none
NEED POWERSHELL COMMAND TO GET USER LOGON NAME AND EMAIL ID FROM SECURITY GROUP MEMBERS RRS feed

  • Question

  • Hi all, Good day. I have been situated to pull out User logon name and Email ID from AD's security group members. Here we should ignore disable member. We are using Windows server 2008 R2 Datacenter. Please help me by sharing exact PowerShell command. Your help is very valuable to me.

    Thanks  

    Thursday, July 18, 2019 8:46 AM

Answers

  • Get-ADGroupMember "<SecurityGroupName>" | ?{$_.ObjectClass -eq "user"}  | foreach {
    $UserDetails = Get-ADUser $_.SamAccountName -Properties EmailAddress
    if($UserDetails.Enabled -eq $true){
        $UserDetails | Select SamAccountName, EmailAddress
    }
    }
    Above will do the job for you.
    Thursday, July 18, 2019 9:04 AM
  • I apologize, I was typing to fast

    Get-ADGroupMember -Identity "GroupName" -Recursive | % {Get-ADUser -Identity $_.distinguishedName  -Properties * | ? {$_.enabled -eq $true} |select samaccountname,emailaddress }
    -----------------------------------------------------------------------------------------------------------
    If you found this post helpful, please give it a "Helpful" vote. 
    Please remember to mark the replies as answers if they help.

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.


    • Edited by NM[] Thursday, July 18, 2019 9:59 AM
    • Marked as answer by Rajeswaran Ramanujam Thursday, July 18, 2019 11:58 AM
    Thursday, July 18, 2019 9:58 AM
  • Get-ADGroupMember "<SECURITYGROUPNAME>" | ?{$_.ObjectClass -eq "user"}  | foreach {
    Get-ADUser $_.SamAccountName -Properties EmailAddress | ?{$_.Enabled -eq $true} | Select SamAccountName, EmailAddress
    } | Export-Csv -Path .\Somepath\SomeName.csv

    Thursday, July 18, 2019 11:41 AM
  • You are using Import-Csv in a wrong manner, please go through the microsoft docs to learn the same. In this case below might work:

    Import-Csv <Path to csv> | foreach{
    foreach($user in (Get-ADGroupMember $_.SecurityGroupName | ?{$_.ObjectClass -eq "user"}) ) {
    Get-ADUser $user.SamAccountName -Properties EmailAddress | ?{$_.Enabled -eq $true} | Select SamAccountName, EmailAddress
    }
    } | Export-Csv -Path <Path to output csv>

    The Csv file should be having the security group names in a column with SecurityGroupName as the column header. It should look somewhat like below:

    Thursday, July 18, 2019 1:14 PM

All replies

  • Get-ADGroupMember "<SecurityGroupName>" | ?{$_.ObjectClass -eq "user"}  | foreach {
    $UserDetails = Get-ADUser $_.SamAccountName -Properties EmailAddress
    if($UserDetails.Enabled -eq $true){
        $UserDetails | Select SamAccountName, EmailAddress
    }
    }
    Above will do the job for you.
    Thursday, July 18, 2019 9:04 AM
  • Hi,

    Get-ADGroupMember -Identity "Group Name" -Recursive | % {Get-ADUser -Identity $_.distinguishedName -Properties Enabled |select samaccountname,emailaddress }
    

    -----------------------------------------------------------------------------------------------------------
    If you found this post helpful, please give it a "Helpful" vote. 
    Please remember to mark the replies as answers if they help.

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Thursday, July 18, 2019 9:14 AM
  • Hi,

    Get-ADGroupMember -Identity "Group Name" -Recursive | % {Get-ADUser -Identity $_.distinguishedName -Properties Enabled |select samaccountname,emailaddress }

    -----------------------------------------------------------------------------------------------------------
    If you found this post helpful, please give it a "Helpful" vote. 
    Please remember to mark the replies as answers if they help.

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    This does not do what was asked.   Rethink what it is doing and what is being returned.

    We don't write custom scripts on request because the users rarely understand the issues and most answers are generally not what the OP is looking for.

    For free script writing and consulting the OP should hire a consultant.  This forum is for questions about scripts that the poster is writing.


    \_(ツ)_/

    Thursday, July 18, 2019 9:19 AM
    Moderator
  • I apologize, I was typing to fast

    Get-ADGroupMember -Identity "GroupName" -Recursive | % {Get-ADUser -Identity $_.distinguishedName  -Properties * | ? {$_.enabled -eq $true} |select samaccountname,emailaddress }
    -----------------------------------------------------------------------------------------------------------
    If you found this post helpful, please give it a "Helpful" vote. 
    Please remember to mark the replies as answers if they help.

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.


