.NET Framework - List all Group Users in AD

Asked By Chri

29-Aug-08 02:08 PM

I'm having problems (most of which are being new to powershell!) in grabbing
a list of all groups-users in a domain.

I have played a bit w/ Quest's Active Directoy cmdlets and came up w/ the
following:
get-qadgroup |
foreach-object {get-qadgroupmember ($_)}

This, techncially does what it is suppose to do.... For every group, it
lists the members.  But, the problem is, it doesn't state the group name!!

I simple need to get a dump from AD off all group and memberships.

Thanks!

Powershell Discussions

QADMemberOF
(1)

QADObject
(1)

QADUser
(1)

ScriptFanatic
(1)

Temp.TrimEnd
(1)

GroupName
(1)

RichS
(1)

User.Split
(1)

RichSMV replied...

29-Aug-08 05:02 PM

I haven't got access to an AD to test it but I think that all you need to do
is make a slight modification

get-qadgroup | foreach-object {
get-qadgroupmember ($_)
}

If name doesn't work try distinguishedname

--
Richard Siddaway
All scripts are supplied "as is" and with no warranty
PowerShell MVP
Blog: http://richardsiddaway.spaces.live.com/
PowerShell User Group: http://www.get-psuguk.org.uk

Chri replied...

29-Aug-08 05:46 PM

Awesome.  I'm almost there I think....  I figured it was my lack for
formatting output that was the hiccup......(again, I'm new :(..)

But, how would you state the group per line rather than all in one column?
So, it would like similar...
Domain Admin, Chris
Domain Admin, Joe
SQL_Group, Al
SQL_Group,Chris
Blah,blah

Thanks again for the help!!!

RichSMV replied...

30-Aug-08 03:47 PM

Try this


$names = @()
Get-QADGroup | ForEach-Object {
$temp = "`n$($_.Name): "
if ($_.member -ne $null) {
foreach ($user in $_.member){
$un = $user.Split(",")
$temp += $un[0].Replace("CN=","") + ", "
}
$names += $temp.TrimEnd(", ")
}
else {$names += ($temp + "No members")}
}
$names


--
Richard Siddaway
All scripts are supplied "as is" and with no warranty
PowerShell MVP
Blog: http://richardsiddaway.spaces.live.com/
PowerShell User Group: http://www.get-psuguk.org.uk

Shay Levy [MVP] replied...

31-Aug-08 10:37 PM

Hello chris,


Here's another way (one line):

PS > Get-QADGroup -sizeLimit 0 | select @{name="GroupName";expression={$_.name}}
-expand members | select GroupName,@{n='Member';e={ (Get-QADObject $_).name
}}

GroupName  Member
---------  ------
Group1  User1
Group1  User1
Group2  User2
Group2  User2
Group3  User3
Group3  User3


---
Shay Levy
Windows PowerShell MVP
http://blogs.microsoft.co.il/blogs/ScriptFanatic

c> I'm having problems (most of which are being new to powershell!) in
c> grabbing a list of all groups-users in a domain.
c>
c> I have played a bit w/ Quest's Active Directoy cmdlets and came up w/
c> the
c> following:
c> get-qadgroup |
c> foreach-object {get-qadgroupmember ($_)}
c> This, techncially does what it is suppose to do.... For every group,
c> it lists the members.  But, the problem is, it doesn't state the
c> group name!!
c>
c> I simple need to get a dump from AD off all group and memberships.
c>
c> Thanks!
c>

Chri replied...

02-Sep-08 09:15 AM

Shay,
Thanks for the post and help as well.  But, when trying to run your script,
it is only pulling groups.  Your output is the exact format I'm looking to
accomplish tho!!
Thanks!
--Chris

Chri replied...

02-Sep-08 10:10 AM

Actually..take that back.  Got it to run.
Only question is now...it looks to hate empty group as it gives this err


Select-Object : Cannot expand property "members" because it has nothing to
expand.
At line:1 char:35
+ Get-QADGroup -sizeLimit 0 | select  <<<<
@{name="GroupName";expression={$_.name}} -expand members | select GroupName,
@{n='Member';e={ (Get-QADObject $_).name


I'll play w/ it too..And, again.  Thanks!!!

David Svirskis replied to Shay Levy [MVP]

05-Oct-10 06:29 AM

Hi, I'd like to get a similar output, but listed by user rather than by group.



I'm trying a combination of Get-QADUser and Get-QADMemberOF but I can't seem to work out how to combine them correctly to get the output I'm looking for.



What I'm after is:



Name    GroupName

----    ---------

User1   Group1

User1   Group3

User2   Group1

User2   Group2

User3   Group3



etc..



Can you help? :)



Thanks,

David

Manion replied to David Svirskis

21-Dec-10 11:39 AM

hi David!



I'm lookin for the exactly same outup, I don't find it, and I begin feeling desperate.

Did you find it??



Thank you

Previous Discussion: tail -f file | cut ...?

