Forum Discussion
Getting users and group
Hello everyone,
Hopefully you are find when you read this.
I have pull out all my users with their groups in a CVS file, so I'm aware to approach this the command Get-ADGroupMember is the one for that but even I have read some articles about it, I haven't be able to get the info.
Do you mind give me a hand with that and explaining how to do it?
Thank you in advance,
- Did this work out for you?
- Alan2022Iron ContributorADumith
You can also extract groups & its member within specified O.U 👍👍👍
https://techcommunity.microsoft.com/t5/windows-powershell/extracting-group-name-amp-its-members-in-ad-then-export-to-excel/m-p/3417821 ADumith So, you want to see all groups per user in a CSV file? The Get-ADGroupMember is a good tool for that. You could use this as an example, and I added remarks to it to indicate what is happening where
#Retrieve all users from Active Directory, including the Memberof attribute, and start collecting data to the $total variable. Set the resultsetsize to 10000 for larger environments $total = foreach ($user in Get-Aduser -Filter * -ResultSetSize 1000 -Properties Memberof) { #Get all groups for the user from the Memberof attribute foreach ($group in $user.Memberof) { #Continue if the user has groups and skip if not if ($null -ne $group) { #Create a PSCustomObject containing the username and the Name of the Group instead of the DistinGuishedName [PSCustomObject]@{ SamaccountName = $user.SamAccountName GroupName = (Get-ADGroup -Identity $group).Name } } } } #export data from the $total variable sorted on SamAccountName and GroupName to a .csv file in c:\scripts $total | Sort-Object SamAccountName, GroupName | Export-Csv -NoTypeInformation -Encoding UTF8 -Delimiter ',' -Path c:\scripts\users_and_groups.csv
- ADumithIron ContributorThank you so much,
It's work perfect, now I need add more user properties such as Display Name, email, Title and account status.
Thank you again,You can expand the object:
[PSCustomObject]@{
SamaccountName = $user.SamAccountName
GroupName = (Get-ADGroup -Identity $group).Name
DisplayName = $user.DisplayName
Email = $user.mail
Title = $user.title
Enabled = $user.UserAccountControl
}
Something like that, but I am not sure about the account status 🙂 You should check the attributes in the account to see more options if needed.
Please mark my answer as the solution to mark it as solved.