none
Not able to pull title, department, manager when using Get-ADGroupMember RRS feed

  • General discussion

  • I'm having a problem when trying to pull additional data from below script.  The script runs and adds columns for title,department,manager.  But it does not pull the data from the users account.  Are these 3 items not supported when using Get-ADGroupMember?
    $Groups = (Get-AdGroup -filter * | Where {$_.name -like "GROUPNAME*"} | select name -expandproperty name)
    
    
    $Table = @()
    
    $Record = [ordered]@{
    "Group Name" = ""
    "Name" = ""
    "Username" = ""
    "Job Title" = ""
    "Department" = ""
    "Manager" = ""
    }
    
    
    
    Foreach ($Group in $Groups)
    {
    
    $Arrayofmembers = Get-ADGroupMember -identity $Group | select name,samaccountname,title,department,manager
    
    foreach ($Member in $Arrayofmembers)
    {
    $Record."Group Name" = $Group
    $Record."Name" = $Member.name
    $Record."UserName" = $Member.samaccountname
    $Record."Job Title" = $Member.title
    $Record."Department" = $Member.department
    $Record."Manager" = $Member.manager
    $objRecord = New-Object PSObject -property $Record
    $Table += $objrecord
    
    }
    
    }
    
    $Table | export-csv "C:\temp\SecurityGroups.csv" -NoTypeInformation

    • Changed type Bill_Stewart Monday, April 30, 2018 9:45 PM
    • Moved by Bill_Stewart Monday, April 30, 2018 9:46 PM This is not "teach me PowerShell basics step-by-step" forum
    Thursday, March 1, 2018 6:48 PM

All replies

  • $Arrayofmembers = Get-ADGroupMember -Identity testgrp2|
          Where{$_.objectClass -eq 'user'} |
         Get-AdUser -Properties title,department,manager


    \_(ツ)_/




    • Edited by jrv Thursday, March 1, 2018 10:29 PM
    Thursday, March 1, 2018 7:36 PM
  • The Get-ADGroupMember cmdlet does not support the -Properties parameter. It only retrieves properties common to security principals: DistinguishedName, Name, ObjectClass, ObjectGUID, SamAccountName, and SID. To retrieve more properties you need to pass the DistinguishedName or SamAccountName to another cmdlet, like Get-ADUser, Get-ADComputer, or Get-ADGroup, depending on the class of the group member. See this help document:

    https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-adgroupmember?view=win10-ps


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Thursday, March 1, 2018 9:53 PM
  • I get the below error message

    Thursday, March 1, 2018 9:54 PM
  • Don't post screen images. The text is too small to read. Instead, copy and paste the error text from the PowerShell window.

    -- Bill Stewart [Bill_Stewart]

    Thursday, March 1, 2018 10:18 PM
  • Not tested,  but something like below (in part) should work, assuming you only want to consider user members of the groups:

    $Groups = Get-ADGroup -Filter *
    ForEach ($Group In $Groups)
    {
        $Members = Get-ADGroupMembers -Identity $Group
        ForEach ($Member In $Members)
        {
            If ($Member.ObjectClass -eq "user")
            {
                $User = Get-ADUser -Identity $Member.DistinguishedName -Properties title, department, manager
                $Record."Group Name" = $Group.Name
                $Record."Name" = $User.Name
                $Record."UserName" = $User.sAMAccountName
                $Record."Job Title" = $User.title
                $Record."Department" = $User.department
                $Record."Manager" = $User.manager
                # ...
            }
        }
    }
    

    You could add more to handle other classes of group members.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Thursday, March 1, 2018 10:28 PM
  • I fixed my post to this:

    Get-ADGroupMember -Identity testgrp2|?{$_.objectClass -eq 'user'} | Get-AdUser -Properties title,department,manager


    \_(ツ)_/

    Thursday, March 1, 2018 10:28 PM