stackoom
  简体   繁体   中英

Get user members of nested AD groups and their info

 原文  2013-09-27 09:32:45       windows/ powershell/ active-directory

Question

I have an AD group "Office-Users" in winch different departments user groups are member. Finance-dep holding all users in finance, and Finance-dep are member of Office-Users group and so on.

I like to have all users of the nested groups exported to csv with some more info per user.

I've got all the users out like this: 

Get-ADGroupMember Office-Users | where{$_.ObjectClass -eq "Group"} | %{Write $_.Name;Get-ADGroupMember $_}

But it only returns name, SamAccountName, distinguishedName etc.

I miss the Description, lastLogonTimestamp, whenCreated, Enabled/Disabled for the users, so I can check who is using Office.

Is there a simple way to to this?

I already using this to export all users and their status/info, but it's not based on the Office group. I've tried to modify it, but I failed :) 

$alist = "Name`tAccountName`tDescription`tLastLogonTimestamp`tCompany`twhenCreated`tAcctEnabled`tGroups`n"
$userlist = Get-ADUser -Filter * -Properties * | Select-Object -Property Name,SamAccountName,Description,lastLogonTimestamp,Company,whenCreated,Enabled,MemberOf | Sort-Object -Property Name
$userlist | ForEach-Object {
$grps = $_.MemberOf | Get-ADGroup | ForEach-Object {$_.Name} | Sort-Object
$arec = $_.Name,$_.SamAccountName,$_.Description,[datetime]::FromFileTime($_.lastLogonTimestamp).ToString('d MMMM yyyy'),$_.Company,$_.whenCreated,$_.Enabled
$aline = ($arec -join "`t") + "`t" + ($grps -join "`t") + "`n"
$alist += $aline
}
$alist | Out-File C:\temp\ADUsers.csv

/Kim

2 answers

solution1
 0  2013-09-27 20:16:24

How about changing that first line to this? 

Get-ADGroupMember Office-Users | where{$_.ObjectClass -eq "Group"} | %{Write $_.Name;Get-ADUser (Get-ADGroupMember $_) -properties *}

Now you have all properties for the users in those groups, and can selectively display whichever properties you care about.

solution2
 0 ACCPTED  2013-09-30 07:01:58

Got this to work: 

$alist = "Name`tAccountName`tDescription`tLastLogonTimestamp`tCompany`twhenCreated`tAcctEnabled`n"
$userlist = Get-ADGroupMember Office-Users -Recursive | Get-ADUser -properties * | Select-Object -Property Name,SamAccountName,Description,lastLogonTimestamp,Company,whenCreated,Enabled | Sort-Object -Property Name
$userlist | ForEach-Object {
$arec = $_.Name,$_.SamAccountName,$_.Description,[datetime]::FromFileTime($_.lastLogonTimestamp).ToString('HH:mm d MMMM yyyy'),$_.Company,$_.whenCreated,$_.Enabled
$aline = ($arec -join "`t") + "`t" + "`n"
$alist += $aline
}
$alist | Out-File C:\temp\Office-users.csv

Thank you :)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to modify Get-ADGroupMember to run for multiple groups from csv, to replace nested groups with members of the said groups Creating list of user's groups and nested groups in VBScript AD get logged in user ip from username EventLog Auditing AD Get User IP How to get all the SIDs of the groups of a current user Windows batch commands to get user info VBScript - Retrieving a user's nested groups and getting rid of repetitions Copy Groups from one user to another in AD, except one specific group How to get the dynamic user groups of the active windows user? C# Web API with Windows Authentication - Get Local Windows Users Groups with readable group name- No AD
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM