Exporting Users From AD Security Groups and listing variables

$OUpath = 'OU=Cloud RBAC,OU=Functions,OU=Administration,DC=contoso,DC=con,DC=local'
Import-Csv -Path = 'C:\Temp\Test\FUNC-X-CLOUD-AUDIT.csv'
Get-ADUser -Filter * -SearchBase $OUpath | Select-Object cn, samaccountname, mail, title, givenname, sn, whencreated | select cn, samaccountname, mail, title, givenname, sn, whencreated | Export-Csv -Path 'C:\Temp\Test\FUNC-X-CLOUD-AUDIT.csv'
Import-Csv : Cannot bind parameter 'Delimiter'. Cannot convert value "C:\Temp\Test\FUNC-X-CLOUD-AUDIT.csv" to type "System.Char". Error: "String 
must be exactly one character long."
At line:2 char:20
+ Import-Csv -Path = 'C:\Temp\Test\FUNC-X-CLOUD-AUDIT.csv'
+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Import-Csv], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.PowerShell.Commands.ImportCsvCommand

So this is the error I’m getting and how I’m using my logic to call the select objects. I’m also trying to get it in table format in the .csv

So i’m able to pipe out a .csv but there’s no information in it?

You may wish to edit your post to remove the real domain information and use a fake domain name such as contoso.com.

From the way your post is formatted, it looks like you have $ExportPath on a new line. It must be on the same line as the Export-CSV command.

Hi Matt, thank you for responding back, i had tweaked certain parameters as stated.

The equal sign (=) is the assignment operator for variable assignments. If you provide a vaule for a parameter you simply separate it by a space … like this:

Import-Csv -Path 'C:\Temp\Test\FUNC-X-CLOUD-AUDIT.csv'

Then you use Select-Object twice …

even if it does not bother and does not change the output … it’s redundant and unnecessary. :wink:

1 Like

You’re making this difficult to respond to because you’re making multiple edits of the same post. You’ve posted 3 different code versions so far with two different errors.

At the moment, you’re getting all AD users which doesn’t meet your goal of getting the group members. As @Olaf recommended yesterday, you want to be using Get-ADGroupMember for this. Once you’ve got the group members, you can get then user information for those users.

Step back from the code a minute, walk through what you’re trying to do, and then associate the possible cmdlets with each task:

  1. List the groups you want to process (Import-CSV, Get-Content).
  2. For each (foreach or Foreach-Object) group in the list, get all the group’s members (Get-ADGroupMember)
  3. For each (foreach or Foreach-Object) of the members, get their Name, User name, Email, Role*, First name, Last name, Creation date (Get-ADUser)
  4. Export all of the details to a CSV file (Export-CSV)

I can’t test this but this is roughly how your script should look:

$groups = Get-Content C:\Temp\groups.txt

foreach ($group in $groups) {
    Get-ADGroupMember $group | Foreach-Object {
        Get-ADUser $_ -properties mail, whenCreated | 
            Select-Object Name,sAMAccountName,mail,givenName,surname,whenCreated | 
                Export-CSV "C:\Temp\$group.csv" -NoTypeInformation

*There isn’t a role attribute as far as I know. Is this a custom attribute or is stored in another attribute such as description?


So this has worked, thus so far.

I’d identified at

Get-ADUser $_ -properties mail, whenCreated 

I added


This gave the job title.

However, i’ve realised it’s only piping out 1 member, rather than all.

So this is my modification that i’ve done and not sure where i’m going wrong

$groups = Get-Content D:\Team Shares\Identity Management\Andrew T\groups.txt

foreach ($group in $groups) {
    Get-ADGroupMember $group | Foreach-Object {
        Get-ADUser -Filter * -SearchBase "OU=Cloud RBAC,OU=Functions,OU=Administration,DC=example,DC=example,DC=local"  $_ -properties mail, whenCreated, Title | 
            Select-Object Name,sAMAccountName,mail,Title,givenName,surname,whenCreated | 
                Export-CSV "D:\Team Shares\Identity Management\Andrew T\$group.csv" -NoTypeInformation

So how can i call upon all members?

This is the error

Get-ADUser : A positional parameter cannot be found that accepts argument 'CN=SamuelEbhabha,OU=C,OU=Users,OU=,DC=,DC=,DC='.
At D:\Team Shares\Identity Management\Andrew Theodoulou\FUNC-X-CLOUD_Audit.ps1:5 char:9
+         Get-ADUser -Filter * -SearchBase "OU=Cloud RBAC,OU=Functions, ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-ADUser], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.GetADUser

I know you will complain that this is not helpful for you but you’re lacking the very basics of PowerShell. It will be nearly impossible to help you when you don’t understand the help you get. And it does not help you for the long run when we write the code for you. Please do yourself a favour and make a step back and start with learning the fundamentals of PowerShell first. It will save you from a lot of wasted time and frustration.

1 Like

@Olaf , i’m not going to complain and whine. You are correct that i need to know the basics.

However, i find it neither courteous or professional that this forum has a ‘tough love’ policy for newbies such as myself.

I understand the syntax and logic but missing on a value/parameter that i can’t link is surely a little harsh.

All i wish to understand is the string that’s missing.

Is that not permitted in this forum, or am i no longer welcome in this place?

That’s the point I doubt. :wink:

You provide $_ for Get-ADUser but you do not specify for what parameter it should be used.

`Get-ADUser -Filter * -SearchBase "OU=Cloud RBAC,OU=Functions,OU=Administration,DC=example,DC=example,DC=local"  $_ -properties mail, whenCreated, Title `

You can’t use -Filter * and $_. You need to use $_ (see my original post).

1 Like

Olaf, i don’t know if you are the sort of individual that thrives off in condescending / trolling people for your own self-gratification.

I find you very hostile and using intellectual bullying tactics just to self-gloat yourself.