Script to Output ADUser, Group, and Enabled to CSV

This topic contains 2 replies, has 2 voices, and was last updated by  nicomen 3 months, 2 weeks ago.

  • Author
    Posts
  • #97712

    nicomen
    Participant

    Hi all!

    I'm trying to put together a script that grabs all enabled users from AD and the respective groups of which they are a member. Finally, I would like to have the output go to a CSV.

    I found this script which appears to do what I am looking for, but the output is non-existent; the file is blank. I guess the good thing is there are no errors.

    $DateTime = Get-Date -f "yyyy-MM"
    
    Get-ADGroup  -filter "enabled -eq 'true'"| Foreach-Object{
    $Grp = $_ | Select Name, GroupCategory, Groupscope
    $users = Get-ADGroupMember $_ |get-aduser  -filter "enabled -eq 'true'" |select Name
    
            New-Object -TypeName PSObject -Property @{
            member =      $Users.Name
            GroupName =   $grp.name
            Groupscope =  $grp.GroupScope
            GRPCategory = $grp.GroupCategory
        }
    
    
    } |select Member,Groupname,Groupscope,Grpcategory| Export-Csv "C:\Scripts\Output\AD_Groups_and_Users $DateTime.csv" -NoTypeInformation

    I must mention that I am very green to PS and have no clue as to how to modify a script other than basic things.

    Please help!

  • #97752

    Don Jones
    Keymaster

    You've got a couple of things going on.

    $users and $grp both contain _multiple objects_. You need to enumerate those, in ForEach loops, so that you can work with just one thing at a time. "$Users" technically doesn't have a name property; each object WITHIN it does, so you ned to get to those.

    Also, your Select-Object bits are completely unnecessary.

    Finally, CSV files are flat files. They're meant to contain one entity per line. What you're trying to do is include one user entity and multiple group entities per line. That's not what CSV files are meant for, unfortunately. So if you're going to do this, you're going to have to find a way to "delimit" the list of groups, like putting a pipe between each name, so they can live within a single "column." FWIW, I see people do this ALL THE TIME and it just creates a very hard-to-work0with output. If you were doing this right, you'd want TWO CSV files. One with user info, and another with one line for each username/group combination.

    I suspect this might be easier to do if you got all the users, enumerated them, and then used their MemberOf property to figure out which groups they were in. As-is, getting all the groups and then the users in them is going to create a big, ugly cartesian set on you.

  • #97777

    nicomen
    Participant

    Best advice ever. Thank you!

You must be logged in to reply to this topic.