1

I'm new to Powershell and Active directory, but have half of what I want. I'm trying to output the group membership for a list of users. The script does that - but where I'm getting stuck is that I want to list the username (and a comma or some delimiter) next to each line of their membership page so I can do some easier sorting in excel afterwards. I'd like the output to be

user1, mebershipitem1
user1, membershipitem2
user2, membershipitem1 etc.

Right now I just get

user1
membershipitem1
membershipitem2

user2
membershipitem1 etc.

$myDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$users = Get-Content $srcfilename

$users | ForEach-Object{
$_ | Out-File $outfilename -Append

foreach ($domain in $myDomain.Forest.Domains) 
{
$output = Get-ADPrincipalGroupMembership $_ -server $domain.name | Get-ADGroup -Properties * | select name
}

#Trying to append the username at the beginning of each line of their membership, doesn't work properly
$output = $output | Out-String
$output | foreach-object {$_ + "blah"}
$output | Out-File $outfilename -Append
$output = ''
}
gophermobile
  • 13
  • 3

2 Answers2

1

The .memberof property can give you group membership of a user without having to call another cmdlet. Also rather than messing around with output formatting you can create an array of powershell objects, with this it's easy to output how you like or export to csv.

$col = @()
foreach($user in (Get-ADUser -filter * -Properties memberof )) {
    $user.memberof | %{ 
        $object = [PSCustomObject]@{ 
          Name = $user.name 
          Group = (Get-ADGroup $_ ).name           
        } 
        $col+=$object
    }
}
$col 
$col | Export-Csv -NoTypeInformation c:\somefile.csv

Powershell v3 code, also assumes there is always at least group membership per user, which is a safe assumption imo.

RM1358
  • 308
  • 1
  • 2
  • 9
  • Dont over do the properties with `-Properties *` you are calling back _a lot_ that you are not using. Should just be `-Properties memberof` in this case – Matt Feb 02 '15 at 21:17
  • I get the following when I run your code, is something missing? cmdlet Get-ADUser at command pipeline position 1 Supply values for the following parameters: (Type !? for Help.) Filter: !? – gophermobile Feb 02 '15 at 22:34
  • Also, the reason I had my funky loop before was that it's possible for the users to be in different domains, is there a similar way to search multiple domains with your code? Thanks! – gophermobile Feb 02 '15 at 22:37
  • needed `-filter * ` to get all domain users. corrected this. Get-Aduser can be used on different domains – RM1358 Feb 02 '15 at 23:06
0

The other answer is most likely a better approach ( Read my comment about *). On the off chance you only have PowerShell 2.0 or if this script is only a smaller part of the picture I wanted to show an approach using your current code logic.

$users | ForEach-Object{
    $singleUser = $_ 

    foreach ($domain in $myDomain.Forest.Domains) 
    {
        Get-ADPrincipalGroupMembership $_ -server $domain.name | Get-ADGroup -Properties * | select -expand name | ForEach-Object{
            "$singleUser,$_"
        }
    }
} | Add-Content $outfilename

Lots of loops here but all we do is take the $singleUser and add it to the output line that we have to iterate over each group member. Add-Content will also outperform Out-File and appends by default.

Matt
  • 45,022
  • 8
  • 78
  • 119