none
Get-ADGroup + Get-ADGroupMember RRS feed

  • Question

  • I am trying to get a list of the Names of all non-Universal groups in a child domain, and their membership (the groups are spread all over the place in the child domain, not in 1 or 2 OU's), then  output to a csv. If I just try to get the non-Universal groups and output it to a file I have no issues. The problem I have is when I pipe in get-adgroupmember.

    Here is what I am using that works:

    Get-ADGroup -Server childdomain.domain.com -Filter {GroupScope -ne "Universal"} -SearchBase "DC=childdomain,DC=child,DC=com" | Select Name | Export-CSV C:\Temp\CTGroup_Member.csv -NoTypeInformation

    Here is what I am using that does not work:

    Get-ADGroup -Server childdomain.domain.com -Filter {GroupScope -ne "Universal"} -SearchBase "DC=childdomain,DC=child,DC=com" | Select Name | get-adgroupmember | Export-CSV C:\Temp\CTGroup_Member.csv -NoTypeInformation

    I am still combing the Internet, but if you see something in my syntax please let me know. The goal is to open up the spreadsheet and see the non-Universal group name (FileServer) and then the name of the users, groups, and computers that are members of that group.


    HDL

    Wednesday, March 30, 2016 4:06 AM

Answers

  • Here is the script that got what was needed.

    Import-Module 'ActiveDirectory'
    $MemberList = New-Item -Type file -Force “c:\temp\GroupMembers.csv”
    Get-ADGroup -Server xx.xxx.com -Filter {GroupScope -ne "Universal"} -SearchBase "DC=xx,DC=xxx,DC=com" | Select distinguishedName | ForEach-Object {
    $GName = $Null
    $GName = $_.distinguishedName
    $group = Get-ADGroup $GName -server xx.xxx.com
    $group.Name | Out-File $MemberList -Encoding ASCII -Append
           foreach ($member in Get-ADGroupMember $group -server xx.xxx.com)
            {
            $member.Name | Out-File $MemberList -Encoding ASCII -Append
            }
    $nl = [Environment]::NewLine | Out-File $MemberList -Encoding ASCII -Append
    }


    HDL

    • Marked as answer by Winterthur Friday, April 8, 2016 7:14 PM
    Friday, April 8, 2016 7:14 PM

All replies

  • Start like this:

    Get-ADGroup  -Filter {GroupScope -ne 'Universal'} -SearchBase 'DC=childdomain,DC=child,DC=com'

    Once you can return all of the groups you want then you can get the members:

    Get-ADGroup  -Filter {GroupScope -ne 'Universal'} -SearchBase 'DC=childdomain,DC=child,DC=com' |
         Get-AdGroupMember |
         Select Name


    \_(ツ)_/

    Wednesday, March 30, 2016 4:23 AM
  • First, thank you for the quick response. Unfortunately this just gave me a list of the users, no group names. For instance, I was expecting to see:

    Engineering Read (non-universal security group in that domain)
    Smith, Jason
    Doe, Jane
    Miller, Jack

    What I got was (see below), which tells me Smith, Jason is a member of 3 non-Universal security groups in that domain:
    "Smith, Jason"
    "Smith, Jason"
    "Smith, Jason"


    HDL

    Wednesday, March 30, 2016 5:11 PM
  • Good Day
    I belive i saw something very familiar to this case a moment ago
    Please try this
    Get-ADGroup  -Filter {GroupScope -ne 'Universal'} -SearchBase 'DC=childdomain,DC=child,DC=com' | ForEach-Object { 
    Write-Host " "
    Write-Host "$_" -ForegroundColor Green 
    (Get-ADGroupMember -Identity $_).Name }
    Hope this works
    Regards
    Wednesday, March 30, 2016 5:15 PM
  • First, thank you for the quick response. Unfortunately this just gave me a list of the users, no group names. For instance, I was expecting to see:

    Engineering Read (non-universal security group in that domain)
    Smith, Jason
    Doe, Jane
    Miller, Jack

    What I got was (see below), which tells me Smith, Jason is a member of 3 non-Universal security groups in that domain:
    "Smith, Jason"
    "Smith, Jason"
    "Smith, Jason"


    HDL

    As I posted you need to write a script that creates custom objects with the extra information.

    I recommend using one of the prewritten scripts in  the Gallery that already do what you ask.


    \_(ツ)_/

    Wednesday, March 30, 2016 5:17 PM
  • Here is the script that got what was needed.

    Import-Module 'ActiveDirectory'
    $MemberList = New-Item -Type file -Force “c:\temp\GroupMembers.csv”
    Get-ADGroup -Server xx.xxx.com -Filter {GroupScope -ne "Universal"} -SearchBase "DC=xx,DC=xxx,DC=com" | Select distinguishedName | ForEach-Object {
    $GName = $Null
    $GName = $_.distinguishedName
    $group = Get-ADGroup $GName -server xx.xxx.com
    $group.Name | Out-File $MemberList -Encoding ASCII -Append
           foreach ($member in Get-ADGroupMember $group -server xx.xxx.com)
            {
            $member.Name | Out-File $MemberList -Encoding ASCII -Append
            }
    $nl = [Environment]::NewLine | Out-File $MemberList -Encoding ASCII -Append
    }


    HDL

    • Marked as answer by Winterthur Friday, April 8, 2016 7:14 PM
    Friday, April 8, 2016 7:14 PM