0

My task include to filter all users names in group and subgroup in AD. Continue to filter the computers and show just those, which contains filtered names.The problem is, that description includes also other characters like space or "NEW".

My code:

foreach ($file in Get-ADGroupMember -Identity GroupName -Recursive) {Get-ADComputer -Filter 'Description -like $file.name' -Property Name,Description | Select -Property Name,Description}

It would be great to just add * or change -like to -include :D But...

My begginers question is: How to write the code to see all results, not just the ones which match exactly the $file.name?

Thank you for ur time!

Improve this question
5
  • 1
    By enclosing the filter string in single-quotes, no variable inside will get expanded. Next, the -like operator will act as -eq if you don't use wildcard characters. Not just that, but you also need to use a sub-expression on $file.name, so a proper filter would be "Description -like '*$($file.name)*'". Furthermore, the Get-ADGroupMember cmdlet can also return objects of type user and group, not just computer objects, so you will need to check the .objectClass property to see what Get-AD* cmdlet you can use. Finally, why use $file as variable name? AD objects aren't files.. Commented Sep 25, 2022 at 14:53
  • @Theo. Thank you, I needed some time to get your answer, because the format of comment is not the best one. The answer you gave me - to use "Description -like '$($file.name)'" - was the one, I needed. It works. If u want points, write it down, not to comments, and I check it in green :) Commented Sep 25, 2022 at 15:57
  • 1
    I'm on mobile now, but later (tomorrow) I will continue on my comment and will also show the use of the objectClass Commented Sep 25, 2022 at 16:02
  • @Theo $file - yop, u are right, I will rename it! .objectClass - would u pass me some instruction link, please? Its not necessery for this little task, but I will learn and use it to make more proper code next time. -eq - Its one of my first code, so I will read something about filtering. If u see some interesting article, past it here, please :) Commented Sep 25, 2022 at 16:02
  • 1
    tomorrow or some other day. Im not in hurry. thank you :) Commented Sep 25, 2022 at 16:03

1 Answer 1

Reset to default
1

Your initial problem was in the Filter you used. With the correct quoting and using the sub-expression operator $() that fixed it.

However, as promised in my comment, here's what I mean on how you can create a report of group members (both users, computers and if you like also subgroups). Since all objects returned from the Get-ADGroupMember cmdlet have an .objectClass property, you can use that to determine what next Get-AD* cmdlet you can use.

Here, I'm capturing the collected objects output in the foreach() loop in a variable that you can show on screen, or save as Csv file you can open in Excel for instance.

$groupName = 'GroupName'
$result = foreach($adObject in (Get-ADGroupMember -Identity $groupName -Recursive)) {
    # use the proper Get-AD* cmdlet depending on the type of object you have
    switch ($adObject.objectClass) {
        'user' {
            $adObject | Get-ADUser -Properties Description | Select-Object Name, Description, @{Name = 'Type'; Expression = {'User'}}
        }
        'computer' {
            $computer = $adObject | Get-ADComputer -Properties Description
            # you want to output only the computers where the Description property holds the computer name
            if ($computer.Description -like '*$($computer.Name)*') {
                $computer | Select-Object Name, Description, @{Name = 'Type'; Expression = {'Computer'}}
            }
        }
        # perhaps you don't want subgroups in your report, in that case just remove or comment out the next part
        'group' { 
            $adObject | Get-ADGroup -Properties Description | Select-Object Name, Description, @{Name = 'Type'; Expression = {'Group'}}
        }
    }
}

# show the result on screen
$result | Format-Table -AutoSize

# save the result as Csv file
$outFile = Join-Path -Path 'X:\Somewhere' -ChildPath ('{0}_members.csv' -f $groupName)
$result | Export-Csv -Path $outFile -NoTypeInformation -UseCulture

The -UseCulture switch makes sure the Csv file uses the delimiter character your local Excel expects. Without that, a comma is used

Interesting reads:

and of course StackOverflow

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I tried to get back to foreach_object way few more times just because I know sometimes I need to come back to understand. And I still have some questions. Is 'user' part necessary for my code? Is this sign: $_ actually represents every member of "Get-ADGroupMember -Identity $groupName -Recursive"? Will "$_ | Get-ADGroup " get just one of AD group? Which one?
Its not easy with me. Thank you :)
@Lucie You're absolutely right. Using ForEach-Object, inside that loop the $_ automatic variable indeed represents an object (member). However, I made a mistake within the switch, where $_ takes on the value actually tested. To overcome that, you could save the object in $_ first in a variable and use that inside the switch, or -as I did now in my edited answer - use a foreach loop rather than ForEach-Object, so I can simply use the iterating variable.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.