none
Get-ADUser - "memberof" value returns DN RRS feed

  • Question

  • I am not not an expert in scripting. I have a simple powershell script. I can extract "memberof" attribute value but the value is in a DN. I want only group names to be exported. Someone please help me to edit below script. Thanks.

    Get-ADUser -Filter * -SearchBase "DC=QA,DC=ABC" -Properties cn, samaccountname, givenName, middlename, sn, mail,memberof | Foreach-Object {

        New-Object -TypeName PSObject -Property @{
            System_Role = "NONE"
        External_Person_Key = $_.cn
        User_ID = $_.samAccountName
        Passwd = "I2u4fuNt"
        FirstName = $_.givenName
        MiddleName = $_.middleName
        LastName = $_.sn
        Email = $_.mail
        memberof = $_.memberof
        } | Select-Object System_Role, External_Person_Key, User_ID, Passwd, FirstName , MiddleName, LastName, Email, memberof         
    } | Export-Csv -Path "E:\result.csv"

           
    Thursday, April 10, 2014 3:18 PM

Answers

  • Hi,

    Here's an example you can expand:

    Get-ADUser -Filter * -SearchBase 'OU=Testing,DC=domain,DC=com' -Properties memberOf | ForEach {
    
        $groupList = ($_.memberOf | ForEach { (Get-ADGroup $_).Name }) -join ','
    
        $props = @{
            UserName = $_.SamAccountName
            Groups = $groupList
        }
    
        New-Object PsObject -Property $props
    
    }


    Don't retire TechNet! - (Don't give up yet - 12,830+ strong and growing)

    • Proposed as answer by jrv Thursday, April 10, 2014 5:40 PM
    • Marked as answer by YVK Thursday, April 10, 2014 5:47 PM
    Thursday, April 10, 2014 3:32 PM
  • Hi,

    Here's one method for doing something like that:

    $group1Name = 'Test Group 1'
    $group2Name = 'Test Group 2'
    $group3Name = 'Test Group 3'
    
    Get-ADUser -Filter * -SearchBase 'OU=Testing,DC=domain,DC=com' -Properties memberOf | ForEach {
    
        $groupList = @()
        
        $_.memberOf | ForEach {
    
            $groupName = (Get-ADGroup $_).Name
    
            If ($groupName -eq $group1Name -or $groupName -eq $group2Name -or $groupName -eq $group3Name) {
                $groupList += $groupName
            }
    
        }
    
        $props = @{
            UserName = $_.SamAccountName
            Groups = $groupList -join ','
        }
    
        New-Object PsObject -Property $props
    
    }


    Don't retire TechNet! - (Don't give up yet - 12,830+ strong and growing)

    • Marked as answer by YVK Thursday, April 10, 2014 6:32 PM
    Thursday, April 10, 2014 6:00 PM
  • Hi,
    Is there a way to assign Page size in the script? When i run this script against 100K users, i found there is a 100% CPU utilization. I think Page Size would help or if you can suggest any parameter..

    Yes, there is a -ResultPageSize parameter you can adjust. You can also use -SearchBase to point at a specific OU to cut down on the number of results:

    http://technet.microsoft.com/en-us/library/ee617241.aspx

    Also when i get the export all the values they are in " " format like "abc","xyz". I know i can replace that but is there a way i can mention in first place to "not" export value in " " than to further replace it which takes lot of memory and time.

    No, there's not any option on Export-Csv for not including quotes. If you open the file in Excel (or other spreadsheet application), you won't see them anyway.


    Don't retire TechNet! - (Don't give up yet - 12,830+ strong and growing)

    • Marked as answer by YVK Friday, April 11, 2014 7:58 PM
    Friday, April 11, 2014 7:32 PM

All replies

  • Hi,

    Here's an example you can expand:

    Get-ADUser -Filter * -SearchBase 'OU=Testing,DC=domain,DC=com' -Properties memberOf | ForEach {
    
        $groupList = ($_.memberOf | ForEach { (Get-ADGroup $_).Name }) -join ','
    
        $props = @{
            UserName = $_.SamAccountName
            Groups = $groupList
        }
    
        New-Object PsObject -Property $props
    
    }


    Don't retire TechNet! - (Don't give up yet - 12,830+ strong and growing)

    • Proposed as answer by jrv Thursday, April 10, 2014 5:40 PM
    • Marked as answer by YVK Thursday, April 10, 2014 5:47 PM
    Thursday, April 10, 2014 3:32 PM
  • Thank you so much. It solved my purpose.

    Additionally, is there a way i can filter group and print that group name only..eg if user is a member of "A", "B", "C" group the output will be just A. If user is a member of "B" and "C" group the output will be just C.  

    Thanks in advance. 

    Thursday, April 10, 2014 4:08 PM
  • Or If we can mention something like Group=A then print A... I am concerned about only 3 groups. If user is a member of those then print the name of that group.

    Thank you for your help.


