CODEWITHSUNDEEP
powershellactive-directory
Scott
Scott

Reputation: 33

Get-ADGroupMembers with User account Enabled status

I'm trying to return a CSV of all security groups in my domain and all members including their account status (enabled or disabled) but can't seem to work out how to get join from ADGroupMember to ADUser. Was trying to test for value of $Member.ObjectClass and if "user" then run Get-ADUser but this doesn't seem to work - all ADGroupMember object classes appear as user if I do that. If possible would like to do it in one query. I've taken an example from the web and tried to modify it without success.

I'm looking for results in a table/csv formatted like this:

Screenshot for formatting

GroupName    Name        ObjectClass     Enabled
GroupA       John Smith  User            True 
GroupB       Jane Brown  User            False 
GroupB       GroupN      Group           NA/Group
$Table = @()

$Record = [ordered]@{
    "GroupName" = ""
    "Name" = ""
    "ObjectClass" = ""
    "Enabled" = ""
}

$Groups = Get-AdGroup -Filter * |
          Where {$_.Name -like "FS01*" -or $_.Name -like "ABC*"} |
          Select Name -ExpandProperty Name
foreach ($Group in $Groups) {
    $ArrayMembers = Get-ADGroupMember -Identity $Group |
                    Select Name, ObjectClass #, SamAccountName

    foreach ($Member in $ArrayMembers) {
        $Record."Enabled" = Get-ADGroupMember -Identity $Group |
                            Get-ADUser |
                            Select Enabled 
        $Record."GroupName" = $Group
        $Record."Name" = $Member.Name
        $Record."ObjectClass" = $Member.ObjectClass

        $objRecord = New-Object PSObject -Property $Record
        $Table += $objRecord
    }
}
$Table # | Export-Csv $filename -NoTypeInformation

Upvotes: 3

Views: 20152

Answers (1)

Ansgar Wiechers
Ansgar Wiechers

Reputation: 200193

Don't make things more complicated than they need to be. Use Select-Object to select name and object class from the group members, and inject group name and enabled status via calculated properties.

Get-ADGroup -Filter * | Where-Object {
  $_.Name -like 'FS01*' -or
  $_.Name -like 'ABC*'
} | ForEach-Object {
  $groupname = $_.Name
  Get-ADGroupMember -Identity $_ |
    Select-Object @{n='GroupName';e={$groupname}}, Name, ObjectClass,
                  @{n='Enabled';e={if ($_.ObjectClass -eq 'user') {
                    Get-ADUser $_ | Select-Object -Expand Enabled
                  } else {
                    'NA/Group'
                  }}}
} | Export-Csv 'C:\path\to\output.csv' -NoType

Upvotes: 1

Related Questions