Link to home
Start Free TrialLog in
Avatar of Isaias Perez
Isaias PerezFlag for United States of America

asked on

Powershell- Grab All AD Groups from AD User Object

I grabbed this piece of Powershell Script from the internet. Its part of my off-boarding script. It takes all AD Groups from user and then exports to said location for safe keeping, in case i ever have to rehire this user and re-add all of his previous AD groups. My question is the following. It currently exports the groups Alias and what i am looking for instead, is for it to export the Distinguishedname instead. How can i change the script below to handle that task?



# Get the list of permissions (group names) and export them to a CSV file for safekeeping
$groupinfo = get-aduser $sam -Properties memberof | select name, 
@{ n="GroupMembership"; e={($_.memberof | foreach{get-adgroup $_}).name}}

$count = 0
$arrlist =  New-Object System.Collections.ArrayList
do{
    $null = $arrlist.add([PSCustomObject]@{
        # Name = $groupinfo.name
        GroupMembership = $groupinfo.GroupMembership[$count]
    })
    $count++
}until($count -eq $groupinfo.GroupMembership.count)

$arrlist | select groupmembership |
convertto-csv -NoTypeInformation |
select -Skip 1 |
out-file $pathFinal
Write-Host ("* " + $din + "'s Active Directory group memberships (permissions) exported and saved to " + $pathFinal)

Open in new window

Avatar of oBdA
oBdA
You already have the group's DNs in the memberOf property, so just use it:
# Get the list of permissions (group names) and export them to a CSV file for safekeeping
$adUser = Get-ADUser $sam -Properties memberOf
$pathFinal = "C:\Temp\Groups_$($adUser.SamAccountName).csv"
$adUser.memberOf | ForEach-Object {
	[PSCustomObject]([ordered]@{
		SamAccountName = $adUser.SamAccountName
		GroupName = $_
	})
} | Export-Csv -Path $pathFinal
Write-Host ("* $($adUser.SamAccountName)'s Active Directory group memberships (permissions) exported and saved to $($pathFinal)"

Open in new window

Avatar of Isaias Perez
Isaias Perez
Flag of United States of America image

ASKER

Ok lastly, i was trying to get creative (did not work) and remove the quotes from the output and tried this. i also need no headers. 

# Get the list of permissions (group names) and export them to a CSV file for safekeeping
$adUser = Get-ADUser $sam -Properties memberOf
$adUser.memberOf | ForEach-Object {
	[PSCustomObject]([ordered]@{
		GroupName = $_
	})
} | % {$_ -replace ‘"‘, ''} |Export-Csv -Path $pathFinal
Write-Host ("* $($adUser.SamAccountName)'s Active Directory group memberships (permissions) exported and saved to $($pathFinal)")

Open in new window


Trying to get a list of all ADgroups DN with no quotes or headers. Reason why is because it will work with my readd-adgroups powershell script aht way if i need to go back and readd all these groups via DN.Im asure you cant pipe a % into another %.
ASKER CERTIFIED SOLUTION
Avatar of oBdA
oBdA
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Isaias Perez
Isaias Perez
Flag of United States of America image

ASKER

Thank you.