ActiveDirectory find all groups a user is member off

Welcome Forums General PowerShell Q&A ActiveDirectory find all groups a user is member off

This topic contains 8 replies, has 5 voices, and was last updated by

 
Participant
2 months, 1 week ago.

  • Author
    Posts
  • #165295

    Participant
    Topics: 5
    Replies: 7
    Points: 46
    Rank: Member

    Hi

    I can succesfully export a list from a given adgroup to csv

    Get-AdGroupMember -identity "Office365" | select samaccountname |export-csv -path c:\output\office_teams_sam.csv -NoTypeInformation

    now I want to use this list to search through AD to find other groups where they are member of

    only I don't know how this is done can you help me out please

     

  • #165298

    Senior Moderator
    Topics: 8
    Replies: 1043
    Points: 3,454
    Helping Hand
    Rank: Community Hero

    almost there,

    You can iterate through each element in CSV and do a Get-ADUser on each name with -Properties memberof

    # below code inside Foreach 
    Get-ADUser $CurrentUser.samaccountname -Properties memberof | Export-CSv -Path  -NoTypeInformation
    
  • #165313

    Participant
    Topics: 5
    Replies: 7
    Points: 46
    Rank: Member

    Hi I still get an error here

    
    $OfficeTeamsUser = Import-Csv -Path C:\output\office_teams_sam.csv
    foreach ($CurrentUser in $OfficeTeamsUser){
    Get-ADUser $CurrentUser.SamAccountName -Properties memberof |Export-csv -path C:\Temp\output.csv -NoTypeInformation
    }

    when I use samaccountname I get this error
    Get-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Provide a valid value for the argument, and then try running the command again.
    At line:3 char:12
    + Get-ADUser $CurrentUser.SamAccountName -Properties memberof |Export-c ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser

    when I use $CurrentUser.name I get only 1 entry in my Csv

     

  • #165325

    Senior Moderator
    Topics: 8
    Replies: 1043
    Points: 3,454
    Helping Hand
    Rank: Community Hero

    make sure there is a value in $CurrentUser.SamAccountname

    • #165337

      Participant
      Topics: 5
      Replies: 7
      Points: 46
      Rank: Member

      I've got 1 column in my CSV with header and from row 2 all the users
      "SamAccountName"
      "dally"

       

      by preference I would like to search through 5 different office groups (group 1 to 5) search for all the users in there. these need to be exported to a csv file with

      1colum with the username and the second with all the groups he's member of example

      "dally","Office365", "Office365_Admins"

      thanks for your help

  • #165361

    Participant
    Topics: 4
    Replies: 10
    Points: 75
    Rank: Member

    I ran across this not too long ago.  I don't think this is the original post I used but should work:
    https://techibee.com/active-directory/powershell-how-to-get-all-the-ad-groups-current-user-belongs/1672

  • #165481

    Participant
    Topics: 3
    Replies: 4
    Points: 18
    Rank: Member

    Hello,

    Is did like this, is this ok?

    This my first post, where I have included code, I hope this ok..

    $result = @()
    $OfficeTeamsUsers = Get-AdGroupMember -identity "Office365" | select samaccountname
    
    foreach($user in $OfficeTeamsUsers) {
        $memberof = Get-ADUser $User.samaccountname -Properties memberof 
    
        $table = New-Object psobject
        $table | Add-Member -NotePropertyName "samaccountname" -NotePropertyValue $User.samaccountname
        $table | Add-Member -NotePropertyName "memberof" -NotePropertyValue $memberof
    
       $result += $table
       $table = $null
    }
    
    $result | Export-CSv -Path C:\Temp\output.csv -NoTypeInformation
  • #165484

    Participant
    Topics: 3
    Replies: 4
    Points: 18
    Rank: Member

    Hello,

    Is did like this, is this ok?

    This my first post, where I have included code, I hope this ok..

    $result = @()
    $OfficeTeamsUsers = Get-AdGroupMember -identity "Office365" | select samaccountname
    
    foreach($user in $OfficeTeamsUsers) {
        $memberof = Get-ADUser $User.samaccountname -Properties memberof 
    
        $table = New-Object psobject
        $table | Add-Member -NotePropertyName "samaccountname" -NotePropertyValue $User.samaccountname
        $table | Add-Member -NotePropertyName "memberof" -NotePropertyValue $memberof
    
        $result += $table
        $table = $null
    }
    
    $result | Export-CSv -Path C:\Temp\output.csv -NoTypeInformation
  • #165676

    Participant
    Topics: 2
    Replies: 999
    Points: 1,946
    Helping Hand
    Rank: Community Hero

    Don't over think this. This is a very common daily thing. Really a PowerShell ADDS 101 thing.

    There are already pre-built scripts on the MS powershellgallery.com for this use case and more. AS well as all over the internet.

    https://www.powershellgallery.com/packages?q=%27group+member%27

    See also:

    Find Circular Nested Groups
    PowerShell script to find any instances of Circular Nested Groups in the domain.
    https://gallery.technet.microsoft.com/scriptcenter/fa4ccf4f-712e-459c-88b4-aacdb03a08d0

    Get nested group membership – function
    This function will recursively enumerate members of a given group along with nesting level and parent group information. If there is a circular membership, it will be displayed in Comment column.It accepts input from pipeline and works well with get-adgroup.
    https://gallery.technet.microsoft.com/scriptcenter/Get-nested-group-15f725f2

    It also could be as simple as this...

    Get-ADUser userName –Properties MemberOf).MemberOf

    Or even as simple as this..

    Get-ADPrincipalGroupMembership username | select name

     

    If you really want to get elegant about this... then see this...

    http://vcloud-lab.com/entries/active-directory/powershell-active-directory-list-complete-hierarchy-of-upstream-nested-groups-recursively-of-user

    http://www.vcloud-lab.com/entries/active-directory/powershell-active-directory-show-treeview-of-user-or-group-memberof-hierarchy

    https://social.technet.microsoft.com/Forums/office/en-US/1fda5252-bd0f-4615-8238-cf08537b741f/powershell-list-active-directory-group-hierarchy

     

     

     

     

     

     

You must be logged in to reply to this topic.