none
How to List all Users and their Groups in an OU RRS feed

  • Question

  • Can anyone advise the best way to get a list of users from an specific OU along with their groups they belong to?

    Im trying to use the ds commands and I can retrieve one or the other but not together.

    • Edited by ID-ten-T Tuesday, September 20, 2016 9:09 AM
    Tuesday, September 20, 2016 9:05 AM

Answers

  • Get-ADUser -Filter * -SearchBase 'ou=testuser,dc=test,dc=org' | Foreach {
        [pscustomobject]@{Name = $_.Name
                          Group = (Get-ADPrincipalGroupMembership -Identity $_).Name -join ' / '
    }
    }
    Output:
    Name        Group
    ----            -----
    TestUser1   Domain Users
    TestUser2   TestGRP / Domain Users
    • Marked as answer by ID-ten-T Tuesday, September 20, 2016 11:26 AM
    Tuesday, September 20, 2016 9:23 AM
  • Pipe to Export-Csv Cmdlet

    Get-ADUser ... | Foreach {...} | Export-Csv D:\User.csv -NoTypeInformation

    • Marked as answer by ID-ten-T Tuesday, September 20, 2016 11:26 AM
    Tuesday, September 20, 2016 10:01 AM

All replies

  • Get-ADUser -Filter * -SearchBase 'ou=testuser,dc=test,dc=org' | Foreach {
        [pscustomobject]@{Name = $_.Name
                          Group = (Get-ADPrincipalGroupMembership -Identity $_).Name -join ' / '
    }
    }
    Output:
    Name        Group
    ----            -----
    TestUser1   Domain Users
    TestUser2   TestGRP / Domain Users
    • Marked as answer by ID-ten-T Tuesday, September 20, 2016 11:26 AM
    Tuesday, September 20, 2016 9:23 AM
  • Thank you Vincent that works a treat. how do i export the file to a text or csv file?
    Tuesday, September 20, 2016 9:52 AM
  • Pipe to Export-Csv Cmdlet

    Get-ADUser ... | Foreach {...} | Export-Csv D:\User.csv -NoTypeInformation

    • Marked as answer by ID-ten-T Tuesday, September 20, 2016 11:26 AM
    Tuesday, September 20, 2016 10:01 AM
  • I've just reinvent the wheel :facepalm: :(

    function Get-ADUserGroups ($GroupName) {
        $Groups=$GroupName | Get-ADGroup -Properties MemberOf | select -ExpandProperty memberOf
        $GroupName
        If ($Groups){$Groups|%{Get-ADUserGroups $_}}
    }
    Get-ADUser -SearchBase "OU=OUName,DC=domain,DC=local" -Filter * -Properties MemberOf,PrimaryGroup|?{$_.enabled}| %{"`n";$_.name;@($_.MemberOf)+$_.PrimaryGroup|%{Get-ADUserGroups $_}}
    


    my blog: http://shserg.ru/

    Tuesday, September 20, 2016 2:40 PM
  • As always moon on a stick! How do I get the account expiry date added to the script as well?
    Tuesday, September 20, 2016 2:40 PM
  • Look in the script repository for examples of how to get account expiration dates for accounts.


    -- Bill Stewart [Bill_Stewart]

    Tuesday, September 20, 2016 2:46 PM
    Moderator
  • I think I found the command but getting it all to work together. I am slowly learning powershell but this is beyond my current knowledge of powershell and scripting. I have purchased a book on powershell today as everything is seem to be going this way. If I am going to learn scripting guess it needs to be PS.

    Import-Module ActiveDirectory
    Get-ADUser -SearchBase "OU=TestOU,DC=TestDomain,DC=Local"`
     -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} `
    –Properties "SamAccountName","msDS-UserPasswordExpiryTimeComputed" |
    Select-Object -Property "SamAccountName", @{Name="Password Expiry Date";`
    Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | FT

    Tuesday, September 20, 2016 3:07 PM
  • You're asking about password expiration then, not account expiration. Those are two separate concepts.

    Take some guidance here: Part of getting good help in a technical forum is to ask precise questions with the correct terminology. Vague questions and/or wrong terminology only delay the chances of getting a good answer. Start by reading the following:


    -- Bill Stewart [Bill_Stewart]

    Tuesday, September 20, 2016 3:28 PM
    Moderator