I am trying to write a script to look at users and what AD groups they are part of, looking for a specific group that has multiple "sub groups". example VPN-GRP-ONE, VPN-GRP-TWO, VPN-GRP-THREE....
tried using some stuff I found on a few demos but its not working right as it wants the ActiveDirectory module imported to use get-aduser and we are not allowed to install new modules we dont already have. (I dont have ActiveDirectory in my available modules)
I was trying to use:
$list1 = C:\Users\MrAoxx\Documents\List1.txt
foreach ($_ in $list1) {
net user $_ /domain}
I was hoping for ouput that I could then take the next step to piping that to a new text file and begin stripping what I needed out of it to get just the AD group names I was looking for ie: ONE, TWO, THREE. But all its doing is opening the txt file and nothing else.
I see you have accepted an answer already, yet, here are other approaches to maybe ease this kind of effort for you. So, as for this ...
--- '(I dont have ActiveDirectory in my available modules)' ---
--- we are not allowed to install things ---
... and do you even need to actually install / enable them on your system to use them. This is what Implicit PSRemoting is for, and or using the built-in .Net namespace or adsisearcher.
How to us either of them:
Use PowerShell Active Directory Cmdlets Without Installing Any Software
Enter-PSSession -ComputerName dc1 –credential nwtraders\administrator
Set-Location c:\
Import-Module activedirectory
Powershell Remote Use of Module Commandlets (Remoting Import-Module)
# Create a Powershell remote session to a server with the #commandlets installed.
$Session = New-PSsession -Computername Server1
# Use the newly created remote Powershell session to send a #command to that session
Invoke-Command -Command {Import-Module ActiveDirectory} -Session $Session
# Use that session with the modules to add the available
# commandlets to your existing Powershell command shell with a
# new command name prefix.
Import-PSSession -Session $Session -Module ActiveDirectory -Prefix RM
Working with Active Directory using PowerShell ADSI adapter
# Searching for an object
$Searcher = New-Object DirectoryServices.DirectorySearcher
$Searcher.Filter = '(&(objectCategory=person)(anr=gusev))'
$Searcher.SearchRoot = 'LDAP://OU=Laptops,OU=Computers,DC=contoso,DC=com'
$Searcher.FindAll()
This wasn't fun but here you go - note that it is absolutely possible that long enough group names will get truncated:
Get-Content C:\Users\MrAoxx\Documents\List1.txt | Foreach-Object {
$partOfGroups = ( ( net user $_ /domain | select-string '\*' | out-string ).Trim() -split "`r`n" ) |
Foreach-Object { $_.Substring(29).Trim() -split '\*' } |
Where-Object { -Not [String]::IsNullOrWhiteSpace($_) }
# You can look for specific groups in $partOfGroups if that user is part
# of any particular group, and process for that user here.
}
I'll step you through how this works:
net user
output for the current user read from the file *
character. This fancypants parsing is why you should opt for installing RSAT tools. Here's how you would do it with Get-ADUser
:
Get-Content C:\Users\MrAoxx\Documents\List1.txt | Foreach-Object {
$groups = ( ( Get-ADUser $_ -Property MemberOf ).MemberOf | Get-AdGroup ).Name
# Process here
}
$list1 = get-content 'C:\Users\MrAoxx\Documents\List1.txt'
foreach ($_ in $list1) {
net user $_ /domain >> C:\Users\MrAoxx\Documents\FullList.txt}
This worked the way I needed it to, thanks to @LotPings for the answer.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.