Powershell: List with ADusers - need groups the users are memberof

Question

I have a list of users (their CN), and I want a list of the groups they are member of. I already have a code which almost does the trick, but it shows as follows:

User1 - group1;group2

User2 - group1;group2;group3 etc...

Also, groups are shown as distinguished name (with container etc), so very long. I only want the name.

I want to show it as follows:

User1 - group1

User1 - group2

User2 - group1, etc

The code that shows the groups the users are member of, but not in the visual way i like is below:

Import-Csv -Path .\Input_CN.csv | 
ForEach-Object {
    $User = Get-ADUser -filter "CN -eq '$($_.CN)'" -properties memberof 
    [PSCustomObject]@{
        SourceCN = $_.CN
        MemberOf = $User.MemberOf -join ";"
    }
} | Export-Csv -Path .\Output.csv -Delimiter ";" -NoTypeInformation
.\Output.csv

I have some other code that list the groups how I want, but I am unable to list it per user. And unable to combine it with the above code.

get-aduser -filter {cn -eq "Testuser"} -properties memberof |
Select -ExpandProperty memberof |
ForEach-Object{Get-ADGroup $_} |
Select -ExpandProperty Name

Thanks in advance :)

Answer 1

All in one line could be

Get-ADUser -filter {Enabled -eq $True} -Properties Name, Created | Select-Object Name, Created, @{Name="Groups";Expression={Get-ADPrincipalGroupMembership -Identity $_.SamAccountName | Where-Object {$_.GroupCategory -Eq 'Security'} | Join-String -Property Name -Separator ", "}}

Answer 2

You could combine both code pieces like this:

Import-Csv -Path .\Input_CN.csv | 
ForEach-Object {
    $user = Get-ADUser -Filter "CN -eq '$($_.CN)'" -Properties MemberOf, CN -ErrorAction SilentlyContinue
    foreach($group in $user.MemberOf) {
        [PSCustomObject]@{
            SourceCN = $user.CN
            MemberOf = (Get-ADGroup -Identity $group).Name
        }
    }
} | Export-Csv -Path .\Output.csv -Delimiter ";" -NoTypeInformation

---

Edit

Although I have never seen an AD user to have no group membership at all (should have at least the default Domain Users in the MemberOf property), You commented that you would like to have a test for that aswell.

Import-Csv -Path .\Input_CN.csv | 
ForEach-Object {
    $user = Get-ADUser -Filter "CN -eq '$($_.CN)'" -Properties MemberOf, CN -ErrorAction SilentlyContinue
    if (!$user) {
        Write-Warning "No user found with CN '$($_.CN)'"
        # skip this one and resume with the next CN in the list
        continue
    }
    $groups = $user.MemberOf
    if (!$groups -or $groups.Count -eq 0) {
            [PSCustomObject]@{
                SourceCN = $user.CN
                MemberOf = 'No Groups'
            }
    }
    else {
        foreach($group in $groups) {
            [PSCustomObject]@{
                SourceCN = $user.CN
                MemberOf = (Get-ADGroup -Identity $group).Name
            }
        }
    }
} | Export-Csv -Path .\Output.csv -Delimiter ";" -NoTypeInformation

Answer 3

This is a bit clunky, but you can use nested loops:

Import-Csv -Path .\Input_CN.csv | ForEach-Object {
    $user = Get-ADUser -filter "CN -eq '$($_.CN)'" -properties cn, memberof
        $user | ForEach-Object {
            $_.MemberOf |
                ForEach-Object {
                    [PSCustomObject]@{
                        SourceCN = $user.CN
                        MemberOf = $_.split('[=,]')[1]
                }
        }
    }
} | Where-Object {$null -ne $_.MemberOf} | 
        Export-Csv -Path .\Output.csv -Delimiter ";" -NoTypeInformation

UPDATE: Updated to show only the 'CN' part of the group name and to filter any users who are not a member of any group.