by othni at 2012-11-14 10:43:11
I am running this script:by kittH at 2012-11-15 05:37:53Get-QADGroupMember -Identity ‘Enterprise Admins’ -Indirect | Select-Object ‘name’,‘type’,‘dn’,‘MemberOf’’ | Export-Csv c:\enterprise_admins.csv -notype
It works fine, but I need to do this for several groups and I want to know if I can do it with one instruction to combine all output.
Of course I would need a way to also have a column for the Group to differentiate each line if several groups are in the same file.
Any ideas?
This should work, you can just add the groups you want to the "Groups" array. I wasn’t sure how you wanted to handle the "MemberOf" field since it outputs an array, so I pipe delimited it for now.by othni at 2012-11-15 07:47:38$Results = @()
$Groups = @("Enterprise Admins", "Domain Admins")
Foreach ($Group in $Groups){
Foreach($Member in (Get-QADGroupMember -Identity $Group -Indirect | Select-Object 'name','type','dn','MemberOf')){
$MemberOf = $Member.MemberOf
$OFS = '| '
$MemberOf = "$MemberOf"
$Object = New-Object -TypeName PSObject
$Object | Add-Member -NotePropertyName Name -NotePropertyValue $Member.Name
$Object | Add-Member -NotePropertyName Type -NotePropertyValue $Member.Type
$Object | Add-Member -NotePropertyName DN -NotePropertyValue $Member.DN
$Object | Add-Member -NotePropertyName MemberOf -NotePropertyValue $MemberOf
$Object | Add-Member -NotePropertyName Group -NotePropertyValue $Group
$Results += $Object}}
$Results | Export-CSV c:\enterprise_admins.csv -notype
Thank you very much!by kittH at 2012-11-15 07:54:32
I will test it today and give you feedback.
Do you think the Quest cmdlets are my best option, or the native Windows 2008 R2 will work too?
I am a terrible person to answer that, I use the quest cmdlets for everything. I certainly don’t know of a reason why they’d be a bad option for this.by othni at 2012-11-15 09:38:43
I just tested your script but received this error:by dsf3g at 2012-11-15 11:58:38Add-Member : A parameter cannot be found that matches parameter name ‘NotePropertyName’.
At C:\myscript.ps1:9 char:47
+ $Object | Add-Member -NotePropertyName <<<< Name -NotePropertyValue $Member.Name
+ CategoryInfo : InvalidArgument: ( [Add-Member], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.AddMemberCommand
You can use an ldap filter:by othni at 2012-11-15 12:05:16
Get-QADUser -LdapFilter "(|(memberof=dn of group1)(memberof=dn of group2))"
But, unfortunately that will NOT give you indirect membership.
Thank youby kittH at 2012-11-15 13:03:13
But I need indirect membership in this case
It’s slightly different syntax in older versions of powershell, to use the above code you can upgrade here: http://www.microsoft.com/en-us/download … x?id=34595by othni at 2012-11-15 14:53:39
Otherwise try:$Results = @()
$Groups = @("Enterprise Admins", "Domain Admins")
Foreach ($Group in $Groups){
Foreach($Member in (Get-QADGroupMember -Identity $Group -Indirect | Select-Object 'name','type','dn','MemberOf')){
$MemberOf = $Member.MemberOf
$OFS = '| '
$MemberOf = "$MemberOf"
$Object = New-Object -TypeName PSObject
$Object | Add-Member -MemberType NoteProperty -Name Name -Value $Member.Name
$Object | Add-Member -MemberType NoteProperty -Name Type -Value $Member.Type
$Object | Add-Member -MemberType NoteProperty -Name DN -Value $Member.DN
$Object | Add-Member -MemberType NoteProperty -Name MemberOf -Value $MemberOf
$Object | Add-Member -MemberType NoteProperty -Name Group -Value $Group
$Results += $Object}}
$Results | Export-CSV c:\enterprise_admins.csv -notype
thanks!by othni at 2012-11-16 09:15:19
I will test it soon!
Great, it worked!by dsf3g at 2012-11-16 10:19:17
Thank you!
Another little thing.
The CIO is asking to maybe provide another two possible ways of specifying the $Groups to evaluate which one we finally use.
1. Within the script, using Get-QADgroup starting in a container (OU or Domain) to populate your $Groups. How do we build the $Groups variable with this input?
or
2. Reading the $Groups information from a file. How should the file be created and how we make the %Groups variable read from this file?
OK, this is nuts! A few threads down in this same forum I discovered this in answer to another question:by othni at 2012-11-16 10:25:24
get-qaduser -indirectmemberof group1,group2
so all you need really is:
get-qaduser -indirectmemberof group1,group2 | select-object property1,property2 | export-csv myfile.csv
And it works! (but is pretty slow)
Wow!by kittH at 2012-11-16 13:36:58
I will test it and let you know. That thing about being able to specify more than one group is good!
Thank you!
In response to your questions, it’s really easy.by othni at 2012-11-16 14:15:34
For the first scenario you could do
$Groups = Get-QADGroup -searchroot ‘domain.com/OU’
Doing it from a file would depend on how you setup the input file, but you could use Get-Content to pull from a text file or Import-CSV to pull from a csv. For example:
$Groups = Get-Content C:\Groups.txt
As long as it is a text file with just a group name on each line, it should work fine.
In regards to the much simpler command that was pointed out above, I did not realize that you could specify multiple groups like that, but you would still need to do some processing to include the group name and flatten out the "memberof" field.
Thank you!by Infradeploy at 2012-11-19 05:38:30
You are right about the group name!
in Powershell 3 there’s a -append parameter for export-csvby othni at 2012-11-19 13:02:33
That would simplify things
Great!
I didn’t know that one!