none
Powershell export group membership from a list of users RRS feed

  • Question

  • This one seems like it should have worked at a much more simple level but doesn't. I'm interested in learning the explanation not just copying someone else's code from elsewhere.

    get-adprincipalgroupmembership username | select name    is all I need and gets me the simple group names of 1 user.

    I want to pull a list of users like this (and export) of 25 users, why can't pull from a txt file like I've been able to with computer names.

    $users = get-content c:\path\user.txt

    get-adprincipalgroupmembership $users | select name | out-file

    Thursday, July 19, 2018 5:58 PM

Answers

  • Ok if you want user name in it too you can try 

    $users = get-content c:\path\user.txt
    foreach ($user in $users){
    get-adprincipalgroupmembership $user | select @{N="UserName";E={$user}},name | 
    out-file C:\path\export.txt -Append
    }


    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.

    • Marked as answer by RyGy14 Thursday, July 19, 2018 8:54 PM
    Thursday, July 19, 2018 8:44 PM

All replies

  • Hi RyGy14

    The reason it wont work is when you select the varaible $users it is presenting all the users in the txt file at once so the command can't covert to a correct identity. I would use a foreach loop and run against each user one at a time. 

    Something like the below. 

    $users = get-content c:\path\user.txt
    foreach ($user in $users){
    get-adprincipalgroupmembership $user | select name | out-file C:\path\export.txt
    }


    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.

    Thursday, July 19, 2018 6:31 PM
  • tx for the quick reply, unfortunately no.  Look like it errors out at line 3, chr 32 = $user after get-principalgroupmembership.    "cannot convert system.object"

    Thursday, July 19, 2018 7:35 PM
  • Just ran at test with the above and it works fine. In the user.txt is each user on a diffrent line if they are side by side  that might be the issue.  Should be like the below. 

    user1

    user2

    user3 



    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.

    Thursday, July 19, 2018 7:41 PM
  • def different line, in my test I just have the three.

    user1

    user2

    user3

    should domain be specified? 

    domain\user1

    EDIT:  ok, got it working but didn't do what I thought.   thought it would have listed each user and the groups they are in.  not quite the output I wanted to give auditor.

    • Edited by RyGy14 Thursday, July 19, 2018 8:38 PM
    Thursday, July 19, 2018 8:34 PM
  • Also, the file should have user sAMAccountNames (pre-Windows 2000 logon names). It will not work with common names (the Relative Distinguished Name). Check the help for Get-ADPrincipalGroupMembership (the -Identity parameter):

    https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-adprincipalgroupmembership?view=win10-ps


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Thursday, July 19, 2018 8:42 PM
    Moderator
  • Ok if you want user name in it too you can try 

    $users = get-content c:\path\user.txt
    foreach ($user in $users){
    get-adprincipalgroupmembership $user | select @{N="UserName";E={$user}},name | 
    out-file C:\path\export.txt -Append
    }


    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.

    • Marked as answer by RyGy14 Thursday, July 19, 2018 8:54 PM
    Thursday, July 19, 2018 8:44 PM
  • Very cool, thank you.  that def worked, can you help me understand the.

    select @{N="UserName";E={$user}},name |

    just what that part is pulling?

    Thursday, July 19, 2018 8:54 PM
  • No problem

    the select @{N="UserName";E={$user}} is a calculation property N= is the name you want to set and E= is the expression which is bascially the properties to be set which in this case is the user name 


    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.


    Thursday, July 19, 2018 9:00 PM
  • @{} is a has table of names and expressions. See Example 4 in the help:

    https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/select-object?view=powershell-6


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Thursday, July 19, 2018 9:02 PM
    Moderator