Script to Find All ENABLED AD Users and the Groups They are In RRS feed

  • Question

  • Hi!

    I'm very new to PowerShell, and am trying to pull together a PS script that pulls all the ENABLED users, and the groups of which they are a member. The only part I cannot define is the enabled users...so only those are pulled.

    I found this script on a forum but I don't remember which so I can't credit the person(s) who created it (thanks to whomever wrote it). It does everything I am looking for except the enabled/disabled users. 

    Can someone please help me out?

    #// Start of script
    #// Get year and month for csv export file
    $DateTime = Get-Date -f "yyyy-MM"
    #// Set CSV file name
    $CSVFile = "C:\Scripts\Output\AD_Groups_and_Users"+$DateTime+".csv"
    #// Create emy array for CSV data
    $CSVOutput = @()
    #// Get all AD groups in the domain
    $ADGroups = Get-ADGroup -Filter *
    #// Set progress bar variables
    $tot = $ADGroups.count
    foreach ($ADGroup in $ADGroups) {
    	#// Set up progress bar
    	$status = "{0:N0}" -f ($i / $tot * 100)
    	Write-Progress -Activity "Exporting AD Groups" -status "Processing Group $i of $tot : $status% Completed" -PercentComplete ($i / $tot * 100)
    	#// Ensure Members variable is empty
    	$Members = ""
    	#// Get group members which are also groups and add to string
    	$MembersArr = Get-ADGroup -filter {Name -eq $ADGroup.Name -and Enabled -eq $true} | Get-ADGroupMember | select Name
    	if ($MembersArr) {
    		foreach ($Member in $MembersArr) {
    			$Members = $Members + "," + $Member.Name
    		$Members = $Members.Substring(1,($Members.Length) -1)
    	#// Set up hash table and add values
    	$HashTab = $NULL
    	$HashTab = [ordered]@{
    		"Name" = $ADGroup.Name
    		"Category" = $ADGroup.GroupCategory
    		"Scope" = $ADGroup.GroupScope
    		"Members" = $Members
    	#// Add hash table to CSV data array
    	$CSVOutput += New-Object PSObject -Property $HashTab
    #// Export to CSV files
    $CSVOutput | Sort-Object Name | Export-Csv $CSVFile -NoTypeInformation
    #// End of script
    Thank you so much for your time!

    Sunday, April 1, 2018 4:29 AM

All replies

  • Here is the template for getting the members of all groups and filtering out only those that are enabled:

    Get-AdGroup -Filter * | 
        Get-AdGroupMember |
        where{$_.ObjectClass -eq 'User'} | 
        Get-AdUser | 

    Variations on this will get all things you require.  FOr more examples of this look in the Gallery or search for blogs that discuss how this works.


    Sunday, April 1, 2018 5:57 AM
  • Here is another quick example of how this is used:

    Get-AdGroup -Filter *  -PipelineVariable g | 
        Get-AdGroupMember |
        where{$_.ObjectClass -eq 'User'} | 
        Get-AdUser | 
        Where{$_.Enabled} |
        select @{n='GroupName';e={$g.Name}}, Name |
        sort GroupName, Name


    Sunday, April 1, 2018 6:04 AM
  • I was hoping to be able to insert the "enabled" filter in the script. 

    Thanks anyway!

    Monday, April 2, 2018 2:05 AM
  • There is no enabled property on the results of the Get-AdGroupMember CmdLet and it doesn't support filters.


    Monday, April 2, 2018 2:10 AM
  • I looked in the Gallery and found a couple, but the ones I found don't have an option to export the data to csv, and my attempts at modifying the the script only creates errors.


    Monday, April 2, 2018 7:53 PM
  • Surely you can figure out how to add Export-Csv to the results of the script.

    If you have no knowledge of PowerShell or scripting then you need to learn that first.  This forum is for scripters and not a free script writing forum.


    Monday, April 2, 2018 7:55 PM
  • Yes, I did add Export-CSV to the results and it resulted in an error.

    I understand that I need to learn PS, and it's not like I'm coming over here empty-handed, I'm trying to piece this together. I'm simply asking for some help.

    I thank you for your time.


    Tuesday, April 3, 2018 1:47 AM