ActiveDirectory find all groups a user is member off

Welcome Forums General PowerShell Q&A ActiveDirectory find all groups a user is member off

Viewing 7 reply threads
  • Author
    Posts
    • #165295
      Participant
      Topics: 30
      Replies: 74
      Points: 401
      Rank: Contributor

      Hi

      I can succesfully export a list from a given adgroup to csv

      Get-AdGroupMember -identity "Office365" | select samaccountname |export-csv -path c:\output\office_teams_sam.csv -NoTypeInformation

      now I want to use this list to search through AD to find other groups where they are member of

      only I don’t know how this is done can you help me out please

       

    • #165298
      Senior Moderator
      Topics: 8
      Replies: 1215
      Points: 4,335
      Helping Hand
      Rank: Community Hero

      almost there,

      You can iterate through each element in CSV and do a Get-ADUser on each name with -Properties memberof

      # below code inside Foreach 
      Get-ADUser $CurrentUser.samaccountname -Properties memberof | Export-CSv -Path <csv_path> -NoTypeInformation
      
    • #165313
      Participant
      Topics: 30
      Replies: 74
      Points: 401
      Rank: Contributor

      Hi I still get an error here

      
      $OfficeTeamsUser = Import-Csv -Path C:\output\office_teams_sam.csv
      foreach ($CurrentUser in $OfficeTeamsUser){
      Get-ADUser $CurrentUser.SamAccountName -Properties memberof |Export-csv -path C:\Temp\output.csv -NoTypeInformation
      }

      when I use samaccountname I get this error
      Get-ADUser : Cannot validate argument on parameter ‘Identity’. The argument is null. Provide a valid value for the argument, and then try running the command again.
      At line:3 char:12
      + Get-ADUser $CurrentUser.SamAccountName -Properties memberof |Export-c …
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
      + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser

      when I use $CurrentUser.name I get only 1 entry in my Csv

       

    • #165325
      Senior Moderator
      Topics: 8
      Replies: 1215
      Points: 4,335
      Helping Hand
      Rank: Community Hero

      make sure there is a value in $CurrentUser.SamAccountname

      • #165337
        Participant
        Topics: 30
        Replies: 74
        Points: 401
        Rank: Contributor

        I’ve got 1 column in my CSV with header and from row 2 all the users
        “SamAccountName”
        “dally”

         

        by preference I would like to search through 5 different office groups (group 1 to 5) search for all the users in there. these need to be exported to a csv file with

        1colum with the username and the second with all the groups he’s member of example

        “dally”,”Office365″, “Office365_Admins”

        thanks for your help

    • #165361
      Participant
      Topics: 5
      Replies: 12
      Points: 93
      Rank: Member

      I ran across this not too long ago.  I don’t think this is the original post I used but should work:
      https://techibee.com/active-directory/powershell-how-to-get-all-the-ad-groups-current-user-belongs/1672

    • #165481
      Participant
      Topics: 4
      Replies: 5
      Points: 38
      Rank: Member

      Hello,

      Is did like this, is this ok?

      This my first post, where I have included code, I hope this ok..

      $result = @()
      $OfficeTeamsUsers = Get-AdGroupMember -identity "Office365" | select samaccountname
      
      foreach($user in $OfficeTeamsUsers) {
          $memberof = Get-ADUser $User.samaccountname -Properties memberof 
      
          $table = New-Object psobject
          $table | Add-Member -NotePropertyName "samaccountname" -NotePropertyValue $User.samaccountname
          $table | Add-Member -NotePropertyName "memberof" -NotePropertyValue $memberof
      
         $result += $table
         $table = $null
      }
      
      $result | Export-CSv -Path C:\Temp\output.csv -NoTypeInformation
    • #165484
      Participant
      Topics: 4
      Replies: 5
      Points: 38
      Rank: Member

      Hello,

      Is did like this, is this ok?

      This my first post, where I have included code, I hope this ok..

      $result = @()
      $OfficeTeamsUsers = Get-AdGroupMember -identity "Office365" | select samaccountname
      
      foreach($user in $OfficeTeamsUsers) {
          $memberof = Get-ADUser $User.samaccountname -Properties memberof 
      
          $table = New-Object psobject
          $table | Add-Member -NotePropertyName "samaccountname" -NotePropertyValue $User.samaccountname
          $table | Add-Member -NotePropertyName "memberof" -NotePropertyValue $memberof
      
          $result += $table
          $table = $null
      }
      
      $result | Export-CSv -Path C:\Temp\output.csv -NoTypeInformation
    • #165676
      Participant
      Topics: 2
      Replies: 1013
      Points: 2,093
      Helping Hand
      Rank: Community Hero

      Don’t over think this. This is a very common daily thing. Really a PowerShell ADDS 101 thing.

      There are already pre-built scripts on the MS powershellgallery.com for this use case and more. AS well as all over the internet.

      https://www.powershellgallery.com/packages?q=%27group+member%27

      See also:

      Find Circular Nested Groups
      PowerShell script to find any instances of Circular Nested Groups in the domain.
      https://gallery.technet.microsoft.com/scriptcenter/fa4ccf4f-712e-459c-88b4-aacdb03a08d0

      Get nested group membership – function
      This function will recursively enumerate members of a given group along with nesting level and parent group information. If there is a circular membership, it will be displayed in Comment column.It accepts input from pipeline and works well with get-adgroup.
      https://gallery.technet.microsoft.com/scriptcenter/Get-nested-group-15f725f2

      It also could be as simple as this…

      Get-ADUser userName –Properties MemberOf).MemberOf

      Or even as simple as this..

      Get-ADPrincipalGroupMembership username | select name

       

      If you really want to get elegant about this… then see this…

      http://vcloud-lab.com/entries/active-directory/powershell-active-directory-list-complete-hierarchy-of-upstream-nested-groups-recursively-of-user

      http://www.vcloud-lab.com/entries/active-directory/powershell-active-directory-show-treeview-of-user-or-group-memberof-hierarchy

      https://social.technet.microsoft.com/Forums/office/en-US/1fda5252-bd0f-4615-8238-cf08537b741f/powershell-list-active-directory-group-hierarchy

       

       

       

       

       

       

Viewing 7 reply threads
  • The topic ‘ActiveDirectory find all groups a user is member off’ is closed to new replies.