query all users part of ad group NON_Company_employees

This topic contains 0 replies, has 1 voice, and was last updated by Profile photo of Forums Archives Forums Archives 5 years, 3 months ago.

  • Author
  • #6289

    by Christopher.Ellis at 2013-02-26 10:06:03

    I want to query Active directory for all users belonging to active directory group Non_company_Employees (255 users out of 5423) and passwordexpired equal true. I used get-aduser for all, would i use get-adgroupmember with the command get-aduser? The comman below is what I composed thus far

    get-aduser -filter * -properties passwordexpired | where-object {$_.PasswordExpired -eq 'True'}

    How do I futher filter the command to query only Non_Company_Employees?

    Thank you

    by kittH at 2013-02-26 11:05:45

    There might be a simpler way, but this should work:

    import-module activedirectory
    $Expiredusers = @()
    $GroupMembers = Get-ADGroupMember 'GroupName'
    Foreach ($Member in $GroupMembers)
    If((Get-ADUser $Member -Properties PasswordExpired).PasswordExpired)
    $ExpiredUsers += $Member

    You will end up with the array $ExpiredUsers filled with all the user objects that were in the group and had expired passwords. You can do whatever you want with it from there, write to the screen or export to a txt file or CSV, or perform some additional logic.

    by Christopher.Ellis at 2013-02-26 11:32:09

    I modified the code accordingly in windows ps iSE Ithen ran the code went to the variable drive, I only had one user, the outcome is wrong, I know there is more than one user within that condition.... I would rather not use ISE adn run it as one continous line in powershell, any other suggestions, from anyone, would be appreciated, I would rather learn powershell via command line and not ISE. once again thank you

    by Christopher.Ellis at 2013-02-26 11:52:38

    I tried the command below, Pressed enter, powershell process about 15 seconds and returned no error, I then ran it again with | ft Name, PasswordExpired, no values returned, no errors, what is powershell doing when no errors occur

    PS C:\> get-adgroupmember 'non_cbs_employees' | where-object {$_.PasswordExpired -eq 'True'}
    PS C:\> get-adgroupmember 'non_cbs_employees' | where-object {$_.PasswordExpired -eq 'True'} | ft Name, PasswordExpired
    PS C:\>

    by kittH at 2013-02-26 11:53:07

    That works fine for me, sorry if it didnt work for you. I like to break it out so it's easier to understand what's going on, but here it is as a one-liner:

    Get-ADGroupMember 'GroupName' | Get-ADUser -Properties PasswordExpired | ? {$_.PasswordExpired}

    Edit: You can see that you were missing the step where you ran "Get-ADUser" to get the object that had a "PasswordExpired" property.

    The results of "Get-ADGroupMember" do not contain a property "PasswordExpired" so none of the objects would have that being true, so showing no results was the correct output.

    by Christopher.Ellis at 2013-02-26 12:14:03

    kittH — THANK YOU — this worked !!!

You must be logged in to reply to this topic.