locked
group members outuput RRS feed

  • Question

  • Hi

    Now I am running below script but not getting desired result. Not getting all group members  output.

    Import-Module ActiveDirectory
    $grp = Import-Csv D:\temp\groups.csv
    $grp | % {
    $group = $_.group
    Get-ADGroup $group -Properties Member | Select-Object -ExpandProperty Member | 
    Get-ADUser -Properties name,samaccountname,enabled,country | 
    select @{l="groupname";e={$group}},name,samaccountname,enabled,country | 
    Export-csv D:\temp\addata.csv -NoTypeInformation
    }
    

    Wednesday, December 12, 2018 6:00 PM

Answers

  • That'd be a limitation in (I think) the Web Services.

    You can modify your original code to use Get-ADObject and Where {…} to get only the users from the members list.

    grp = Import-Csv D:\temp\groups.csv
    $grp | % {
    $group = $_.group
    Get-ADGroup $group -Properties Member | Select-Object -ExpandProperty Member | 
    Get-ADObject | Where {$_.objectclass -eq 'user'} | Get-ADUser -Properties name,samaccountname,enabled,country | 
    select @{l="groupname";e={$group}},name,samaccountname,enabled,country | 
    Export-csv D:\temp\addata.csv -NoTypeInformation
    }


    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    • Marked as answer by Mr. Raj Thursday, December 13, 2018 2:25 PM
    Wednesday, December 12, 2018 8:47 PM
  • Hi,

    Thanks for your question.

    I think in your loop, you only output one group members to the CSV file.

    Import-Module ActiveDirectory
    $grp = Import-Csv D:\temp\groups.csv
    $grp | % {
    $group = $_.group
    $obj+=Get-ADGroup $group -Properties Member | Select-Object -ExpandProperty Member | 
    Get-ADUser -Properties name,samaccountname,enabled,country | 
    select @{l="groupname";e={$group}},name,samaccountname,enabled,country 
    
    }
    $obj=Export-csv D:\temp\addata.csv -NoTypeInformation

    Best Regards,

    Lee


    Just do it.

    • Marked as answer by Mr. Raj Thursday, December 13, 2018 2:25 PM
    Thursday, December 13, 2018 7:49 AM

All replies

  • Why not use Get-ADGroupMember instead of risking an exception when you try to use Get-ADUser to retrieve a group member that's a group? Also, there's no need to use Get-ADGroup to get the Member property (which is a list of distinguished names).

    For example:

       . . . Get-ADGroupMember | Where {$_.objectClass -eq 'user'} | . . . 


    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)


    Wednesday, December 12, 2018 7:14 PM
  • Thanks Rich.. I used your way but getting below error:-

    Get-AdGroupMember : The size limit for this request was exceeded
    At D:\temp\script.ps1:5 char:22
    + Get-ADGroup $group | Get-AdGroupMember | Where-Object{ $_.objectClass -eq 'User' ...
    +                      ~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (CN=GGzyDisabl...s,DC=contoso,DC=com:ADGroup) [Get-ADGroupMember], ADException
        + FullyQualifiedErrorId : ActiveDirectoryServer:8227,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember

    Wednesday, December 12, 2018 7:48 PM
  • That'd be a limitation in (I think) the Web Services.

    You can modify your original code to use Get-ADObject and Where {…} to get only the users from the members list.

    grp = Import-Csv D:\temp\groups.csv
    $grp | % {
    $group = $_.group
    Get-ADGroup $group -Properties Member | Select-Object -ExpandProperty Member | 
    Get-ADObject | Where {$_.objectclass -eq 'user'} | Get-ADUser -Properties name,samaccountname,enabled,country | 
    select @{l="groupname";e={$group}},name,samaccountname,enabled,country | 
    Export-csv D:\temp\addata.csv -NoTypeInformation
    }


    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    • Marked as answer by Mr. Raj Thursday, December 13, 2018 2:25 PM
    Wednesday, December 12, 2018 8:47 PM
  • Hi,

    Thanks for your question.

    I think in your loop, you only output one group members to the CSV file.

    Import-Module ActiveDirectory
    $grp = Import-Csv D:\temp\groups.csv
    $grp | % {
    $group = $_.group
    $obj+=Get-ADGroup $group -Properties Member | Select-Object -ExpandProperty Member | 
    Get-ADUser -Properties name,samaccountname,enabled,country | 
    select @{l="groupname";e={$group}},name,samaccountname,enabled,country 
    
    }
    $obj=Export-csv D:\temp\addata.csv -NoTypeInformation

    Best Regards,

    Lee


    Just do it.

    • Marked as answer by Mr. Raj Thursday, December 13, 2018 2:25 PM
    Thursday, December 13, 2018 7:49 AM
  • Thanks Lee and Rich....

    You both are Rockstar.. May God bless you always.. :)

    Thursday, December 13, 2018 2:26 PM