Forum Discussion

Diego13's avatar
Diego13
Copper Contributor
Nov 09, 2022

Get nested AD groups from bulk user or OU

Hi,   I would like to export in a csv file all groups and nested groups from bulk AD user or OU. Example: Users Groups NestedGroups                   User1 Group1 NestedGroup1 ...
Windows PowerShell
Diego13's avatar
Diego13
Copper Contributor
Nov 11, 2022
Please, forgot the last 2 posts and take this post into account:

Script:
# Filter Groups in AD based on OU
$searchBase = "OU=...,OU=...,DC=...,DC=..."
Get-ADGroup -Filter * -SearchBase $searchBase -Property * | Sort-Object Name

# Get List of Members base on Group Name
Get-ADGroupMember -Identity 'GroupName' -Recursive | Select-Object -Property @{n="Members"; e={ $_.Name }} | Sort-Object Members
$result | Export-Csv c:\temp\test.csv -NoTypeInformation

Complete error:
Get-ADGroupMember : Cannot find an object with identity: 'GroupName' under: 'DC=...,DC=...'.
At line:6 char:1
+ Get-ADGroupMember -Identity 'GroupName' -Recursive | Select-Object -P ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (GroupName:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember

Get-ADGroup : Cannot validate argument on parameter 'Identity'. The argument is null. Provide a valid value for the argument, and then try running the command again.
At line:7 char:23
+ Get-ADGroup -identity $item.GroupName | select name | Export-csv -pat ...
+ ~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-ADGroup], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADGroup
  • Diego13's avatar
    Diego13
    Copper Contributor
    Nov 22, 2022
    Hi,

    Sorry for my late answer.
    I cannot export as requested:

    Example:

    Users Groups NestedGroups
    User1 Group1 NestedGroup1 NestedGroup2 NestedGroup3
    Group2 NestedGroup1 NestedGroup2
    Group3 NestedGroup1 NestedGroup2 NestedGroup3 NestedGroup4 NestedGroup5 NestedGroup6 NestedGroup7 NestedGroup8 NestedGroup9 NestedGroup10
    Group4 NestedGroup1 NestedGroup2 NestedGroup3 NestedGroup4
    Group5 NestedGroup1 NestedGroup2 NestedGroup3 NestedGroup4 NestedGroup5
    User2 Group1 NestedGroup1 NestedGroup2 NestedGroup3
    Group2 NestedGroup1 NestedGroup2
    Group3 NestedGroup1 NestedGroup2 NestedGroup3 NestedGroup4 NestedGroup5 NestedGroup6 NestedGroup7 NestedGroup8 NestedGroup9 NestedGroup10
    Group4 NestedGroup1 NestedGroup2 NestedGroup3 NestedGroup4
    Group5 NestedGroup1 NestedGroup2 NestedGroup3 NestedGroup4 NestedGroup5


    Thanks
  • Alan2022's avatar
    Alan2022
    Iron Contributor
    Nov 15, 2022

    Diego13 

    Hi,
    This one will list all the user, memberof & its OU.

    Cls
$userResults = Get-ADUser -Filter 'Name -like "*"' –Properties MemberOf | Select -Property Name, MemberOf 

ForEach($userResult in $userResults){
    
    $userResult.Name
    $userResult.MemberOf
    
}

     

  • Diego13's avatar
    Diego13
    Copper Contributor
    Nov 14, 2022
    This is based from a group but I need by user ou by OU.

    Any idea ?
  • Diego13's avatar
    Diego13
    Copper Contributor
    Nov 14, 2022
    The script checks only 2 levels of nested groups as described:
    " .DESCRIPTION
    Gets a list of nested groups inside an Active Directory group using LDAPFilter. Checks for
    two levels of nested groups from the parent group."
    And this is from a group but I need by user ou by OU:
    ".SYNOPSIS
    Gets a list of nested groups inside an Active Directory group"

    Thanks.
  • Alan2022's avatar
    Alan2022
    Iron Contributor
    Nov 14, 2022

    Diego13 

    This one can get the nested groups.

    https://4sysops.com/archives/finding-nested-groups-faster-with-powershell/

     

     

  • Alan2022's avatar
    Alan2022
    Iron Contributor
    Nov 14, 2022

    Diego13 

     

    This one will get all the group in OU & its list of members.

     

    # Create Array
$customObject = $null
$reports = @()

# Generate CSV Filename
$file = "$($env:USERPROFILE)\Desktop\ADGroups.csv"
if (Test-Path $file) {
    Remove-Item $file
}

# Filter Groups in AD based on OU
$searchBase = "OU=test,DC=domain,DC=com" # <-Change the searchbase base on your OU Location
$resultGroups = Get-ADGroup -Filter * -SearchBase $searchBase -Property * | Sort-Object Name 

ForEach($resultGroup in $resultGroups){

    # Get List of Members base on Group Name
    Get-ADGroupMember -Identity $resultGroup.DistinguishedName -Recursive | Select-Object -Property @{n="Members"; e={ $_.Name }} | Sort-Object Members | ForEach-Object {

        # Create a Custom Object
        $customObject = [PSCustomObject]@{
            GroupName = $resultGroup.Name
            Members = $_.Members
        }  
        $reports += $customObject  
    }
}

# Export result to csv
$reports | Export-Csv $file -NoTypeInformation
Write-Host "Finished..."



     

  • Diego13's avatar
    Diego13
    Copper Contributor
    Nov 14, 2022
    https://github.com/kunaludapi/Powershell-Active-Directory--Show-treeview-of-User-or-Group-memberof-hierarchy
  • Diego13's avatar
    Diego13
    Copper Contributor
    Nov 14, 2022
    Hi,

    I found this script who works well and the results are exactly what I need but I cannot export it in csv file because of "Tree view":
    http://vcloud-lab.com/entries/active-directory/powershell-active-directory-show-treeview-of-user-or-group-memberof-hierarchy

    Any idea to transform the output in csv file please ?

  • Diego13's avatar
    Diego13
    Copper Contributor
    Nov 14, 2022
    Hi,

    Thanks again.
    The last PowerShell is great but I have only the first level; I need nested groups as requested in my first post.

Resources