Get nested AD groups from bulk user or OU

Copper Contributor

Hi,

 

I would like to export in a csv file all groups and nested groups from bulk AD user or OU.

Example:

UsersGroupsNestedGroups         
User1Group1NestedGroup1NestedGroup2NestedGroup3       
 Group2NestedGroup1NestedGroup2        
 Group3NestedGroup1NestedGroup2NestedGroup3NestedGroup4NestedGroup5NestedGroup6NestedGroup7NestedGroup8NestedGroup9NestedGroup10
 Group4NestedGroup1NestedGroup2NestedGroup3NestedGroup4      
 Group5NestedGroup1NestedGroup2NestedGroup3NestedGroup4NestedGroup5     
User2Group1NestedGroup1NestedGroup2NestedGroup3       
 Group2NestedGroup1NestedGroup2        
 Group3NestedGroup1NestedGroup2NestedGroup3NestedGroup4NestedGroup5NestedGroup6NestedGroup7NestedGroup8NestedGroup9NestedGroup10
 Group4NestedGroup1NestedGroup2NestedGroup3NestedGroup4      
 Group5NestedGroup1NestedGroup2NestedGroup3NestedGroup4NestedGroup5     

 

Thanks 

        

19 Replies

@Diego13 

 

 

# Filter Groups in AD based on OU
$searchBase = "OU=Test,DC=company,DC=com"
Get-ADGroup -Filter * -SearchBase $searchBase -Property * | Sort-Object Name 

# Get List of Members base on Group Name
Get-ADGroupMember -Identity '<GroupName>' -Recursive | Select-Object -Property @{n="Members"; e={ $_.Name }} | Sort-Object Members

 

Hi Alan, thanks for the powershell provided.
Is it possible to export the results as requested please ?

@Diego13 

Hi,

 

Yes you can just save them in a variable like $result. Then use export to csv ps script.

$result | Export-Csv c:\temp\test.csv -NoTypeInformation

 

Hi,

I have this error now when adding "$result | Export-Csv c:\temp\test.csv -NoTypeInformation" at the end of the script:
Get-ADGroupMember : Cannot find an object with identity: 'GroupName' under: 'DC=...'
Complete error:
Get-ADGroupMember : Cannot find an object with identity: 'GroupName' under: 'DC=...,DC=...'.
At line:6 char:1
+ Get-ADGroupMember -Identity 'GroupName' -Recursive | Select-Object -P ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (GroupName:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember

Get-ADGroup : Cannot validate argument on parameter 'Identity'. The argument is null. Provide a valid value for the argument, and then try running the command again.
At line:7 char:23
+ Get-ADGroup -identity $item.GroupName | select name | Export-csv -pat ...
+ ~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-ADGroup], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADGroup
Please, forgot the last 2 posts and take this post into account:

Script:
# Filter Groups in AD based on OU
$searchBase = "OU=...,OU=...,DC=...,DC=..."
Get-ADGroup -Filter * -SearchBase $searchBase -Property * | Sort-Object Name

# Get List of Members base on Group Name
Get-ADGroupMember -Identity 'GroupName' -Recursive | Select-Object -Property @{n="Members"; e={ $_.Name }} | Sort-Object Members
$result | Export-Csv c:\temp\test.csv -NoTypeInformation

Complete error:
Get-ADGroupMember : Cannot find an object with identity: 'GroupName' under: 'DC=...,DC=...'.
At line:6 char:1
+ Get-ADGroupMember -Identity 'GroupName' -Recursive | Select-Object -P ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (GroupName:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember

Get-ADGroup : Cannot validate argument on parameter 'Identity'. The argument is null. Provide a valid value for the argument, and then try running the command again.
At line:7 char:23
+ Get-ADGroup -identity $item.GroupName | select name | Export-csv -pat ...
+ ~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-ADGroup], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADGroup

@Diego13 

 

Hi,

 

The first script Get-ADGroup will get the list of group name via OU. 
Then second Get-ADGroupMember -Identity '<GroupName>' the group name would be fetch from the result of the first script.
Then the third script export-csv to create the result to csv file.

Can you show me your script? or the Location of the OU for the searchbase?
Thanks.



@Diego13 

Hi,

Also you could try this script. Change the <username>  to your user.

(Get-ADUser '<username>' –Properties MemberOf).MemberOf




Hi,

Thanks again.
The last PowerShell is great but I have only the first level; I need nested groups as requested in my first post.

