0

I may not explain this well so I will start with the results which will be an excel of Manager name, all the groups they are apart of with the category, scope and email. I was able to get the direct reports and exported all the groups they are in to an txt. I tried to use that .txt file to go through and grab each property I need from each group. That is the part I am stuck on.

 Function Get-DirectReport {
[CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true
        )][string]  $SamAccountName,
 
        [switch]  $NoRecurse
    )
 
    BEGIN {}
 
    PROCESS {
        $UserAccount = Get-ADUser $SamAccountName -Properties DirectReports, DisplayName
        $UserAccount | select -ExpandProperty DirectReports | ForEach-Object {
            $User = Get-ADUser $_ -Properties DirectReports
            if ($null -ne $User.EmployeeID) {
                if (-not $NoRecurse) {
                    Get-DirectReport $User.DirectReports
                }
                [PSCustomObject]@{
                    DirectReports     = $User.DirectReports
                                     
                }
            }
        }
    }
 
    END {}
 
}
Jason Glenn
  • 57
  • 6
  • Sorry but is not very clear what is your need. If I understand correctly, what you need is to get the `GroupCategory` and `GroupScope` from a list of groups. Is this right? – Santiago Squarzon May 11 '21 at 22:33
  • Yes that is correct. I extracted the SamAccountName to a .txt file and used that to search for the group. I am also getting errors that Get-ADGroup -Identity $GroupName can't find the group even though i know it is there. Would it be best to get the SID of the group and use that to get the properties I need? – Jason Glenn May 12 '21 at 01:05
  • Usually, `objectGUID`, `SID` or `distinguishedName` are your best bets. If `Get-ADGroup` gives you an error it probably means the group was deleted. – Santiago Squarzon May 12 '21 at 01:41
  • It depends on the architecture. `Get-ADGroup` may not resolve group from other domain in the forest (even with SID) unless you connect to the other domain controller with `-Server`. – raspy May 12 '21 at 05:07
  • Thanks everyone, I was able to get what I need by using `Get-ADPrincipalGroupMembership -Identity $UserSID | Select name, GroupCategory, GroupScope, SID` – Jason Glenn May 12 '21 at 11:26

0 Answers0