How can I get a list of all disabled domain users with group membership, one user per line, but omit results for users that have no membership?

Question

For example, when our users are terminated, we need to remove all groups. I want to check for groups still connected to user, but not show the users where the groups are removed.

I have the following, which shows all disabled users, but can't figure out how to test for a null group. Any help would be appreciated.

Import-Module Activedirectory
Get-ADUser -Filter 'enabled -eq $false' -Properties DisplayName,memberof | % {
New-Object PSObject -Property @{
UserName = $_.DisplayName
Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -join 
","}
} | Select UserName,Groups

PLEASE read the Tour page for this site ... and use the code formatting instructions linked on that page. [*grin*] — Lee_Dailey, Apr 11 '22 at 01:14

score 1 · Answer 1 · answered Apr 11 '22 at 11:06

1

Add a where check before the select:

| Where-Object {$_.Groups -ne $null} 


Import-Module Activedirectory
Get-ADUser -Filter 'enabled -eq $false' -Properties DisplayName,memberof | % {
    New-Object PSObject -Property @{
    UserName = $_.Name
    Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -join ","}
} | Where-Object {$_.Groups -ne $null} | Select UserName,Groups

answered Apr 11 '22 at 11:06

Greg Askew

35,880
5
54
82

Thanks Greg! This runs, however I'm still seeing blank groups in the output. Do you know a better way to filter this? @GregAskew. Thanks a million btw – Owen Williams Apr 12 '22 at 01:26
UserName Groups -------- ------ John Lennon Domain Admins George Harrison George Martin Enterprise Admins Brian Epstein – Owen Williams Apr 12 '22 at 01:27

How can I get a list of all disabled domain users with group membership, one user per line, but omit results for users that have no membership?

1 Answers1