@Diego13 

Hi,

Also try this one.

# Create Array
$customObject = $null
$reports = @()

# Generate CSV Filename
$file = "$($env:USERPROFILE)\Desktop\ADGroups.csv"
if (Test-Path $file) {
    Remove-Item $file
}

# Filter Groups in AD based on OU
$searchBase = "OU=test,DC=domain,DC=com" # <-Change the searchbase base on your OU Location
$resultGroups = Get-ADGroup -Filter * -SearchBase $searchBase -Property * | Sort-Object Name 

ForEach($resultGroup in $resultGroups){

    # Get List of Members base on Group Name
    Get-ADGroupMember -Identity $resultGroup.DistinguishedName -Recursive | Select-Object -Property @{n="Members"; e={ $_.Name }} | Sort-Object Members | ForEach-Object {

        # Create a Custom Object
        $customObject = [PSCustomObject]@{
            GroupName = $resultGroup.Name
            Members = $_.Members
        }  
        $reports += $customObject  
    }
}

# Export result to csv
$reports | Export-Csv $file -NoTypeInformation
Write-Host "Finished..." 


Hi,

I found this script who works well and the results are exactly what I need but I cannot export it in csv file because of "Tree view":
http://vcloud-lab.com/entries/active-directory/powershell-active-directory-show-treeview-of-user-or-...

Any idea to transform the output in csv file please ?

@Diego13 

 

This one will get all the group in OU & its list of members.

 

# Create Array
$customObject = $null
$reports = @()

# Generate CSV Filename
$file = "$($env:USERPROFILE)\Desktop\ADGroups.csv"
if (Test-Path $file) {
    Remove-Item $file
}

# Filter Groups in AD based on OU
$searchBase = "OU=test,DC=domain,DC=com" # <-Change the searchbase base on your OU Location
$resultGroups = Get-ADGroup -Filter * -SearchBase $searchBase -Property * | Sort-Object Name 

ForEach($resultGroup in $resultGroups){

    # Get List of Members base on Group Name
    Get-ADGroupMember -Identity $resultGroup.DistinguishedName -Recursive | Select-Object -Property @{n="Members"; e={ $_.Name }} | Sort-Object Members | ForEach-Object {

        # Create a Custom Object
        $customObject = [PSCustomObject]@{
            GroupName = $resultGroup.Name
            Members = $_.Members
        }  
        $reports += $customObject  
    }
}

# Export result to csv
$reports | Export-Csv $file -NoTypeInformation
Write-Host "Finished..." 



 

The script checks only 2 levels of nested groups as described:
" .DESCRIPTION
Gets a list of nested groups inside an Active Directory group using LDAPFilter. Checks for
two levels of nested groups from the parent group."
And this is from a group but I need by user ou by OU:
".SYNOPSIS
Gets a list of nested groups inside an Active Directory group"

Thanks.
This is based from a group but I need by user ou by OU.

Any idea ?

@Diego13 

Hi,
This one will list all the user, memberof & its OU.

Cls
$userResults = Get-ADUser -Filter 'Name -like "*"' –Properties MemberOf | Select -Property Name, MemberOf 

ForEach($userResult in $userResults){
    
    $userResult.Name
    $userResult.MemberOf
    
}

 

Hi,

Sorry for my late answer.
I cannot export as requested:

Example:

Users Groups NestedGroups
User1 Group1 NestedGroup1 NestedGroup2 NestedGroup3
Group2 NestedGroup1 NestedGroup2
Group3 NestedGroup1 NestedGroup2 NestedGroup3 NestedGroup4 NestedGroup5 NestedGroup6 NestedGroup7 NestedGroup8 NestedGroup9 NestedGroup10
Group4 NestedGroup1 NestedGroup2 NestedGroup3 NestedGroup4
Group5 NestedGroup1 NestedGroup2 NestedGroup3 NestedGroup4 NestedGroup5
User2 Group1 NestedGroup1 NestedGroup2 NestedGroup3
Group2 NestedGroup1 NestedGroup2
Group3 NestedGroup1 NestedGroup2 NestedGroup3 NestedGroup4 NestedGroup5 NestedGroup6 NestedGroup7 NestedGroup8 NestedGroup9 NestedGroup10
Group4 NestedGroup1 NestedGroup2 NestedGroup3 NestedGroup4
Group5 NestedGroup1 NestedGroup2 NestedGroup3 NestedGroup4 NestedGroup5


Thanks