Include Specific Attributes Active Directory Query for an ADUser

Question

get-content .\GroupNames.txt |
ForEach-Object {
    $Group = $_
    $countUser = ""
    $countUser = ((get-Adgroup $group -properties members).members).count
    $Total_Count += $countUser
    If ($countUser -eq 0){
        $Total_Count++
        Add-Content $LogFile "$Group, No Members "
        }
    Get-ADGroupMember $Group -Recursive -include | Select @{label="Group"; expression={$Group}},sAMAccountName,Name, @{label="Date";expression={$Date}} | Export-CSV $LogFile -NoTypeInformation -Append
}
    Add-Content $LogFile "Total Count - $Total_Count "

Hi so my above code takes in a list of AD Groups in a text file ("GroupNames.txt"). It then grabs the member from each group. What I am trying to have done is that as its querying Active Directory for the ADGroup member, I also want to be able to request other attributes besides the default sAMAcountname and Name. I would like for example like to get the user's department and/or title. Ideally, i'd store it in a seperate variable like $properties so that I am only changing this value when I run the script.

Currently, the output is $Logfile, an csv file, with columns department/title and any other extra attribute blank. Thank you in advance.

Answer 1

You need to consider that Get-ADGroupMember can also return computer objects or (nested) group objects.
Looking at your code, you only want in user objects in the output.

Also, If you want a CSV file with user details, you must NOT add simple message text lines into the same csv file, because thta will destroy the structure. You need to create two separate files while doing this:

• a text (log) file where the messages go
• the structures Csv file where the user details are stored

Try:

# set the paths for both the log file (plain text) and for the resulting CSV file
$logFile = 'D:\Test\GroupReport.log'
$logCsv  = 'D:\Test\GroupReport.csv'
$inFile  = 'D:\Test\GroupNames.txt'

# write a starting line to the log file
('Log Started {0:g}'-f (Get-Date)) | Add-Content -Path $logFile

# gather the details of the group (users only) 
# filter out empty or whitespace-only lines from the text file 
$result = Get-Content -Path $inFile | Where-Object { $_ -match '\S' } | ForEach-Object {
    # first, try and get the group by the name from the $inFile
    $group = Get-ADGroup -Filter "Name -eq '$_'" -Properties members -ErrorAction SilentlyContinue
    if (!$group) {
        "Group '$_' does not exist" | Add-Content -Path $logFile
        continue  # skip this one and proceed with the next group
    }

    # retrieve the users that are member of the group (ignore members of type group and/or computer)
    $members   = $_ | Get-ADGroupMember -Recursive | Where-Object { $_.objectClass -eq 'user' }
    $userCount = @($members).Count
    $Total_Count += $userCount
    if ($userCount -eq 0) {
        $Total_Count++    # why this increment if there are no users???
        "$($group.Name) - No Users" | Add-Content -Path $logFile
        continue  # proceed with the next group
    }
    # now loop through the user members to get their details
    foreach ($user in $members) {
        # output the details of the user this gets collected in variable $result
        Get-ADUser -Identity $user.DistinguishedName -Properties DisplayName, Name, OfficePhone, EmailAddress, Description, Title, Department |
        Select-Object @{Name="Group"; Expression={$group.Name}},
                      SamAccountNameDisplayName, Name, EmailAddress, Description, Title, Department
                      @{Name="Phone"; Expression={$_.OfficePhone}}
    }
}

# write the total count and an end line to the logfile
"Total Count - $Total_Count" | Add-Content -Path $logFile
('Log Ended {0:g}{1}'-f (Get-Date), [environment]::NewLine) | Add-Content -Path $logFile

# now create the CSV file with user details
$result | Export-Csv -Path $logCsv -NoTypeInformation