    TechNet

    Thursday, April 10, 2014 5:47 PM
  • Hi,

    Here's one method for doing something like that:

    $group1Name = 'Test Group 1'
    $group2Name = 'Test Group 2'
    $group3Name = 'Test Group 3'
    
    Get-ADUser -Filter * -SearchBase 'OU=Testing,DC=domain,DC=com' -Properties memberOf | ForEach {
    
        $groupList = @()
        
        $_.memberOf | ForEach {
    
            $groupName = (Get-ADGroup $_).Name
    
            If ($groupName -eq $group1Name -or $groupName -eq $group2Name -or $groupName -eq $group3Name) {
                $groupList += $groupName
            }
    
        }
    
        $props = @{
            UserName = $_.SamAccountName
            Groups = $groupList -join ','
        }
    
        New-Object PsObject -Property $props
    
    }


    Don't retire TechNet! - (Don't give up yet - 12,830+ strong and growing)

    • Marked as answer by YVK Thursday, April 10, 2014 6:32 PM
    Thursday, April 10, 2014 6:00 PM
  • Awesome Guys! You made my day Mike. Appreciate that. I am 99% done.  One last change I have. Please help if you can.

    My script has more than one attributes but the output i want in a specific order. As an example below script has username, user_ID,Group attribute etc but the output is not in a sequence i defined. I want the output to be in certain order like UserName, Groups, User_ID etc

    ---------------------------------

    $group1Name = 'faculity'
    $group2Name = 'staff'
    $group3Name = 'student'

    Get-ADUser -Filter * -SearchBase '' " -Properties memberOf | ForEach {

        $groupList = @()
        
        $_.memberOf | ForEach {

            $groupName = (Get-ADGroup $_).Name

            If ($groupName -eq $group1Name -or $groupName -eq $group2Name -or $groupName -eq $group3Name) {
                $groupList += $groupName
            }

        }

        $props = @{
            UserName = $_.SamAccountName
            Groups = $groupList -join ','
    External_Person_Key = $_.cn
    User_ID = $_.SamAccountName
    Passwd = "*****"
    FirstName = $_.givenName
            
        }

        New-Object PsObject -Property $props

    }


    One last change I have..please help if you can. 

    TechNet

    Thursday, April 10, 2014 6:32 PM
  • Sure, there's a few ways to handle that. What version of PowerShell are you running?

    Don't retire TechNet! - (Don't give up yet - 12,830+ strong and growing)

    Thursday, April 10, 2014 6:37 PM
  • Windows 2008 R2. Powershell version -
    Major  Minor  Build  Revision
    -----  -----  -----  --------
    2      0      -1     -1

    TechNet

    Thursday, April 10, 2014 6:56 PM
  • Okay, with V2 you'll need to pipe through select to reorder the properties:

    $group1Name = 'faculity'
    $group2Name = 'staff'
    $group3Name = 'student'
    
    Get-ADUser -Filter * -Properties memberOf | ForEach {
    
        $groupList = @()
        
        $_.memberOf | ForEach {
    
            $groupName = (Get-ADGroup $_).Name
    
            If ($groupName -eq $group1Name -or $groupName -eq $group2Name -or $groupName -eq $group3Name) {
                $groupList += $groupName
            }
    
        }
    
        $props = @{
            UserName = $_.SamAccountName
            Groups = $groupList -join ','
            External_Person_Key = $_.cn
            User_ID = $_.SamAccountName
            Passwd = '*****'
            FirstName = $_.givenName
            
        }
    
        New-Object PsObject -Property $props
    
    } | Select UserName,Groups,Exernal_Person_Key,User_ID,Passwd,FirstName | Export-Csv .\output.csv -NoTypeInformation

    If you add more properties to the $props hash, add them into the Select statement in whatever order you want. I've also added Export-Csv for output, but you can remove that if you only want console output for now.


    Don't retire TechNet! - (Don't give up yet - 12,830+ strong and growing)

    Thursday, April 10, 2014 7:01 PM
  • Thanks Mike! I got all my answers. Appreciate your time. 

    TechNet

    Thursday, April 10, 2014 7:07 PM
  • Cheers, you're very welcome. Glad I could help out.

    Don't retire TechNet! - (Don't give up yet - 12,830+ strong and growing)

    Thursday, April 10, 2014 7:09 PM
  • Hi Mark,

    Is there a way to assign Page size in the script? When i run this script against 100K users, i found there is a 100% CPU utilization. I think Page Size would help or if you can suggest any parameter..

    Thanks in advance!


    TechNet

    Friday, April 11, 2014 7:17 PM
  • Also when i get the export all the values they are in " " format like "abc","xyz". I know i can replace that but is there a way i can mention in first place to "not" export value in " " than to further replace it which takes lot of memory and time.

    TechNet

    Friday, April 11, 2014 7:25 PM
  • Hi,
    Is there a way to assign Page size in the script? When i run this script against 100K users, i found there is a 100% CPU utilization. I think Page Size would help or if you can suggest any parameter..

    Yes, there is a -ResultPageSize parameter you can adjust. You can also use -SearchBase to point at a specific OU to cut down on the number of results:

    http://technet.microsoft.com/en-us/library/ee617241.aspx

    Also when i get the export all the values they are in " " format like "abc","xyz". I know i can replace that but is there a way i can mention in first place to "not" export value in " " than to further replace it which takes lot of memory and time.

    No, there's not any option on Export-Csv for not including quotes. If you open the file in Excel (or other spreadsheet application), you won't see them anyway.


    Don't retire TechNet! - (Don't give up yet - 12,830+ strong and growing)

    • Marked as answer by YVK Friday, April 11, 2014 7:58 PM
    Friday, April 11, 2014 7:32 PM
  • Thank you !

    TechNet

    Friday, April 11, 2014 7:58 PM