADUser $_.sAMAccountName -Server $domain -Property Title | Select -ExpandProperty Title}},
            SamAccountName, DistinguishedName |
        Export-Csv "$($filePath)\DomainGroupMembers.csv" -NoTypeInformation -Append
      
    }
}

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nss-bigblokeAuthor Commented:
Wow, this is the perfect script for what I'm doing !!!!! Able to do an audit with one click on all domain and set groups. THANKS Guy
nss-bigblokeAuthor Commented:
THANKS !!!!
Sam JacobsDirector of Technology Development, IPMCommented:
You're most welcome.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.