.NET Framework GET-QADuser -Homedirectory - Maybe a bug

NET Framework GET-QADuser -Homedirectory - Maybe a bug I'm falling in love of Powershell, and of course after opened my eyes and discovered the truth I'm playing a lot today with Get-QADuser and the homedirectory. is perfect In the return values I do have 4 differents servers: \ OR-SVR01 \ . . . . . \ costco.local \ . . . . . \ NAS01 \ . . . . \ file01 \ . . . . . Now to filter this, Get-QADuser give you the -Homedirectory parameter Get QADuser -HomeDirectory ' \ OR-*' - --> This return all my homedirectory begining with \ OR- Get-QADuser -HomeDirectory ' \ cos*' - --> This return all my homedirectory begining with \ cos Get-QADuser -HomeDirectory ' \ NAS*' - --> This return all my homedirectory begining with \ NAS so far so good but Get-QADuser -HomeDirectory ' \ *' should return the same as "Get QADuser | fl homedirectory" but it doesn't show the \ file01 Get-QADuser -HomeDirectory ' \ file*' doesn't

.NET Framework GET-QADuser properties question

NET Framework GET-QADuser properties question My ultimate goal is to get all the properties returned by the GET- QADuser command Here are the 4 commands I use to reach my goal and troubleshoot my problem -> get-qaduser -identity user -IncludedProperties samaccountname, usermustchangepassword | fl > c: \ qad1.txt -> get qaduser -identity user -IncludedProperties samaccountname, usermustchangepassword -IncludeAllProperties | fl > c: \ qad2.txt -> get-qaduser -identity user -IncludedProperties samaccountname, usermustchangepassword -IncludeAllProperties - SerializeValues | fl > c: \ qad3.txt -> get-qaduser -identity user -IncludeAllProperties -SerializeValues | fl > c: \ qad4.txt The 2 first command return the same samaccountname, usermustchangepassword, it will display these 2 properties Anyway I would have thought that : get-qaduser -identity user -IncludeAllProperties -SerializeValues | fl would have return EVERY properties including the usermustchangepassword but so I missing something ? I just tried this, and I'm even more confuse now get-qaduser -identity user -includedproperties usermustchangepassword - --> This returns the usermustchangepassword get-qaduser -identity user -includedproperties usermustchangepassword - IncludeallProperties

.NET Framework Limited properties with user objects using Get-QADUser

NET Framework Limited properties with user objects using Get-QADUser Hi! I would need to create list of my users and I was planning to do it with Get-QADUser cmdlet. Unfortunately it seems that these objects have limited amount of properties so I can t select Division as one of the properties for my table (get-qaduser | select-object Name, LogonName, Company, division). Is there any way to query for the division information on each object in the pipeline? I know that Get-QADUser knows the object attribute division because I did a list on certain users just by querying the following: get-qaduser -seachroot 'myad.local' -objectattributes @{company = 'Example';division = 'Example'} Thru WMI or something? . . . and if you PowerShell User Group: http: / / www.get-psuguk.org.uk IcludeAllProperties is a parameter for Get-QADUser? It only returns an error with my console. PS H: \ > Get-QADUser -SearchRoot myad.local / OU' -IncludeAllProperties | format-list Get-QADUser : A parameter cannot be found that matches parameter name 'IncludeAllProperties'. At line:1 char:62

.NET Framework My command works in the PS prompt but not in a script (.ps1) / reg

these variables in the prompt: $var1 = "some" $var2 = "thing" . . . and then run the command: Get-QADUser -SearchRoot myad.local / ou / subou / $var1 / users -sizelimit 0 -IncludedProperties name, sAMAccountName, employeeID, createTimeStamp, division Also, you can simplify your command, merging the two where / select statments into one: Get-QADUser -SearchRoot myad.local / ou / subou / $var1 / users -sizelimit 0 -ip employeeID, createTimeStamp, division | where { $_ a server side search using LDAP filter instead of client side where-object filter: Get-QADUser -SearchRoot myad.local / ou / subou / $var1 / users -sizelimit 0 -ip employeeID, createTimeStamp, division -ldap "(&(division = *$var2)(!division = *test*))" - -- Shay Levy Windows PowerShell http: / / blogs.microsoft.co.il / blogs / ScriptFanatic K> Hi, K> K> If I define these variables in the prompt: K> $var1 = "some K> $var2 = "thing" K> . . . and then run the command: K> Get-QADUser -SearchRoot myad.local / ou / subou / $var1 / users -sizelimit 0 K> -IncludedProperties K> name, sAMAccountName, employeeID Read-Host "Type in the Division name" $filter = "(&(objectcategory = user)(division = *$var1*)(!(name = *test*))" Get-QADUser -SearchRoot myad.local / ou / subou / $var1 / users -sizelimit 0 -ldap $filter It returns: (&(&(objectcategory = user InputObject SideIndicator - -- -- -- -- -- - -- -- -- -- -- -- value = > count < = -K Hi, It didn't seem to have any effect: Get-QADUser : The (&(&(division = *general)(!(name = *test*))(objectClass = *)(objectClass = user)(objectCategory = person)) search filter is invalid. The script looks like this: $filter = "(&(division = *$var2*)(!(name = *test*))" Get-QADUser -SearchRoot myad.local / ou / subou / $var1 / users -sizelimit 0 -ldap $filter -K Hmmh. . . It didn