List AD Groups, members, count of AD membership per person of specific AD Groups

Welcome Forums General PowerShell Q&A List AD Groups, members, count of AD membership per person of specific AD Groups

Viewing 6 reply threads
  • Author
    Posts
    • #222216
      Participant
      Topics: 1
      Replies: 2
      Points: -4
      Rank: Member

      Dear PowerShell.org community 

      This is my first post, so hopefully I have not missed anything. 

      I have hit brick wall on the next step to troubleshoot.

      In a nut shell what I am trying to achieve is to list Active Directory Group Name that starts with the prefix of AXCH (as an example) list the username\members in these Active Directory Groups and finally the count of many AD Group membership per person\user for AD groups starting with the prefix of AXCH.   (AXCH is a made up example)

      Some of the script is working, and getting the result I need it is just the final part, of getting the count command to work to count how many AD groups per individual user is a member of any AD group starting with the name of AXCH.

      Below is the script

      $adgroups = Get-ADGroup -Filter {name -like "*AXCH*"}  
       
      $data = foreach ($adgroup in $adgroups) {
          $members = $adgroup | get-adgroupmember -Recursive  
          foreach ($member in $members) {
              [PSCustomObject]@{
                  Group = $adgroup.name
                  NumberofMembersinADGroup = ($members.DistinguishedName).count
                  Members = $member.name
                  NumberofGroupsUserMemberOf = ($member.DistinguishedName).count                   
                          }    
                 }
      }
           
      $data  
      
      

      So what this script s doing is from the top, find AD group that match\begin with the name of AXCH (made up name), then using the variable of $adgroups use a “for each” command to find nested ad groups and members.

      The script is working up to a point and I can export to the screen or into a CSV file.  The problem I am facing if the line highlighted in RED also pasted below

      NumberofGroupsUserMemberOf = ($member.DistinguishedName).count
      
      

      Basically I thought by using the command, would count how many AD groups per individual user is a member of any AD group starting with the name of AXCH.

      Instead the command returns the count value of 1. Which I guess when I think about makes sense as it is counting the member  name of the AD groups starting with AXCH and you can only have one AD account with the same name in one group.  Which is perhaps I am thinking I need to do a different command, hence why I am making my first post in here.

      So to clarify for example made up username called “Joe blogs” exist in several AD groups that have the prefix of AXCH (again made up AD group name) so he is a member of AXCH-1 \ AXCH-2 \ AXCH-3 & AXCH-4 what I would like is for a command to count those 4 AD groups and give me a return value of 4 against his user name, as he is a member of 4 AD groups.

      At the moment my scripts returns the value of 1 even though he is a member of multiple AD groups.

      If anyone could help with a command I could add to my script, or if I have to create a new script all together just so I can create a report that list the AD Group, the individual member\username, and then count value of how many AD Groups membership per member for AD groups starting with the prefix of AXCH

      Many Thanks for taking the time to read this post.

      Best

      Paul

       

    • #222282
      Participant
      Topics: 4
      Replies: 2249
      Points: 5,494
      Helping Hand
      Rank: Community MVP

      Paul, welcome to Powershell.org.

      If I got it right it might be better/easier to run 2 separate queries to get the info you’re after.

      $Pattern = '*AXCH*'
      $ADGroupList = Get-ADGroup -Filter "name -like '$Pattern'" 
       
      $GroupStatistics = 
      foreach ($ADGroup in $ADGroupList) {
          $MemberList = Get-ADGroupMember -Identity $ADGroup.sAMAccountName  -Recursive | Where-Object {$_.objectClass -eq 'user'}
              [PSCustomObject]@{
                  ADGroup                      = $ADGroup.name
                  ADGroupMemberCount   = ($MemberList.DistinguishedName).count
                  ADGroupMemmberList = $MemberList.sAMAccountName -join ','
          }
      }
      $GroupStatistics | Format-Table -AutoSize # -Wrap
      
      
      $UniqueMemberList = $GroupStatistics.ADGroupMemmberList | foreach-object { $_ -split ',' } | Sort-Object -Unique
      $GroupMemberStatistics = 
      foreach ($Member in $UniqueMemberList) {
          $ADUser = Get-ADUser -Identity $Member -Properties MemberOf
          [PSCustomObject]@{
              ADUser = $ADUser.name
              ADGouprCount = ($ADUser.MemberOf | Where-Object { $_ -match $Pattern }).count
          }
      }
      $GroupMemberStatistics | Format-Table -AutoSize
    • #222399
      Participant
      Topics: 1
      Replies: 2
      Points: -4
      Rank: Member

      Hi Olaf

      Firstly thank you very much for taking the time to read and reply to my post, it is much appreciated, I am definitely further then I was, and enjoyed understanding how you would script something.

