Skip to main content

Powershell: Get All AD Group Members


Purpose: This script requires the RSAT tools to work. It connects to AD and gets all groups and users within each group and outputs to a csv file. It can also get single groups and display/exports the results.


###################################
#Tony Unger - Get Group members
#12/12/2013
#1.0
###################################

Import-Module activedirectory

do {
  cls
$response = "N"
$ExportPath = "c:\temp\AD_GroupMemberofQuery.csv"
$myCol = @()

[int]$xMenuChoiceA = 0
while ( $xMenuChoiceA -lt 1 -or $xMenuChoiceA -gt 4 ){
Write-host "Active Directory Group Member Reporting" -foregroundcolor "magenta"
Write-host "1. Specifiy a Group"
Write-host "2. All Groups"
Write-host "3. Quit and exit"
[Int]$xMenuChoiceA = read-host "Please enter an option 1 to 3..." }

Switch( $xMenuChoiceA ){
  1{$ADGroups = read-host "Please enter the AD group name:"}
  2{$ADGroups = Get-ADGroup -filter {GroupCategory -eq "Security" -and GroupScope -eq "Global"} | Select -expand SamAccountName}
  3{exit}
default{exit}
}

$i = 0
foreach ($ADGroup in $ADGroups){
  

 $i++
 Write-Progress -Activity "Gathering members" -status "Currently on group $ADGroup" -percentComplete ($i / $ADGroups.count*100)
 $Members = get-adgroupmember $ADGroup -recursive

 
 foreach ($MemberofGroup in $Members){
 
  $Detail = New-Object PSObject 
  $Detail | Add-Member Noteproperty GroupName $ADGroup
  $Detail | Add-Member Noteproperty User $MemberofGroup.Name
  $Detail | Add-Member Noteproperty Account_Name $MemberofGroup.SamAccountName
  $myCol += $Detail
 }

}



$myCol | Export-Csv -Path $ExportPath -notype
Write-Host "File exported to: $ExportPath"


[int]$xMenuChoiceB = 0
while ( $xMenuChoiceB -lt 1 -or $xMenuChoiceA -gt 4 ){
cls
Write-host "Active Directory Group Member Reporting" -foregroundcolor "magenta"
Write-host "1. Display current results"
Write-host "2. Query another group"
Write-host "3. Quit and exit"
[Int]$xMenuChoiceB = read-host "Please enter an option 1 to 3..." }

Switch( $xMenuChoiceB ){
  1{$myCol}
  2{$response = "Y"}
  3{exit}
default{exit}
}

}
while ($response -eq "Y")


Comments

Popular posts from this blog

Excel document for pinging list of computers VBA

Here is an excel document I created that will ping a list of nodes in column A and give results in column B. There are much better tools that can be used such as angry ip scanner  http://www.angryip.org/w/Home . I just wrote this as an example Requirements: Tested with Office 2010 Download: Download

Powershell - Com+ Application Recycle

Needed a script to recycle a com+ application nightly and this is what i came up with. This script will write each recycle it does to the event log under application. Run locally or via a scheduled task. #Recycle COM+ Application and write to the event log the status # 1.0 Release # Run script locally # Write to the event log ######################################## #Configurable ######################################## #Com+ ApplicationName $ComPlusLikeAppName = "Put the name of Com+ Application here a like statement is used to eval so you can get away with putting part of it" #EventLog to write to. $eventlog = "Application" #Source for eventlog. $source = "RecycleComObject" #Successful Event ID $SEventID = 0 #Error Event ID $EEventID = 666 #Process that COM+ runs under $process = "dllhost.exe". ######################################## #Clear $CurrentMemory = $null $PRocessID = $null $Commandline = $null $GUID = $null $AppID = $null $Messag

Powershell : Certutil Find Expired Certs on CA server

Wrote this to get certificate expiration information for certificates that expired 5 days ago to ones that expire in 90 days. Wrap an invoke-command around this for remote query. $Before = (get-date).adddays(90).ToString("MM/dd/yyyy") $After = (get-date).AddDays(-5).ToString("MM/dd/yyyy") <# https://blogs.technet.microsoft.com/poshchap/2016/01/01/powershell-and-certutil-exe/ We create a date range with $Before, i.e. certificates expiring before this date, and $After, i.e. certificates expiring after this date. These values are converted into something that certutil can understand - $Restrict. This is then used with the certutil -restrict parameter. #> $Restrict = "NotAfter<=$Before,NotAfter>=$After" $Report = @() $cmd = & certutil.exe -view -restrict $Restrict -out "RequesterName,CommonName,Certificate Expiration Date","Certificate Template" $SplitLines = $cmd.Split("`n`r") $Index = 0 foreach ($line in $Sp