CODEWITHSUNDEEP
loopspowershellforeachexport-to-csv
Andrew
Andrew

Reputation: 58

powershell find all users for all groups flag as disabled

I am attempting to user PowerShell to spit out a csv file with the following columns: Name,Username,Group name,Enabled

I am almost there, the one step I am missing is how to flag users as enabled or not. For instance, this works fine:

Import-Module ActiveDirectory

$Groups = (Get-AdGroup -filter * | Where {$_.name -like "**"} | select name -ExpandProperty name)

$Table = @()

$Record = @{
  "Group Name" = ""
  "Name" = ""
  "Username" = ""
}


Foreach ($Group in $Groups) {

  $Arrayofmembers = Get-ADGroupMember -identity $Group -recursive | select name,samaccountname

  foreach ($Member in $Arrayofmembers) {
    $Record."Group Name" = $Group
    $Record."Name" = $Member.name
    $Record."UserName" = $Member.samaccountname
    $objRecord = New-Object PSObject -property $Record
    $Table += $objrecord

  }
}

$Table | export-csv "C:\temp\SecurityGroups.csv" -NoTypeInformation

If I try to add in a (quite impractical admittedly) extra search per loop to slap in the the users "Enabled" status, that column just remains blank:

Import-Module ActiveDirectory

$Groups = (Get-AdGroup -filter * | Where {$_.name -like "**"} | select name -ExpandProperty name)

$Table = @()

$Record = @{
  "Group Name" = ""
  "Name" = ""
  "Username" = ""
  "Enabled" = ""
}


Foreach ($Group in $Groups) {

  $Arrayofmembers = Get-ADGroupMember -identity $Group -recursive | select name,samaccountname

  foreach ($Member in $Arrayofmembers) {
    $Temprecord = Get-ADUser -Filter 'samaccountname -like "$Member.samaccountname"'
    $Record."Enabled" = $Temprecord.Enabled
    $Record."Group Name" = $Group
    $Record."Name" = $Member.name
    $Record."UserName" = $Member.samaccountname
    $objRecord = New-Object PSObject -property $Record
    $Table += $objrecord

  }
}

$Table | export-csv "C:\temp\SecurityGroups.csv" -NoTypeInformation

If I had to guess, it is an issue with the line:

$Temprecord = Get-ADUser -Filter 'samaccountname -like "$Member.samaccountname"'

That like bit must be wrong but am unsure how to resolve.

Upvotes: 1

Views: 558

Answers (2)

JosefZ
JosefZ

Reputation: 30113

$Temprecord = Get-ADUser -Filter "samaccountname -like ""$($Member.samaccountname)"""

See e.g. Weekend Scripter: Understanding Quotation Marks in PowerShell and Escape characters, Delimiters and Quotes for explanation.

Example:

PS D:\PShell> $x = 1,2,3
PS D:\PShell> $x.Count
3
PS D:\PShell> ### Single quotation marks define a literal string
PS D:\PShell> '$x.Count'
$x.Count
PS D:\PShell> ### Double quotation marks define more dynamic parsing string
PS D:\PShell> "$x.Count"
1 2 3.Count
PS D:\PShell> ### OOPS!
PS D:\PShell> "$($x.Count)"
3
PS D:\PShell> "array count $($x.Count)"
array count 3
PS D:\PShell> ### Finally, escape double quotes within double quoted string
PS D:\PShell> "array count as string ""$($x.Count)"""
array count as string "3"
PS D:\PShell>

Upvotes: 1

TessellatingHeckler
TessellatingHeckler

Reputation: 28993

Pipeline pipeline pipeline, no need for the loops and array building and hashtable and storing all the output, then outputting it.

Pipe the groups into ADGroupMember and carry the group object through as well, pipe the group and members into Select, and select the four columns you want, and export them to CSV.

Import-Module ActiveDirectory

Get-AdGroup -Filter "Name -like '*e*'" -PipelineVariable Group |
    Get-ADGroupMember -Recursive | 
        Select-Object @{Label='Group Name'; Expression={$Group.Name}}, 
                      Name, 
                      SamAccountName, 
                      @{Label='Enabled'; Expression={(Get-AdUser -Identity $_.SamAccountName).Enabled}} |
            Export-Csv -Path 'C:\temp\SecurityGroups.csv' -NoTypeInformation

Upvotes: 1

Related Questions