0

I am trying to export user and employeeid from LDAP. All the users are in a group that I extracted using the code bellow. I also put them in a csv file.

How can I retrieve employeeid for each user ? Changing this query or creating a new one and using the csv file.

$groups = @()
$groups = 'CONBR-MES-DEV-USERS'
Write-Host 'Group_Name','Member'
foreach ($group in $groups)
{
    $members = @()
    $members = Get-ADGroupMember -Server la.jnj.com -Identity $group 
    foreach ($member in $members)
        {
            Write-Host $member.SamAccountName 


        }
}

I want something like userA 123456 userB 987654 and so on

RalfFriedl
  • 1,134
  • 3
  • 11
  • 12
Caporal
  • 3
  • 1

2 Answers2

1

The employeeID attribute is not included in the default attribute set. One way you can fix this is to use Get-ADObject inside the loop and include the attribute. Example:

foreach ( $group in $groups ) {
  $members = Get-ADGroupMember -Server la.jnj.com -Identity $group 
  foreach ( $member in $members ) {
    $groupMember = $member | Get-ADObject -Properties employeeID,sAMAccountName
    [PSCustomObject] @{
      "Name"       = $groupMember.sAMAccountName
      "employeeID" = $groupMember.employeeID
    }
  }
}
Bill_Stewart
  • 22,916
  • 4
  • 51
  • 62
  • Great, Thanks a lot. I just did a little change since "Name" = $groupMember.sAMAccountName didnt return anything. I used "Name" = $Member.sAMAccountName – Caporal Jul 02 '19 at 17:45
  • I forgot that `sAMAccountName` is not a default property with `Get-ADObject`. Updated answer. – Bill_Stewart Jul 02 '19 at 18:05
0

This can be performed without looping using a LDAP_MATCHING_RULE_IN_CHAIN filter similar to: (memberOf:1.2.840.113556.1.4.1941:=CN=yourgorupname,OU=Groups,DC=example,DC=net)

and returning attributes: "sAMAccountName" "employeeID"

-jim

jwilleke
  • 10,467
  • 1
  • 30
  • 51