Powershell - Get User information from AD list

Question

I'm a beginner in programming in general.. What I'm trying to do is to create a powershell script that will:

Get information on each user on an Active Directory group.
Inside each group there may be another group, so I would want it to get the list of users from each nested group as well.
Only give me the information for each group once.

This is what I have so far:

$list = Get-ADGroupMember Admins

foreach($u in $list) {
    Get-ADObject $u
}

foreach ($_ in $u) {
    if ($u.ObjectClass -eq 'user') { 
        Get-ADUser $u -Properties * | select givenname, surname, samaccountname | ft -autosize
    } else { 
        Get-ADGroupMember $u -Recursive | select name, samaccountname | ft -autosize
    }
}

So far I'm trying to get it to work with that one group 'Admins' and then if it does I would want to run the code for more groups at the same time.

Any help or guidance would be appreciated.

Why do you have two `foreach` loops? It seems like they should both be combined. — Gabriel Luci, Jul 30 '20 at 22:12
If I do that it works, but its giving me a single line for each of the users. Is there any way to consolidate it into one list? — kinkiman, Jul 30 '20 at 22:24

score 0 · Accepted Answer · answered Aug 01 '20 at 12:14

You seem to want only properties that are returned by default by Get-ADUser aswell as Get-ADGroup, so in both cases, there is no need to specify the -Properties parameter.

Get-ADGroupMember can return user, computer and group objects, so at the moment, your else condition expects groups, where you could end up with a computer object..

In your code, you output to console with ft -autosize both in the if and the else, but it would be simpler to capture both types of resulting objects in a variable at the start of the loop and output it as a whole afterwards:

# you can load a list of group names from a predefined array:
$Groups = 'Admins', 'Users'

# or load from a file, each group name listed on a separate line:
# $Groups = Get-Content -Path 'D:\Test\ADGroups.txt'

# or get all AD groups in the domain:
# $Groups = (Get-ADGroup -Filter *).Name


$result = foreach ($group in $Groups) {
    Get-ADGroup -Filter "Name -eq '$group'" | ForEach-Object {
        # we could use the $group variable, but this ensures correct casing
        $groupName = $_.Name
        $members = $_ | Get-ADGroupMember -Recursive
        foreach ($member in $members) {
            if ($member.objectClass -eq 'user') {
                Get-ADUser -Identity $member.DistinguishedName |
                Select-Object @{Name="GroupName"; Expression={$groupName}},
                              @{Name="MemberType";Expression={'User'}},
                              Name, 
                              GivenName, 
                              Surname, 
                              SamAccountName
            }
            elseif ($member.objectClass -eq 'group') {
                Get-ADGroup -Identity $member.DistinguishedName |
                Select-Object @{Name="GroupName";Expression={$groupName}},
                              @{Name="MemberType";Expression={'Group'}},
                              Name,
                              @{Name="GivenName";Expression={''}},  # groups don't have this property
                              @{Name="Surname";Expression={''}},    # groups don't have this property
                              SamAccountName
            }
        }
    }
}

# output is console
$result | Format-Table -AutoSize

# write to CSV file
$result | Export-Csv -Path 'D:\Test\GroupsInfo.csv' -NoTypeInformation

^{The trick is here to output objects with equal properties for both a user and a group object}

I had already solved the issue before I saw your comment but yours is pretty close to the answer I got. I appreciate your help! — kinkiman, Aug 06 '20 at 16:17

Powershell - Get User information from AD list

1 Answers1

Linked