none
List of Names with Attributes RRS feed

  • Question

  • How do I get a list of names from the Distribution Group with the following attributes?  For example,  I want to get a list of names from the Sales Distribution Group that includes SamAccountName, phone number, email address, date account created, date account expires.  Thanks.


    Diane

    Tuesday, October 28, 2014 3:43 AM

Answers

  • Greetings!

    Use this code in Powershell on your domain controller:

    Import-module Activedirectory
    Get-ADGroupMember -identity test | Get-ADUser -Properties * | ft Name,Samaccountname,whencreated,mail -AutoSize
    Regards.


    Mahdi Tehrani   |     |   www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.

    Tuesday, October 28, 2014 4:46 AM
    Moderator
  • The PowerShell properties exposed by Get-ADUser that you want are sAMAccountName, Created, AccountExpirationDate, OfficePhone, and EmailAddress.

    However, if any of the group members are groups, an error will be raised by Get-ADUser. In that case, you could either code extra steps to only consider users, or you can replace Get-ADUser with Get-ADObject. If you use Get-ADObject, the PowerShell properties I listed are not exposed (except Created), so you must instead list the actual AD attribute names: sAMAccountName, whenCreated, accountExpires, telephoneNumber, and mail. Unfortunately, PowerShell will not convert the accountExpires value into a datetime, so you will instead get the large integer value that corresponds to the account expiration date.


    Richard Mueller - MVP Directory Services

    Tuesday, October 28, 2014 5:37 PM
  • Hmm... yeah it means there is a symbol missing. I think maybe a copy/paste issue. Let me split it into several lines:

    Get-ADGroupMember -Identity "GROUP" | 
        Get-ADUser -Properties samaccountname,telephonenumber,mail,whencreated,AccountExpires | 
        select samaccountname,telephonenumber,mail,whencreated,@{l="expiration_date";e={[datetime]::fromfiletime($_.accountexpires)}} |
    ft -AutoSize


    G. Samuel Hays, MCT, MCSE 2012, MCITP: Enterprise Admin

    Blog:gsamuelhays.blogspot.com

    twitter:twitter.com/gsamuelhays

    Wednesday, October 29, 2014 4:47 PM

All replies

  • Greetings!

    Use this code in Powershell on your domain controller:

    Import-module Activedirectory
    Get-ADGroupMember -identity test | Get-ADUser -Properties * | ft Name,Samaccountname,whencreated,mail -AutoSize
    Regards.


    Mahdi Tehrani   |     |   www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.

    Tuesday, October 28, 2014 4:46 AM
    Moderator
  • The PowerShell properties exposed by Get-ADUser that you want are sAMAccountName, Created, AccountExpirationDate, OfficePhone, and EmailAddress.

    However, if any of the group members are groups, an error will be raised by Get-ADUser. In that case, you could either code extra steps to only consider users, or you can replace Get-ADUser with Get-ADObject. If you use Get-ADObject, the PowerShell properties I listed are not exposed (except Created), so you must instead list the actual AD attribute names: sAMAccountName, whenCreated, accountExpires, telephoneNumber, and mail. Unfortunately, PowerShell will not convert the accountExpires value into a datetime, so you will instead get the large integer value that corresponds to the account expiration date.


    Richard Mueller - MVP Directory Services

    Tuesday, October 28, 2014 5:37 PM
  • Get-ADGroupMember -Identity "GROUP" | Get-ADUser -Properties samaccountname,telephonenumber,mail,whencreated,AccountExpires | select samaccountname,telephonenumber,mail,whencreated,@{l="expiration_date";e={[datet
    ime]::fromfiletime($_.accountexpires)}} |ft -AutoSize

    Mahdi's answer is correct as well. However the 'accountExpires' format is ugly.


    G. Samuel Hays, MCT, MCSE 2012, MCITP: Enterprise Admin

    Blog:gsamuelhays.blogspot.com

    twitter:twitter.com/gsamuelhays

    Tuesday, October 28, 2014 5:43 PM
  • Samuel,

    When I typed the above script, I got this symbol >>.  What does it mean?  How do I output the list of names to an Excel or CSV file?  Thanks.


    Diane

    Wednesday, October 29, 2014 3:06 PM
  • Richard,

    Will you be able to work on the scripts for me?  Thanks.


    Diane

    Wednesday, October 29, 2014 3:08 PM
  • Samuel,

    When I typed the above script, I got this symbol >>.  What does it mean?  How do I output the list of names to an Excel or CSV file?  Thanks.


    Diane

    It means you are missing a symbol like {,",( and such things.



    Mahdi Tehrani   |     |   www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.

    Wednesday, October 29, 2014 3:12 PM
    Moderator
  • Mahdi,

    I got the following error message when I typed the above powershell.  Do you have any suggestions how to fix this error?  Thanks.

    +Category Info:  Invalid Argument: (:) [Import-Module], ParameterBindingException

    + FullyQualifiedErrorId: PositionalParameterNotFound,Microsoft.Powershell.Commands.Import Module command


    Diane

    Wednesday, October 29, 2014 3:29 PM
  • Or DSQUERY command.

    dsget group "CN=Group1,DC=Infralab, DC=local" -members | dsquery * -attr Name Samaccountname whencreated

    http://social.technet.microsoft.com/wiki/contents/articles/3537.active-directory-active-directory-domain-services-ad-ds-commands-and-scripts.aspx


    Santhosh Sivarajan | Houston, TX | www.sivarajan.com
    ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA

    Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012

    Blogs: Blogs
    Twitter: Twitter
    LinkedIn: LinkedIn
    Facebook: Facebook

    Microsoft Virtual Academy: Microsoft Virtual Academy

    This posting is provided AS IS with no warranties, and confers no rights.

    Wednesday, October 29, 2014 3:50 PM
    Moderator
  • Hmm... yeah it means there is a symbol missing. I think maybe a copy/paste issue. Let me split it into several lines:

    Get-ADGroupMember -Identity "GROUP" | 
        Get-ADUser -Properties samaccountname,telephonenumber,mail,whencreated,AccountExpires | 
        select samaccountname,telephonenumber,mail,whencreated,@{l="expiration_date";e={[datetime]::fromfiletime($_.accountexpires)}} |
    ft -AutoSize


    G. Samuel Hays, MCT, MCSE 2012, MCITP: Enterprise Admin

    Blog:gsamuelhays.blogspot.com

    twitter:twitter.com/gsamuelhays

    Wednesday, October 29, 2014 4:47 PM