Combine output for several Get-QADGroupMember instructions

by othni at 2012-11-14 10:43:11

I am running this script:
Get-QADGroupMember -Identity ‘Enterprise Admins’ -Indirect | Select-Object ‘name’,‘type’,‘dn’,‘MemberOf’’ | Export-Csv c:\enterprise_admins.csv -notype

It works fine, but I need to do this for several groups and I want to know if I can do it with one instruction to combine all output.

Of course I would need a way to also have a column for the Group to differentiate each line if several groups are in the same file.

Any ideas?
by kittH at 2012-11-15 05:37:53
This should work, you can just add the groups you want to the "Groups" array. I wasn’t sure how you wanted to handle the "MemberOf" field since it outputs an array, so I pipe delimited it for now.

$Results = @()
$Groups = @("Enterprise Admins", "Domain Admins")
Foreach ($Group in $Groups){
Foreach($Member in (Get-QADGroupMember -Identity $Group -Indirect | Select-Object 'name','type','dn','MemberOf')){
$MemberOf = $Member.MemberOf
$OFS = '| '
$MemberOf = "$MemberOf"
$Object = New-Object -TypeName PSObject
$Object | Add-Member -NotePropertyName Name -NotePropertyValue $Member.Name
$Object | Add-Member -NotePropertyName Type -NotePropertyValue $Member.Type
$Object | Add-Member -NotePropertyName DN -NotePropertyValue $Member.DN
$Object | Add-Member -NotePropertyName MemberOf -NotePropertyValue $MemberOf
$Object | Add-Member -NotePropertyName Group -NotePropertyValue $Group
$Results += $Object}}

$Results | Export-CSV c:\enterprise_admins.csv -notype
by othni at 2012-11-15 07:47:38
Thank you very much!

I will test it today and give you feedback.

Do you think the Quest cmdlets are my best option, or the native Windows 2008 R2 will work too?
by kittH at 2012-11-15 07:54:32
I am a terrible person to answer that, I use the quest cmdlets for everything. I certainly don’t know of a reason why they’d be a bad option for this.
by othni at 2012-11-15 09:38:43
I just tested your script but received this error:
Add-Member : A parameter cannot be found that matches parameter name ‘NotePropertyName’.
At C:\myscript.ps1:9 char:47
+ $Object | Add-Member -NotePropertyName <<<< Name -NotePropertyValue $Member.Name
+ CategoryInfo : InvalidArgument: (:slight_smile: [Add-Member], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.AddMemberCommand


:frowning:
by dsf3g at 2012-11-15 11:58:38
You can use an ldap filter:

Get-QADUser -LdapFilter "(|(memberof=dn of group1)(memberof=dn of group2))"

But, unfortunately that will NOT give you indirect membership.
by othni at 2012-11-15 12:05:16
Thank you

But I need indirect membership in this case
by kittH at 2012-11-15 13:03:13
It’s slightly different syntax in older versions of powershell, to use the above code you can upgrade here: http://www.microsoft.com/en-us/download … x?id=34595

Otherwise try:

$Results = @()
$Groups = @("Enterprise Admins", "Domain Admins")
Foreach ($Group in $Groups){
Foreach($Member in (Get-QADGroupMember -Identity $Group -Indirect | Select-Object 'name','type','dn','MemberOf')){
$MemberOf = $Member.MemberOf
$OFS = '| '
$MemberOf = "$MemberOf"
$Object = New-Object -TypeName PSObject
$Object | Add-Member -MemberType NoteProperty -Name Name -Value $Member.Name
$Object | Add-Member -MemberType NoteProperty -Name Type -Value $Member.Type
$Object | Add-Member -MemberType NoteProperty -Name DN -Value $Member.DN
$Object | Add-Member -MemberType NoteProperty -Name MemberOf -Value $MemberOf
$Object | Add-Member -MemberType NoteProperty -Name Group -Value $Group
$Results += $Object}}

$Results | Export-CSV c:\enterprise_admins.csv -notype
by othni at 2012-11-15 14:53:39
thanks!

I will test it soon!
by othni at 2012-11-16 09:15:19
Great, it worked!

Thank you!

Another little thing.

The CIO is asking to maybe provide another two possible ways of specifying the $Groups to evaluate which one we finally use.

1. Within the script, using Get-QADgroup starting in a container (OU or Domain) to populate your $Groups. How do we build the $Groups variable with this input?
or
2. Reading the $Groups information from a file. How should the file be created and how we make the %Groups variable read from this file?
by dsf3g at 2012-11-16 10:19:17
OK, this is nuts! A few threads down in this same forum I discovered this in answer to another question:

get-qaduser -indirectmemberof group1,group2
so all you need really is:

get-qaduser -indirectmemberof group1,group2 | select-object property1,property2 | export-csv myfile.csv

And it works! (but is pretty slow)
by othni at 2012-11-16 10:25:24
Wow!

I will test it and let you know. That thing about being able to specify more than one group is good!

Thank you!
by kittH at 2012-11-16 13:36:58
In response to your questions, it’s really easy.

For the first scenario you could do
$Groups = Get-QADGroup -searchroot ‘domain.com/OU

Doing it from a file would depend on how you setup the input file, but you could use Get-Content to pull from a text file or Import-CSV to pull from a csv. For example:

$Groups = Get-Content C:\Groups.txt

As long as it is a text file with just a group name on each line, it should work fine.


In regards to the much simpler command that was pointed out above, I did not realize that you could specify multiple groups like that, but you would still need to do some processing to include the group name and flatten out the "memberof" field.
by othni at 2012-11-16 14:15:34
Thank you!

You are right about the group name!
by Infradeploy at 2012-11-19 05:38:30
in Powershell 3 there’s a -append parameter for export-csv

That would simplify things :slight_smile:
by othni at 2012-11-19 13:02:33
Great!

I didn’t know that one!