0

i'm trying to find all users that belong to the group "Windows". i want to display their id, last name, first name.

desired output format:

    Windows Users,1234567,John,Doe
    Windows Administators,7654321,Jane,Doe

this one-liner does do more less what i want but i need to modify the parameter identity everytime from "Windows Users" to "Windows PowerUsers" to "Windows Administrators" etc.

example:

Get-ADGroupMember -identity "Windows Users" -Recursive | Get-ADUser | select SamAccountName, Surname, GivenName

so i attempted to put it all together by but it's giving me errors. 

$ADGroups = Get-ADGroup -Filter {name -like "Windows*"} 

foreach ($ADGroup in $ADGroups) {
    Get-ADGroup -filter {Name -eq $ADGroup.Name} | Get-ADGroupMember -identity 
    $ADGroup.Name -Recursive | Get-ADUser | select SamAccountName, Surname, GivenName
 }

any ideas will be greatly appreciated. i can't figure out how to capture all users that belong to the group Windows* such as "Windows Users" to "Windows PowerUsers" to "Windows Administrators" etc

note: i looked into this but it's not quite what i'm looking for Powershell script to display all Users in a Group AD

thank you.

user2585000
  • 113
  • 1
  • 9
  • 1
    Are you sure you need "Get-ADGroup -filter {Name -eq $ADGroup.Name} |" inside your foreach loop? – Mike Twc Oct 24 '18 at 02:20
  • lol thnx but that's exactly my problem. not sure what's needed or if the whole block is wrong – user2585000 Oct 24 '18 at 02:24
  • It doesnt seem to do anything usefull. LIke you getting group object by group name of that group :) Btw, is $ADGroups.Name array of strings? – Mike Twc Oct 24 '18 at 02:33
  • yes my idea was to put all the groups in an array, then from that array look for the users that belong to that group. perhaps even the code block from the foreach loop is wrong – user2585000 Oct 24 '18 at 02:47
  • 1
    Assuming you one-liner works, this should work as well: foreach($grp in @("Windows Users", "Windows PowerUsers", "Windows Administators")) { Get-ADGroupMember -identity $grp -Recursive | Get-ADUser | select SamAccountName, Surname, GivenName }. If it work replace my array with $ADGroups.Name from your post. What errors are you getting – Mike Twc Oct 24 '18 at 03:01

2 Answers2

2

Your example is a good start.

Try this one. It should do the job:

Get-ADGroup -Filter {name -like "Windows*"} | foreach {
    $currentGroup = $_.Name
    $_ | Get-ADGroupMember | foreach {
        $_ | Get-ADUser | select @{name="Group"; expression={ $currentGroup }}, SamAccountName, Surname, GivenName
    }
 }
TobyU
  • 3,718
  • 2
  • 21
  • 32
  • thank you, that worked. i only modified @{name="Group" to @{name="GroupName" – user2585000 Oct 24 '18 at 20:04
  • what is the syntax for multiple groups? something like this? Get-ADGroup -Filter {name -like "Windows*" and "Linux*" and "UNIX"} – user2585000 Nov 03 '18 at 00:54
  • 1
    @user2585000 That would be like: -Filter {name -like "Windows*" -and name -like "Linux*" -and name -like"UNIX"} – TobyU Nov 05 '18 at 06:58
1

I don't have my access to AD at the moment, but i would give this a try

get-aduser -filter {memberof -like "Windows*"} -property samaccountname,surname,givenname,memberof | select samaccountname,surname,givenname

OR you could try this inside your original foreach loop...

get-adgroup -filter {name -eq $adgroup.name} | select -expand members | get-aduser $_ | select samaccountname,surname,givenname

I can't remember what "members" produces, I believe it is samaccountname if not you could add an ldap filter to get-aduser -filter {whatever -eq $_}

Robert Cotterman
  • 2,213
  • 2
  • 10
  • 19