onefiscus
Reputation: 149
Get-ADGroup pulling all groups but Domain Users
For some reason this script works perfect except it does not pull the "Domain Users" group, does anybody know why or how to get it? It pulls all other groups.
Import-Module Activedirectory
Get-ADUser -Filter * -Properties * | sort SamAccountName | % {
New-Object PSObject -Property @{
"First" = $_.givenName
"Init" = If($_.Initials -eq $null){Write-Host ""} else {$_.Initials}
"Last" = $_.SN
"Enabled" = $_.Enabled
"Logon Name" = $_.samaccountname
"UserName" = $_.DisplayName
"Pass Last Set" = If($_.PasswordLastSet -eq $null){Write-Host ""} else {$_.PasswordLastSet}
"Pass Expiration" = If($_.PasswordLastSet -eq $null){Write-Host ""} else {$_.PasswordLastSet.AddDays(270)}
"Pass Expired" = $_.PasswordExpired
"Days Til Exp" = If($_.PasswordLastSet -eq $null){Write-Host ""} else {($_.PasswordLastSet.AddDays(270) - [DateTime]::Now)}
"Pass Never Expires" = $_.PasswordNeverExpires
"Account Created" = $_.whenCreated
"Last Logon" = $_.LastLogonDate
"Email Address" = $_.EmailAddress
Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty SamAccountName) -join ", "
}
} | Select "Logon Name",First,Init,Last,Enabled,"Pass Last Set","Pass Expiration","Pass Expired","Days Til Exp","Pass Never Expires","Last Logon","Email Address",Groups
I noticed it doesn't pull Domain Users even with the Quest Snapin
Add-PSSnapin Quest.ActiveRoles.ADManagement
$strUserName = "username"
$strUser = get-qaduser -SamAccountName $strUserName
$strUser.memberof
Upvotes: 1
Views: 1819
Answers (1)
Matt
Reputation: 46700
You don't see it because "Domain Users", for most users, is the Primary Group. In AD Users and Computers they appear in the same list but they are the combination of attributes.
With the AD cmdlets you will find it using the PrimaryGroup property of Get-AdUser for example.
PS C:\Users\matt> Get-ADUser matt -Properties PrimaryGroup | Select-Object -ExpandProperty PrimaryGroup
CN=Domain Users,CN=Users,DC=BA,DC=NET
More in line with what you are doing is using the Get-ADPrincipalGroupMembership cmdlet.
Get-ADPrincipalGroupMembership matt
distinguishedName : CN=Domain Users,CN=Users,DC=DOMAIN,DC=NET
GroupCategory : Security
GroupScope : Global
name : Domain Users
objectClass : group
objectGUID : d2745cb0-7f6d-4ada-a44c-0926a0950a74
SamAccountName : Domain Users
SID : S-1-5-21-961215277-3068250917-3774519051-513
Upvotes: 1
Related Questions
- PowerShell script to display users AD groups
- Get AD Group Members from AD using powershell
- powershell get-adgroups returns wrong result
- Get Specific AD Users from AD Group
- Get-AdGroupMember -recursive does not return groups when also returning users
- PowerShell Script Not Working As Intended When Getting AD Groups
- get-adprincipalgroupmembership not showing all groups
- Powershell not returning expected groups
- Powershell - (Active Directory Module) - Get-ADGroupMember only works for groups in my Domain
- Get-ADGroupMember from list