0

I have below script to fetch all users in a domain and their group membership. In the output if you see I have group names but they are in the format of CN, i want to format the output and just get group names. 

Get-ADUser -Server "dc.domain.com" -Properties * | select-object -property Name,samAccountName,@{N="MemberOf";E={$_.MemberOf -join ","}},@{N="PrimaryGroup";E={$_.PrimaryGroup -join ","}} | export-csv C:\Temp\userdetails.csv    


"Name","samAccountName","MemberOf","PrimaryGroup"
 "Administrator","Administrator","CN=Group Policy Creator Owners,CN=Users,DC=SMSNOW,DC=COM,CN=Domain Admins,CN=Users,DC=SMSNOW,DC=COM,CN=Administrators,CN=Builtin,DC=SMSNOW,DC=COM","CN=Domain Users,CN=Users,DC=SMSNOW,DC=COM"

To be clear I want output like 

"Name","samAccountName","MemberOf","PrimaryGroup"
"Administrator","Administrator","Group Policy Creator Owners,Users,Domain Admins,Users,Administrators,Builtin,","Domain Users,Users"

Help is very much appreciated!!

Improve this question

2 Answers 2

Reset to default
1

You do not say what version of PoSH you are on, but is all you want use Groups and members,

Try this...

# Get all AD groups and the members
 ForEach ($GroupName in (Get-ADGroup -Filter *))
 {
 "The AD Group $GroupName.Name members are:"
 Get-ADGroupMember -Identity $GroupName.Name | Select Name
 "`n"
 }

Results...

The AD Group CN=WinRMRemoteWMIUsers__,CN=Users,DC=contoso,DC=com Name members are:

The AD Group CN=Administrators,CN=Builtin,DC=contoso,DC=com Name members are:

Name
----
Domain Admins
Enterprise Admins
Administrator

The AD Group CN=Users,CN=Builtin,DC=contoso,DC=com Name members are:

Name
----                                          
Domain Users
Authenticated Users
INTERACTIVE
Labadmin
...

Depending on you PoSH version you could just use this...

# Get users and their groups memberships
 (Get-ADUser -Filter *) | % {
 "`nThe user " + $_.SamAccountName + ', is in the following AD Groups: '
 Get-ADPrincipalGroupMembership $_.SamAccountName |
 Select Name,GroupCategory,GroupScope } |
 Format-Table -AutoSize

Results ...

The user Administrator, is in the following AD Groups: 

Name                                   GroupCategory  GroupScope
----                                   -------------  ----------
Domain Users                                Security      Global
Administrators                              Security DomainLocal
Schema Admins                               Security   Universal
Enterprise Admins                           Security   Universal
Domain Admins                               Security      Global
...

The user Guest, is in the following AD Groups: 
Domain Guests                               Security      Global
Guests                                      Security DomainLocal

The user krbtgt, is in the following AD Groups: 
Domain Users                                Security      Global
Denied RODC Password Replication Group      Security DomainLocal
...
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

To make the answer short: You can extend your calculated property with a foreach loop to extract each single group name like this:

Get-ADUser -Server "dc.domain.com" -Properties * | 
    Select-Object -Property Name,samAccountName,@{Name="MemberOf";Expression={$_.MemberOf | ForEach-Object {Get-ADGroup -Identity $_ | Select-Object -ExpandProperty Name}}},@{Name="PrimaryGroup";Expression={$_.PrimaryGroup -join ","}} | 
        Export-Csv  -Path C:\Temp\userdetails.csv
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.