SOLVED

Getting users and group

Iron Contributor

Hello everyone, 

 

Hopefully you are find when you read this.

 

I have pull out all my users with their groups in a CVS file, so I'm aware to approach this the command Get-ADGroupMember is the one for that but even I have read some articles about it, I haven't be able to get the info.

 

Do you mind give me a hand with that and explaining how to do it?

 

Thank you in advance,

 

7 Replies

@ADumith So, you want to see all groups per user in a CSV file? The Get-ADGroupMember is a good tool for that. You could use this as an example, and I added remarks to it to indicate what is happening where

 

#Retrieve all users from Active Directory, including the Memberof attribute, and start collecting data to the $total variable. Set the resultsetsize to 10000 for larger environments
$total = foreach ($user in Get-Aduser -Filter * -ResultSetSize 1000 -Properties Memberof) {
    #Get all groups for the user from the Memberof attribute
    foreach ($group in $user.Memberof) {
        #Continue if the user has groups and skip if not
        if ($null -ne $group) {
            #Create a PSCustomObject containing the username and the Name of the Group instead of the DistinGuishedName
            [PSCustomObject]@{
                SamaccountName = $user.SamAccountName
                GroupName      = (Get-ADGroup -Identity $group).Name
            }
        }   
    }
}

#export data from the $total variable sorted on SamAccountName and GroupName to a .csv file in c:\scripts
$total | Sort-Object SamAccountName, GroupName | Export-Csv -NoTypeInformation -Encoding UTF8 -Delimiter ',' -Path c:\scripts\users_and_groups.csv
@ADumith

You can also extract groups & its member within specified O.U 👍👍👍

https://techcommunity.microsoft.com/t5/windows-powershell/extracting-group-name-amp-its-members-in-a...
Thank you so much,

It's work perfect, now I need add more user properties such as Display Name, email, Title and account status.

Thank you again,

You can expand the object:

[PSCustomObject]@{
SamaccountName = $user.SamAccountName
GroupName = (Get-ADGroup -Identity $group).Name
DisplayName = $user.DisplayName
Email = $user.mail
Title = $user.title
Enabled = $user.UserAccountControl
}

Something like that, but I am not sure about the account status  🙂 You should check the attributes in the account to see more options if needed.

Please mark my answer as the solution to mark it as solved.

best response confirmed by ADumith (Iron Contributor)
Solution
Did this work out for you?
Yes, Thank you so much.
No problem, glad to help 😉
1 best response

Accepted Solutions
best response confirmed by ADumith (Iron Contributor)
Solution
Did this work out for you?

View solution in original post