Reputation: 589
Get AD Group Members from AD using powershell
I need to find AD group members from given groups in csv file as input. the groups contains Users and Groups also. below is sample input data
I wrote the below code. for users I am getting the output (i.e. for the first entry), but for the second one, as they are groups within group, I am not able to fetch the email.
$GroupCollection= Import-csv -Path "C:\Groups.csv"
$Report = @()
Foreach($Group in $GroupCollection){
$MemberGroup=@()
$Group = $Group.'OPE DLs'
if($Group -match '@')
{
$pos = $Group.IndexOf("@")
$leftPart = $Group.Substring(0, $pos)
}
else
{
$leftPart = $Group
}
$MemberGroup = Get-ADGroupMember -identity $leftPart -recursive | Get-ADUser -Properties mail | Select-Object mail
$MemberGroups = ($MemberGroup.mail) -join "`r`n"
if($MemberGroups -ne ""){
$Out = New-Object PSObject
$Out | Add-Member -MemberType noteproperty -Name 'Contract Details' -Value $Group.'Customer subset'
$Out | Add-Member -MemberType noteproperty -Name 'Group Name' -Value $leftPart
$Out | Add-Member -MemberType noteproperty -Name 'Member Groups' -Value $MemberGroups
$Report += $Out
}
}
$Report | Sort-Object Name | FT -AutoSize
$Report | Sort-Object Name | Export-Csv -Path ‘C:\Group-MemberGroups-Report.csv’ -NoTypeInformation
Please let me know how to get the details. Is the approach is fine or there is any other way to do this.
expected output
Upvotes: 0
Views: 636
Answers (1)
Reputation: 61253
As commented, if the object returned by Get-ADGroupMember is a group, you won't get results by piping it through to Get-ADUser, because... it is a group, not a user.
You need to loop over the results and depending on what type the object is (group, user or computer) you use either Get-ADUser or Get-ADGroup (not interested in computer objects).
Try
$Report = foreach ($Group in $GroupCollection){
$groupName = ($Group.'OPE DLs' -split '@')[0]
$groupMembers = Get-ADGroupMember -Identity $groupName -Recursive | ForEach-Object {
$adObject = $_
switch ($adObject.objectClass) {
'group' { ($adObject | Get-ADGroup -Properties mail).mail }
'user' { ($adObject | Get-ADUser -Properties EmailAddress).EmailAddress }
}
}
if (@($groupMembers).Count) {
[PsCustomObject]@{
'Group Name' = $groupName
'Contract Details' = $Group.'Customer subset'
'Member Groups' = $groupMembers -join [environment]::NewLine
}
}
}
$Report = $Report | Sort-Object 'Group Name'
$Report | Format-Table -AutoSize
$Report | Export-Csv -Path 'C:\Group-MemberGroups-Report.csv' -NoTypeInformation
Notes:
- adding to an array with
+=is extremely wasteful because the entire array needs to be rebuilt in memory on each iteration - To take the group name as the part left of the
@character, I simply use the-splitoperator and take the first element ([0]) - To output an object, I'm using a
[PsCustomObject]@{..}construct rather than the old (pre PowerShell 3.0)New-Object PSObjectmethod
Upvotes: 1
Related Questions
- Powershell : getting AD groups without members
- Get AD group members with ADSI - Powershell
- PowerShell script to display users AD groups
- Get Specific AD Users from AD Group
- Powershell script for getting AD Group Membership for usernames
- Get Members of AD Group and output in specific manner
- How to get users of a group in a group AD PowerShell
- Powershell Get-ADGroupMember -ne to a group
- Getting AD groups and their users
- Get-ADGroupMember from list