      Hit a problem with the final part of the script for the line

      ADGouprCount = ($ADUser.MemberOf | Where-Object { $_ -match $Pattern }).count
      

      It gives the following error message when the script run as a whole

       parsing "*EXCH*" - Quantifier {x,y} following nothing.
      At line:23 char:59
      + ... Count = ($ADuser.MemberOf | Where-Object { $_ -match $Pattern }).coun ...
      +                                                ~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : OperationStopped: (:) [], ArgumentException
          + FullyQualifiedErrorId : System.ArgumentException
      

      So EXCH is the filter I am using for the variable for $Pattern to find AD Groups that begin with EXCH. All the other parts of the scripts work fine and gets the results needed.

      From the trouble shooting I have done so far is if I change the command below to just use .count I get further and it actually count each user ad group members but for All AD groups not just ones that start with EXCH.

         
      ADGouprCount = $ADuser.MemberOf.Count
      

      It seems to not like the variable of $Pattern if I change the command to use the below command, it run without error but I get no AD group Count.

       ADGouprCount = ($ADUser.MemberOf | Where-Object { $_ -match $ADGroupList }).count 
      

      I find it a bit odd as the first section of the script runs for the $GroupStatistics section, which uses that variable of $Pattern so it is unclear why it fails to use this variable for the second part of the script.

      So to re-iterate the only part that is failing in the script is getting the ADGroupCount for specific groups that start with EXCH

      Is there anything you can suggest \ troubleshooting steps \ alternative command.

      Many thanks

      Paul

    • #222402
      Participant
      Topics: 4
      Replies: 2249
      Points: 5,494
      Helping Hand
      Rank: Community MVP

      Paul, … sorry .. stupid me.

      Of course I tested the code but of course with another pattern. One that could provide results in my environment. Then I copied the code here and just changed it to fit your need by just taking your pattern. When you use the operator -match then you’re using regular expressions and for regular expressions the asterisk (*) is a special charachter. And you your case we actually do not need it at all. So try to change your pattern to be ‘EXCH’ instead of ‘*EXCH*’ and it should work (I hope).

    • #222408
      Participant
      Topics: 4
      Replies: 2249
      Points: 5,494
      Helping Hand
      Rank: Community MVP

      I’m afraid to edit my already existing post because they often get blocked when editted again. So here an additional explanation.

      As I mentioned the asterisk (*) is a special charachter when it comes to regular expressions. In particular it means “whatever comes before the asterisk should appear 0 or more times”. So it’s shorthand for the quantifier “{0,}

      In your case there is nothing before the asterisk. That’s why the error “… Quantifier {x,y} following nothing.” raises.

      If you like to read more about regular expressions – here is a good place to start: https://www.regular-expressions.info

    • #222465
      Participant
      Topics: 1
      Replies: 2
      Points: -4
      Rank: Member

      Hi Olaf

      Many Thanks for your reply, that did the trick able to produce the report I needed.

      Also thank you for the providing documentation on regular expressions \ study material as that was going to be my next question.

      Are there any good online courses \ websites \ books you recommend to learn power shell?

      I am currently going through online courses by Don Jones \ Jeff Hicks \ Michael Bender. It is helping but would you recommend any sites \ material that really help you get to your level \ anything you would recommend?

      Many Thanks Again

      Paul

    • #222477
      Participant
      Topics: 4
      Replies: 2249
      Points: 5,494
      Helping Hand
      Rank: Community MVP

      I am currently going through online courses by Don Jones \ Jeff Hicks \ Michael Bender. It is helping but would you recommend any sites \ material that really help you get to your level \ anything you would recommend?

      I work with Powershell for about 13 years now. The most experience comes with time. For beginners I usually recommend the beginner video course with Jeffrey Snover but I think your level is already above that. A free book to look something up if needed could be this: Windows PowerShell™ 4: TFM. I think the best way to get better is practice practice practice. 😉

Viewing 6 reply threads
  • You must be logged in to reply to this topic.