    • Edited by NM[] Thursday, July 18, 2019 9:59 AM
    • Marked as answer by Rajeswaran Ramanujam Thursday, July 18, 2019 11:58 AM
    Thursday, July 18, 2019 9:58 AM
  • Hi Thanks for the command. But I can't get email address of this member. And also if you include extract to excel or CSV file for the output, It will very help full to us. Kindly Help me. 
    Thursday, July 18, 2019 11:29 AM
  • Hi Thanks for the command. But I can't get email address of this member. And also if you include extract to excel or CSV file for the output, It will very help full to us. Kindly Help me.
    Thursday, July 18, 2019 11:30 AM
  • Thanks a lot. Thanks for the wonderful Command. It works. Can i extract output to Excel file?
    Thursday, July 18, 2019 11:35 AM
  • Get-ADGroupMember "<SECURITYGROUPNAME>" | ?{$_.ObjectClass -eq "user"}  | foreach {
    Get-ADUser $_.SamAccountName -Properties EmailAddress | ?{$_.Enabled -eq $true} | Select SamAccountName, EmailAddress
    } | Export-Csv -Path .\Somepath\SomeName.csv

    Thursday, July 18, 2019 11:41 AM
  • Hi,

    Get-ADGroupMember -Identity "Group Name" -Recursive | % {Get-ADUser -Identity $_.distinguishedName  -Properties * | ? {$_.enabled -eq $true} |select samaccountname,emailaddress } | Export-Csv C:\users.csv -NoTypeInformation

    -----------------------------------------------------------------------------------------------------------
    If you found this post helpful, please give it a "Helpful" vote. 
    Please remember to mark the replies as answers if they help.

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Thursday, July 18, 2019 11:44 AM
  • Thanks a lot
    Thursday, July 18, 2019 12:00 PM
  • Hi It's exactly correct. Thanks a lot. We have 150+ security group in excel. Can i give pipe from my security group excel file to this command and to get output in another file. Kindly please help me.
    Thursday, July 18, 2019 12:06 PM
  • Try csv instead of excel it would be easy. You can use Import-CSV with a loop to get the details.
    Thursday, July 18, 2019 12:14 PM
  • Ok. I will try.
    Thursday, July 18, 2019 12:23 PM
  • Get-ADGroupMember | Import-Csv -Path C:\Users\sss.csv | ?{$_.ObjectClass -eq "user"}  | foreach {
    Get-ADUser $_.SamAccountName -Properties EmailAddress | ?{$_.Enabled -eq $true} | Select SamAccountName, EmailAddress
    } | Export-Csv -Path C:\Users\Geek.csv

    If I gave this command, It asks Identity. Could you please correct me. It's very important for me.

    Thursday, July 18, 2019 12:42 PM
  • You are using Import-Csv in a wrong manner, please go through the microsoft docs to learn the same. In this case below might work:

    Import-Csv <Path to csv> | foreach{
    foreach($user in (Get-ADGroupMember $_.SecurityGroupName | ?{$_.ObjectClass -eq "user"}) ) {
    Get-ADUser $user.SamAccountName -Properties EmailAddress | ?{$_.Enabled -eq $true} | Select SamAccountName, EmailAddress
    }
    } | Export-Csv -Path <Path to output csv>

    The Csv file should be having the security group names in a column with SecurityGroupName as the column header. It should look somewhat like below:

    Thursday, July 18, 2019 1:14 PM
  • You newbies need to learn to not place all code on one line.  It is unreadable and very hard to debug.  Pleaase read the following for guidance:

    PowerShell Style Guidelines

    Example:

    Get-ADGroupMember "<SECURITYGROUPNAME>" | 
        Where-Object{$_.ObjectClass -eq 'user'} |
        Get-ADUser -Properties EmailAddress | 
        Where-Object{$_.Enabled} | 
        Select-Object SamAccountName, EmailAddress | 
        Export-Csv -Path .\Somepath\SomeName.csv


    \_(ツ)_/

    Thursday, July 18, 2019 3:58 PM
    Moderator
  • Now it is very easy to see how to get the group name into the output:

    Import-Csv groups.csv -PipelineVariable csv |
        ForEach-Object{Get-ADGroupMember $_.SecurityGroupName}|
        Where-Object{$_.ObjectClass -eq 'user'} |
        Get-ADUser -Properties EmailAddress | 
        Where-Object{$_.Enabled} | 
        Select-Object @{n='GroupName';e={$csv.SecurityGroupName}}, SamAccountName, EmailAddress | 
        Export-Csv -Path .\Somepath\SomeName.csv


    \_(ツ)_/


    Thursday, July 18, 2019 4:09 PM
    Moderator
  • Thank you
    Friday, July 19, 2019 7:48 AM
  • Thank you
    Friday, July 19, 2019 7:48 AM
  • Abhishek Thanks a lot. You helped me lot. Thanks again... :)
    Friday, July 19, 2019 7:50 AM