Forum Discussion

ADumith's avatar
ADumith
Iron Contributor
Jan 24, 2023

Getting users and group

Hello everyone, 

 

Hopefully you are find when you read this.

 

I have pull out all my users with their groups in a CVS file, so I'm aware to approach this the command Get-ADGroupMember is the one for that but even I have read some articles about it, I haven't be able to get the info.

 

Do you mind give me a hand with that and explaining how to do it?

 

Thank you in advance,

 

  • ADumith So, you want to see all groups per user in a CSV file? The Get-ADGroupMember is a good tool for that. You could use this as an example, and I added remarks to it to indicate what is happening where

     

    #Retrieve all users from Active Directory, including the Memberof attribute, and start collecting data to the $total variable. Set the resultsetsize to 10000 for larger environments
    $total = foreach ($user in Get-Aduser -Filter * -ResultSetSize 1000 -Properties Memberof) {
        #Get all groups for the user from the Memberof attribute
        foreach ($group in $user.Memberof) {
            #Continue if the user has groups and skip if not
            if ($null -ne $group) {
                #Create a PSCustomObject containing the username and the Name of the Group instead of the DistinGuishedName
                [PSCustomObject]@{
                    SamaccountName = $user.SamAccountName
                    GroupName      = (Get-ADGroup -Identity $group).Name
                }
            }   
        }
    }
    
    #export data from the $total variable sorted on SamAccountName and GroupName to a .csv file in c:\scripts
    $total | Sort-Object SamAccountName, GroupName | Export-Csv -NoTypeInformation -Encoding UTF8 -Delimiter ',' -Path c:\scripts\users_and_groups.csv
    • ADumith's avatar
      ADumith
      Iron Contributor
      Thank you so much,

      It's work perfect, now I need add more user properties such as Display Name, email, Title and account status.

      Thank you again,
      • You can expand the object:

        [PSCustomObject]@{
        SamaccountName = $user.SamAccountName
        GroupName = (Get-ADGroup -Identity $group).Name
        DisplayName = $user.DisplayName
        Email = $user.mail
        Title = $user.title
        Enabled = $user.UserAccountControl
        }

        Something like that, but I am not sure about the account status  🙂 You should check the attributes in the account to see more options if needed.

        Please mark my answer as the solution to mark it as solved.

Resources