PowerShell script to enumerate members of specific groups, and export a list of users and which groups they are in RRS feed

  • Question

  • Hi,

    I have a requirement to report on the members of 6 AD groups. Some users may be in 1 group, 2 groups, 3 groups or all 6 etc.

    I've got as far as below, which outputs to the screen ok, but I get System.Object fields in the excel export for anyone who is in more than one group.

    What I really want is a CSV with two columns, Username & Group.  The users can be listed multiple times if they are in multiple groups ... but I struggled with that and this is the closest I've got to meeting my requirement so far.  I guess I'd rate my PS skills as new and learning.

    Any help much appreciated.

    $Users = Get-ADGroup -Filter {name -like "MyApp*"} -Server myserver.net | Get-ADGroupMember | Select-Object -Unique | Sort-Object Name |  Select-Object Name, SamAccountName, DistinguishedName
    $Hash = $Null #Empty the hash table.
    $Hash = @{}
    $Result = ForEach ($User in $Users) {
        $Hash = @{
            Name              = $User.Name
            SamAccountName    = $User.SamAccountName
            DistinguishedName = $User.DistinguishedName
            MyAppGroups       = Get-ADUser -Identity $User.SamAccountName -Properties Memberof -Server myserver.net:3268 | Select-Object -Expand MemberOf | ? {$_ -like "CN=MyApp*"}
        New-Object PsObject -Property $Hash | Select-Object Name, SamAccountName, DistinguishedName, MyAppGroups
    $Result | Export-CSV C:\Temp\Results.csv

    • Moved by Bill_Stewart Friday, March 15, 2019 3:22 PM Abandoned
    Friday, December 14, 2018 10:14 PM

All replies

  • Please loom in the Gallery for scripts that do what you ask.  Your current script is not even close to what you are asking for,

    This question come up about once a week.  There are a dozen or more scripts in the Gallery that do this in various ways.  Just pick one.

    I will also note for future reference. The following lines are pointless and provide nothing useful:

    $Hash =$Null #Empty the hash table.
    = @{}

    You are also getting the users twice which is also unnecessary.  Just get them once and output the user and group name.  The Gallery scripts will show you how to do this.

    Microsoft Virtual Academy - Getting Started with Microsoft PowerShell


    • Edited by jrv Friday, December 14, 2018 10:51 PM
    Friday, December 14, 2018 10:48 PM
  • This is the simplest and fastest way to get users by group.

    Get-ADGroup -Filter { name -like 'MyApp*' } -PipelineVariable grp |
        Get-ADGroupMember |
        Where-Object{ $_.objectClass -eq 'User' } |
        Select-Object @{ n = 'GroupName'; e = { $grp.Name } }, Name, SamAccountName, DistinguishedName |
        Sort-Object groupname, Name -Unique


    • Edited by jrv Friday, December 14, 2018 11:09 PM
    Friday, December 14, 2018 11:03 PM
  • Mine may not be a one liner but gets the job done and includes user accounts in nested groups.

    I always remember to use the -recursive lookup.

    #Final Output Array           
    #Get List of Groups 
    $myGroups=Get-ADGroup -filter {Name -like "MyGroup*"} | select -ExpandProperty Name
    #Loop 1 for Groups  
     Foreach($Group in $myGroups){
     #Gather All users and Nested Users in Other Groups <---
     $MyUserAccounts=Get-ADGroupMember $Group -ErrorAction Stop -Recursive | select -ExpandProperty SamAccountName  
        #Build CSV output Loop
        Foreach($User in $MyUserAccounts){
     #Output to File
     $MyArray | Out-File C:\temp\MyusersandGroups.csv 

    Monday, December 17, 2018 11:44 PM