Exporting members of "Domain Admins" group with specific attributes.

Nitin Pandey
Nitin Pandey used Ask the Experts™
on
Hi Team,

I'm trying to extract Domain Admins members all all below details, but the lastLogonTimestamp, useraccountcontrol, whenChanged,whenCreated is returning blank values.

Get-ADGroupMember -Identity "Domain Admins" |Select-Object -Property Name,@{name="Description";expression={(Get-ADUser -Identity $_.SamAccountName -Properties Description).Description}},SamAccountName, lastLogonTimestamp,useraccountcontrol,whenChanged,whenCreated

Open in new window


Something small, but can't figure it. Need help.

Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2018
Distinguished Expert 2018
Commented:
Because Get-ADGroupMember only returns objects with only the very basic properties. Everything else, you have to get yourself (basically like you started to do with the description):
Get-ADGroupMember -Identity "Domain Admins" |
	Where-Object {$_.objectClass -eq 'user'} |
	Get-ADUser -Property Description, lastLogonTimestamp, userAccountControl, whenChanged, whenCreated |
	Select-Object -Property Name, Description, SamAccountName, lastLogonTimestamp, Useraccountcontrol, WhenChanged, WhenCreated

Open in new window

Commented:
Try this one:

$filePath = "C:\Logs\"
$ADGroups = Get-ADGroup -Identity 'Domain Admins' -Filter * -Properties * | Where-Object GroupCategory -eq "Security" | Sort-Object Name 
foreach ($group in $ADgroups) {
    Get-ADGroupMember $group.Name |
        Select-Object -Property Name,
        @{n = 'Group Name'; e = {$group.Name}},
        @{n = 'User Name'; e = {$_.Name}},
        @{name = "Description"; expression = {(Get-ADUser -Identity $_.SamAccountName -Properties Description).Description}}, 
        SamAccountName, 
        lastLogonTimestamp, 
        useraccountcontrol, 
        whenChanged, 
        whenCreated |
        Export-Csv "$($filePath)\SecurityGroupMembers.csv" -NoTypeInformation -Append
}

Open in new window

Nitin PandeyInfrastructure Engineer

Author

Commented:
Thanks a ton guys. The lastLogonTimestamp was showing up with characters, but I converted it in Excel using =IF(D2>0,D2/(8.64*10^11) - 109205,"") in a new column E.

Can this be handled in the powershell output directly?
Most Valuable Expert 2018
Distinguished Expert 2018
Commented:
Sure:
Get-ADGroupMember -Identity "Domain Admins" |
	Where-Object {$_.objectClass -eq 'user'} |
	Get-ADUser -Property Description, lastLogonTimestamp, userAccountControl, whenChanged, whenCreated |
	Select-Object -Property Name, Description, SamAccountName, @{n='LastLogonTimeStamp'; e={[DateTime]::FromFileTime($_.lastLogonTimeStamp)}}, Useraccountcontrol, WhenChanged, WhenCreated 

Open in new window

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial