Get Account Expiration Date of AD account and Manager Name of AD user via PowerShell into CSV

Question

I have a script which is I identify my OU and it searches the OU for AD groups for username, name, email address, AD group name and AD group description and exports this to CSV:

$ou = 'distinguishedName of my OU'
Get-ADGroup -Filter * -SearchBase $ou -Properties 'Description' | ForEach-Object {
   $group   = $_  # just for convenience..
   $members = Get-ADGroupMember $_ | Where-Object { $_.objectClass -eq 'user' }
   foreach($member in $members) {
       $user = Get-ADUser $member -Properties EmailAddress
       [pscustomobject]@{
           SamAccountName = $user.SamAccountName
           Name           = $user.Name
           EmailAddress   = $user.EmailAddress
           GroupName      = $group.Name
           Description    = $group.Description
       }
   }
} | Export-csv C:\Users\Me\Desktop\MyFile.csv -NoTypeInformation

Big thanks to @Theo for this script above!

What I would like to do is to pull off the expiration date of the users also and the managers name of the users.

I have tried to do this via altering script like this :

            SamAccountName = $user.SamAccountName
            Name           = $user.Name
            ExpiryDate     = $user.accountExpires
            EmailAddress   = $user.EmailAddress
            GroupName      = $group.Name
            Description    = $group.Description

This showed the field as blank in the CSV.

Also tried this:

        $user = Get-ADUser $member -Properties EmailAddress, AccountExpirationDate
        [pscustomobject]@{
            SamAccountName        = $user.SamAccountName
            Name                  = $user.Name
            AccountExpirationDate = $user.AccountExpirationDate
            EmailAddress          = $user.EmailAddress
            GroupName             = $group.Name
            Description           = $group.Description

I get this error message:

Get-ADUser : A positional parameter cannot be found that accepts argument '
            SamAccountName = $user.SamAccountName
            Name           = $user.Name
            EmailAddress   = $user.EmailAddress
            ExpiryDate     = $user.AccountExpirationDate
            GroupName      = $group.Name
            Description    = $group.Description
        '.
At C:\Users\ME\File.ps1:6 char:17
+         $user = Get-ADUser $member -Properties EmailAddress, AccountExpirationDa ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-ADUser], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.GetADUser
 
Get-ADUser : A positional parameter cannot be found that accepts argument '
            SamAccountName        = $user.SamAccountName
            Name                  = $user.Name
            EmailAddress          = $user.EmailAddress
            AccountExpirationDate = $user.AccountExpirationDate
            GroupName             = $group.Name
            Description           = $group.Description

I haven't tried to pull off the manager name only but I have seen in Attribute Editor there is an Attribute called "manager" but this contains the name of the manager the OU where his account is located and the domain name. I would like just the managers name please.

Would the manager code be like this:

            SamAccountName = $user.SamAccountName
            Name           = $user.Name
            Manager        = $user.manager
            EmailAddress   = $user.EmailAddress
            GroupName      = $group.Name
            Description    = $group.Description

How would I go about getting the name only of the manager and not the rest of the details.

Santiago Squarzon · Accepted Answer · 2023-03-01T14:52:35.310

There is a typo somewhere in your code that we are not seeing, if you showed the full update it would be easier to see but basically it looks like you're trying to pass the members of your pscustomobject as argument for Get-ADUser. The following should do what you're looking for, there is no need for Get-ADGroupMember in this case.

$ou = 'distinguishedName of my OU'
Get-ADGroup -Filter * -SearchBase $ou -Properties 'Description' | ForEach-Object {
    $params = @{
        LDAPFilter = "(memberOf=$($_.DistinguishedName))"
        Properties = "mail", "manager", "accountExpirationDate"
    }
   
   foreach($member in Get-ADUser @params) {
       [pscustomobject]@{
           SamAccountName = $member.SamAccountName
           Name           = $member.Name
           EmailAddress   = $member.mail
           ExpiryDate     = $member.accountExpirationDate
           Manager        = $member.manager -replace '^CN=|,(OU|CN)=.+$'
           GroupName      = $_.Name
           Description    = $_.Description
       }
   }
} | Export-csv C:\Users\Me\Desktop\MyFile.csv -NoTypeInformation

As aside, what you see as value in the manager attribute in the Attribute Editor is called DistinguishedName.

Thanks for the part of manager but I think I know what I did now I forgot the " when adding " mail", "manager", "accountExpirationDate" — S.Mahmood, Mar 01 '23 at 15:52

Get Account Expiration Date of AD account and Manager Name of AD user via PowerShell into CSV

1 Answers1