1

I am trying to get a list from active directory, where I only see SamAccountName, and all the information from MemberOf tab. The following code lists all the user, but when it comes to MemberOf properties, it will only list 1-2 groups, and then "..."

Get-ADUser -filter * -properties *| 
  Select SamAccountName,Memberof |
  out-file 'Location\UsersExport.txt'

Example output:

SamAccountName OneUser
Memberof {CN=Something,CN=Users,DC=Something,DC=Something, CN=K...

Is there a way to list all the group names only, (I only need SamAccountName and all the MemberOf group rights for all the user) or am I missing some property? Also, is there an option to get rid of all the unnecessary "CN= DC=" fields, and only see the group name?

F. Jozsef
  • 21
  • 4
  • 1
    Possible duplicate of [How to list all Active Directory Users and their group membership](https://serverfault.com/questions/415793/how-to-list-all-active-directory-users-and-their-group-membership) – Doug Deden Apr 04 '19 at 14:50
  • I would suggest the OP give the cmdlet "Get-ADPrincipalGroupMembership a whirl... It would also help if the OP could define how the output needed to be structured -- and whether or not nested group memberships had to be factored in. Like, would this work? get-aduser -prop memberof | Select SamAccountName,@{n="Groups";e={($_.MemberOf | % {(Get-ADGroup -identity $_).Name}) -join ', '}} | export-csv -Path C:\Path\To\The.csv – Semicolon Apr 04 '19 at 18:01
  • 1
    That linked question does uses the Quest AD Tools which should be considered dead by now. Would the appropriate action be to close this as a dupe and provide a better, updated answer on the linked question? – Semicolon Apr 04 '19 at 18:02
  • 1
    @Semicolon New answer on an old (linked) question. It's more effective, because google – kubanczyk Apr 04 '19 at 23:22

1 Answers1

1

Luckily I was able to find a solution that worked for me. The only bad side is that this command will list all Membership rights in a different row, so I have to make some change after the export.

$list = @()
$Groups = get-adgroup -filter *
foreach ($Group in $Groups){
    $members = get-adgroupmember -identity $group 
    foreach ($member in $members){
        if($member.objectClass -eq "User"){
            $item = new-object PSObject
            $item | Add-member -name 'Group' -value $group.name -MemberType NoteProperty
            $item | Add-member -name 'Member' -value $member.samaccountname -MemberType NoteProperty
            $list += $item
        }
    }

}
    $list | out-file 'UsersExportRdy.txt'

Code source:https://www.reddit.com/r/PowerShell/comments/49dk1n/export_all_ad_groups_and_members_to_csv/

F. Jozsef
  • 21
  • 4