Enumerating group memberships of AD users

Question

My boss wants to know group membership of AD users in the company. I have 3000+ users account to manage.

I wanted to write a bit of PowerShell code to get this, but without success.

I'd like to input user list from a .csv file. Its format is:

logindid
first.user
second.user
third.user

Code I currently have:

$path = Split-Path $script:MyInvocation.MyCommand.Path

Import-Module ActiveDirectory

foreach ($UserName in (Import-CSV -Delimiter "`t" -Path $path\users.csv)) {
    $strUserName = Get-ADUser -Filter 'SamAccountName -like "$username.loginid"' |
                   Select-Object Name, SamAccountName
    Add-Content -Path $path\Inventaire.txt -Value $UserName
    $StrUser = Get-ADPrincipalGroupMembership $strUserName |
               select Name >> $path\Inventaire.txt
    $StrUser.MemberOf >> $path\Inventaire.txt
}

I'm trying to get a list of my AD users and which group they are member of (from the Get-ADPrincipalGroupMembership cmdlet). However, it seems the $strUserName variable is empty.

What is the question? Please elaborate on "without success" - what are you *expecting*, what *actually* happens and what have you done to troubleshoot this on your own — Mathias R. Jessen, Jan 26 '17 at 13:46
I added an answer to the duplicate linked by Ansgar. In application to your question, change your Get-ADUser line to `Get-ADUser -Filter "SamAccountName -like '$($username.loginid)'"` (Assuming that your csv uses `loginid` not `logindid`) — BenH, Jan 26 '17 at 14:39
Alas, always the same result. I think that it could be : Get-ADPrincipalGroupMembership : Cannot validate argument on parameter: 'Identity'. The argument is null or empty. I set a Breakpoint to check the value of $strUserName and it seems to be actually empty ... — Wil Muzy, Jan 26 '17 at 15:07

Enumerating group memberships of AD users

0 Answers0