0

I was looking for a managedby field for AD groups using:

get-adgroup -filter{name -like ‘’}

How about if we have a list of multiple groups using a wild card and we need the "managed by" properties for all of them?

I tried using a txt to store group names (again, all group names have *) and then getting the details, but it doesn’t work.

Get-adgroup 
  -filter{name -like ‘test*’} 
  -properties Name,Description,ManagedBy | 
ForEach-Object{ 
  $user=Get-AdOject $_.ManagedBy 
    -Properties DisplayName,Description,SamAccountName,Name [pscustomobject]@{ 
      GroupName = $_.Name 
      GroupDescription = $_.Description 
      ManagerSamAccountName = $user.SamAccountName 
      ManagerName = $user.Name 
    } 
} | 
Export-csv “ Path” -Notypeinformation

I need to get GroupName, GroupDescription, Managed by (SamAccountName) , Managed by (UserName). Could somebody help me with a script that could extract these details in a CSV format given that a text file would have names of the group for which the above details are required?

Jeremy Caney
  • 7,102
  • 69
  • 48
  • 77
Sharon Juliao
  • 1
  • 1
  • Now I have txt file with groups , so I tried $grouplist = get-content Pathof the txt and foreach ($group in $grouplist) { and added above code – Sharon Juliao Dec 16 '21 at 19:36
  • Use this as reference https://stackoverflow.com/help/formatting. I recommend you to delete the comments and add the code to your question, in addition, answers are meant for that exactly not to ask a new question. – Santiago Squarzon Dec 16 '21 at 19:37
  • @SharonJuliao: I've edited your script into your question. I'm not familiar with the accepted conventions for indenting a PowerShell script, so you should review that. Regardless, I wanted to place it on multiple lines so it's easier to read on Stack Overflow. If you [edit] your question, you can also see how I went about formatting the script. – Jeremy Caney Dec 16 '21 at 20:05
  • Your issue is most likely related to the use of a scriptblock on the `-Filter` parameter. See https://stackoverflow.com/a/70126347/15339544 – Santiago Squarzon Dec 16 '21 at 21:30

1 Answers1

0
#Get all the AD Groups that start with "test" and return the properties we want
$Groups = Get-ADGroup -filter { name -like "test*" } -properties name, description, managedby

foreach ($Group in $Groups) {
    
    $Managers = $Group.Managedby
    
    foreach ($Manager in $Managers) { 
       
        #I don't know if this will work. I don't know what the value of 'Manager' will be, I don't have access to AD.

        #According to "Get-ADGroup -filter {name -like "test*"} -properties name,description,managedby | Get-Member" 
        #it will be a string. You'll need to leverage that string value to Get-ADObject or maybe Get-ADUser
        #to get to the samaccountname.

        #See "Get-ADObject" to find out what data from the $Group.Managedby field you will be able to use.
        
        $ManagerObject = Get-ADObject -Identity $Manager 

        $GroupObjectInfo = [ordered]@{
            'GroupName'             = $Group.Name
            'GroupDescription'      = $Group.Description
            'ManagerSamAccountName' = $ManagerObject.SamAccountName
            'ManagerName'           = "$($ManagerObject.GivenName) " + "$($ManagerObject.Surname)"
        }

        #This will display the output of the object in your console and 
        #allow you to confirm you are indeed collecting the appropriate data
        $GroupObjectInfo 
       
        #Once you know you are collecting the right data, 
        #you'll be in a better position to solve for output
    }
}
Don Boody
  • 3
  • 2
  • Please add some information to your code for better understanding – Saman Salehi Dec 17 '21 at 07:43
  • In the above code I'm grabbing a $Groups object using the stock Windows Get-ADGroup cmdlet. Then I'm looping through each of the Groups in that $Groups object and grabbing the "ManagedBy" value. It's possible there is more than one value in "ManagedBy" so I'm then looping through each of the values in "ManagedBy" and trying to use some of that info (I've pointed out in the code comments where a limitation may be there), in conjunction with the current Group info, to construct a new ordered hashtable called $GroupInfoObject for each of the Groups in my original $Group object. – Don Boody Dec 18 '21 at 19:39
  • What you'll find as probably an unwanted side-effect of my implementation is you'll get a $GroupInfoObject for every $Manager in the group. In other words, if the "Dog Lovers" Group has 2 managers, you'll get output like: `code "GroupName: Dog Lovers GroupDescription: The Description ManagerSamAccountName: mark@globo.com ManagerName: Mark Testname GroupName: Dog Lovers GroupDescription: The Description ManagerSamAccountName: Tim@globo.com ManagerName: Tim Testname" ` – Don Boody Dec 18 '21 at 19:42