locked
Getting members,manager of all Adgroup RRS feed

  • Question

  • Hello Team, 

    I am writing a script to get the Members, Manager ,description and info of all the AD group in AD Directory. 

    I have tried with the following script 

    Get-ADGroup -Filter {samAccountName -like 'xx-sg-*'} -Properties sAMAccountName,Enabled,description,info,manager,managedby,members|Export-csv C:\Temp\res_29_10.csv -Append -NoTypeInformation

    But i am unable to get the information about the members and i am getting the following in the Member field.

    Microsoft.ActiveDirectory.Management.ADPropertyValueCollection

    When i added the following with the ADGroupMember i am unable to pull the information 

    Tuesday, October 29, 2019 5:02 PM

All replies

  • Here is a script I used for the same purpose.  you may want to change the report values to meet your needs.

    <#
    .Purpose
    	Search Active Directory and get all Groups , 
    	Enumerate each group and get the group members
    	Create report folders and a report
    	(this can be changed by setting the value of the '$ReportFolder' variable)
    	The report name is set by the '$reportName' variable.
    .Author
    	Carlos Espinosa
    .Created
    	July 9 2018	
    .Modified
    	July 24 2018 - Changed the report name and location settingto include date and Time
    	March 28 2019 - Change the way the report is created to work with powershell 2
    	August 17 2019 Added a line to get group member data
    .Notes
        You may need to import the active directory module by running "Import-Module ActiveDirectory" in the powershell window
        You may need to install the Remote server administrative tools when running this from your workstation.
    #>
    ######## Report Variables ###########
    
    #Set report folder the section below will validate the folder exists, if not it will attempt to create it.
    $ReportFolder = "Powershell Reports"
    #Set Category Folder the section below will validate the folder exists, if not it will attempt to create it.
    $ReportCategory = "AD Reports"
    #Set report name
    $ReportName = "Group Names and Members"+"$((Get-Date).ToString('MM-dd-yyyy')).csv"
    #Set the root folder or drive letter for the reports,  Format is "C:"  or "C:\foldername"
    $RootFolder = "C:"
    
     ##### Use the line iBelow f you want the reports to be created in the 'My Documents" folder  #### 
     #Get logged on users 'My Documents' folder location
     
    # $RootFolder = [Environment]::GetFolderPath('MyDocuments')
    
    ######## End Report Variables #######
    
    ######## Test and Create Report Folders  DO NOT CHANGE #######
    
    #test to see if the report folder exists, if not, create it
    if (-not (Test-Path "$RootFolder\$ReportFolder")) {
    write-host The "'$ReportFolder'" is not available, The Folder will be created -ForegroundColor Red
    New-Item -ItemType Directory -path $RootFolder -Name $ReportFolder -Force
    }
    Else {
    # Just somthing to look at while the script is running
    Write-host The "'$ReportFolder'" folder is ready -ForegroundColor Green
    }
    if (-not (Test-Path "$RootFolder\$ReportFolder\$ReportCategory")) {
    write-host The "'$ReportCategory'" is not available, The Folder will be created -ForegroundColor Red
    New-Item -ItemType Directory -path $RootFolder\$ReportFolder -Name $ReportCategory -Force
    }
    Else {
    Write-host The "'$ReportCategory'" folder is ready -ForegroundColor Green
    }
    #set Report Path
    $ReportPath = "$RootFolder\$ReportFolder\$ReportCategory\$ReportName"
    
    ######## End Report Folders ############
    
    ######## Begin the real work, the line above are only used to create/validate the report folder  ######
    
    ######## User Variables ###########
    # Filer by OU if desired
    
    $Searchbase = "OU=AD Security,OU=Groups,DC=your domain,DC=Com"
    
    ######## End User Variables #######
    
    #get Groups from Active directory and assign to an array
    $Groups = Get-ADGroup -Filter * -properties * -SearchBase $Searchbase
    #loop through each Group and add data to the report.
    $GroupReport = @()
    $GroupReportData = @()
    Foreach ($Group in $Groups) {
    		# Get Group members for each group from AD, include nested groups
    		 Foreach ($users in (Get-AdGroupMember -identity $Group.Name -recursive)) {
    				Foreach ($user in  (Get-AdUser -identity $Users.SamAccountName -properties *)) {
    					# Create the report Object
    						$GroupReport = New-Object -Type psobject
    					# Add Columns to the report for each group
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "Group SamAccountName" -Value "$($Group.SamAccountName)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "Group Name" -Value "$($Group.name)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "Group CanonicalName" -Value "$($Group.CanonicalName)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "Group Email" -Value "$($Group.Mail)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "Group Category" -Value "$($Group.GroupCategory)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "Group Scope" -Value "$($Group.GroupScope)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "Group Description" -Value "$($Group.Description)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "Group Notes" -Value "$($Group.Info)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "Group Created" -Value "$($Group.Created)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "Group ManagedBy" -Value "$($Group.ManagedBy)"
    					# Add Columns to the reports for each user
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User Name" -Value "$($User.Name)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User SamAccountName" -Value "$($User.SamAccountName)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User DisplayName" -Value "$($User.DisplayName)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User UserPrincipalName" -Value "$($User.UserPrincipalName)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User Title" -Value "$($User.Title)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User Department" -Value "$($User.Department)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User Office" -Value "$($User.Office)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User OfficePhone" -Value "$($User.OfficePhone)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User EmailAddress" -Value "$($User.EmailAddress)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User Manager" -Value "$($User.Manager)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User StreetAddress" -Value "$($User.StreetAddress)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User City" -Value "$($User.City)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User State" -Value "$($User.State)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User Description" -Value "$($User.Description)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User HomeDirectory" -Value "$($User.HomeDirectory)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User LastLogonDate" -Value "$($User.LastLogonDate)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User PasswordLastSet" -Value "$($User.PasswordLastSet)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User PasswordNeverExpires" -Value "$($User.PasswordNeverExpires)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User CannotChangePassword" -Value "$($User.CannotChangePassword)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User Enabled" -Value "$($User.Enabled)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User LockedOut" -Value "$($User.LockedOut)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User whenCreated" -Value "$($User.whenCreated)"
    						$GroupReport | Add-Member -MemberType NoteProperty -Name "User TrustedForDelegation" -Value "$($User.TrustedForDelegation)"
    					# Add line to the report
    						$GroupReportData += $GroupReport
    			}
             }
    }
    # Write the report
     $GroupReportData | Export-Csv -NoTypeInformation -Path	"$ReportPath" #-append

    Tuesday, October 29, 2019 5:22 PM
  • You may start with learning the very basics of Powershell. This enables you to understand what you're doing actually ... ;-)

    To get the attributes Name,Manager,Members and Description of ALL AD groups you can use the following snippet:

    Get-ADGroup -Filter * -Properties ManagedBy,Members,Description | 
        Select-Object Name,ManagedBy,Members,Description

    As far as I know there  is no attribute info.

    The members and the manager will be listed with their distinguished names.


    Live long and prosper!

    (79,108,97,102|%{[char]$_})-join''

    • Edited by BOfH-666 Tuesday, October 29, 2019 6:37 PM
    Tuesday, October 29, 2019 6:35 PM
  • Hello BoFH

    I have performed by writting the following script. But i am still unable to get the information for members 

    I am getting the output with the following in the Member field. 

    "Microsoft.ActiveDirectory.Management.ADPropertyValueCollection"

    Wednesday, October 30, 2019 6:39 AM
  • Member and Managers are collections and must be converted before they can be output to a CSv,

    \_(ツ)_/

    Wednesday, October 30, 2019 7:21 AM