Exporting Users From AD Security Groups and listing variables

darkdealx23 · June 2, 2021, 5:26pm

$OUpath = 'OU=Cloud RBAC,OU=Functions,OU=Administration,DC=contoso,DC=con,DC=local'
Import-Csv -Path = 'C:\Temp\Test\FUNC-X-CLOUD-AUDIT.csv'
Get-ADUser -Filter * -SearchBase $OUpath | Select-Object cn, samaccountname, mail, title, givenname, sn, whencreated | select cn, samaccountname, mail, title, givenname, sn, whencreated | Export-Csv -Path 'C:\Temp\Test\FUNC-X-CLOUD-AUDIT.csv'

Import-Csv : Cannot bind parameter 'Delimiter'. Cannot convert value "C:\Temp\Test\FUNC-X-CLOUD-AUDIT.csv" to type "System.Char". Error: "String 
must be exactly one character long."
At line:2 char:20
+ Import-Csv -Path = 'C:\Temp\Test\FUNC-X-CLOUD-AUDIT.csv'
+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Import-Csv], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.PowerShell.Commands.ImportCsvCommand

So this is the error I’m getting and how I’m using my logic to call the select objects. I’m also trying to get it in table format in the .csv

So i’m able to pipe out a .csv but there’s no information in it?

matt-bloomfield · June 2, 2021, 5:42pm

You may wish to edit your post to remove the real domain information and use a fake domain name such as contoso.com.

From the way your post is formatted, it looks like you have $ExportPath on a new line. It must be on the same line as the Export-CSV command.

darkdealx23 · June 2, 2021, 5:45pm

Hi Matt, thank you for responding back, i had tweaked certain parameters as stated.

Olaf · June 2, 2021, 8:03pm

darkdealx23:

Import-Csv -Path = 'C:\Temp\Test\FUNC-X-CLOUD-AUDIT.csv'
So this is the error I’m getting and how I’m using my logic to call the select objects. I’m also trying to get it in table format in the .csv

The equal sign (=) is the assignment operator for variable assignments. If you provide a vaule for a parameter you simply separate it by a space … like this:

Import-Csv -Path 'C:\Temp\Test\FUNC-X-CLOUD-AUDIT.csv'

Then you use Select-Object twice …

even if it does not bother and does not change the output … it’s redundant and unnecessary.

matt-bloomfield · June 2, 2021, 9:25pm

You’re making this difficult to respond to because you’re making multiple edits of the same post. You’ve posted 3 different code versions so far with two different errors.

At the moment, you’re getting all AD users which doesn’t meet your goal of getting the group members. As @Olaf recommended yesterday, you want to be using Get-ADGroupMember for this. Once you’ve got the group members, you can get then user information for those users.

Step back from the code a minute, walk through what you’re trying to do, and then associate the possible cmdlets with each task:

List the groups you want to process (Import-CSV, Get-Content).
For each (foreach or Foreach-Object) group in the list, get all the group’s members (Get-ADGroupMember)
For each (foreach or Foreach-Object) of the members, get their Name, User name, Email, Role*, First name, Last name, Creation date (Get-ADUser)
Export all of the details to a CSV file (Export-CSV)

I can’t test this but this is roughly how your script should look:

$groups = Get-Content C:\Temp\groups.txt

foreach ($group in $groups) {
    Get-ADGroupMember $group | Foreach-Object {
        Get-ADUser $_ -properties mail, whenCreated | 
            Select-Object Name,sAMAccountName,mail,givenName,surname,whenCreated | 
                Export-CSV "C:\Temp\$group.csv" -NoTypeInformation
    }
}

*There isn’t a role attribute as far as I know. Is this a custom attribute or is stored in another attribute such as description?

darkdealx23 · June 3, 2021, 12:03pm

matt-bloomfield:

$groups = Get-Content C:\Temp\groups.txt

foreach ($group in $groups) {
    Get-ADGroupMember $group | Foreach-Object {
        Get-ADUser $_ -properties mail, whenCreated | 
            Select-Object Name,sAMAccountName,mail,givenName,surname,whenCreated | 
                Export-CSV "C:\Temp\$group.csv" -NoTypeInformation
    }
}

So this has worked, thus so far.

I’d identified at

Get-ADUser $_ -properties mail, whenCreated

I added

Title

This gave the job title.

However, i’ve realised it’s only piping out 1 member, rather than all.

So this is my modification that i’ve done and not sure where i’m going wrong

$groups = Get-Content D:\Team Shares\Identity Management\Andrew T\groups.txt

foreach ($group in $groups) {
    Get-ADGroupMember $group | Foreach-Object {
        Get-ADUser -Filter * -SearchBase "OU=Cloud RBAC,OU=Functions,OU=Administration,DC=example,DC=example,DC=local"  $_ -properties mail, whenCreated, Title | 
            Select-Object Name,sAMAccountName,mail,Title,givenName,surname,whenCreated | 
                Export-CSV "D:\Team Shares\Identity Management\Andrew T\$group.csv" -NoTypeInformation
    }
}

So how can i call upon all members?

This is the error

Get-ADUser : A positional parameter cannot be found that accepts argument 'CN=SamuelEbhabha,OU=C,OU=Users,OU=,DC=,DC=,DC='.
At D:\Team Shares\Identity Management\Andrew Theodoulou\FUNC-X-CLOUD_Audit.ps1:5 char:9
+         Get-ADUser -Filter * -SearchBase "OU=Cloud RBAC,OU=Functions, ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-ADUser], ParameterBindingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.GetADUser

Olaf · June 3, 2021, 1:01pm

I know you will complain that this is not helpful for you but you’re lacking the very basics of PowerShell. It will be nearly impossible to help you when you don’t understand the help you get. And it does not help you for the long run when we write the code for you. Please do yourself a favour and make a step back and start with learning the fundamentals of PowerShell first. It will save you from a lot of wasted time and frustration.

darkdealx23 · June 3, 2021, 1:10pm

@Olaf , i’m not going to complain and whine. You are correct that i need to know the basics.

However, i find it neither courteous or professional that this forum has a ‘tough love’ policy for newbies such as myself.

I understand the syntax and logic but missing on a value/parameter that i can’t link is surely a little harsh.

All i wish to understand is the string that’s missing.

Is that not permitted in this forum, or am i no longer welcome in this place?

Olaf · June 3, 2021, 1:16pm

That’s the point I doubt.

You provide $_ for Get-ADUser but you do not specify for what parameter it should be used.

matt-bloomfield · June 3, 2021, 1:39pm

`Get-ADUser -Filter * -SearchBase "OU=Cloud RBAC,OU=Functions,OU=Administration,DC=example,DC=example,DC=local"  $_ -properties mail, whenCreated, Title `

You can’t use -Filter * and $_. You need to use $_ (see my original post).

darkdealx23 · June 3, 2021, 4:22pm

Olaf, i don’t know if you are the sort of individual that thrives off in condescending / trolling people for your own self-gratification.

I find you very hostile and using intellectual bullying tactics just to self-gloat yourself.

Topic		Replies	Views
List users in specific group, plus active/disabled PowerShell Help	0	169	December 31, 2011
Get AD User and Group Membership and export to CSV PowerShell Help	2	205	September 26, 2019
Script to export AD users PowerShell Help	4	194	February 10, 2024
AD Export group members but with a twist? PowerShell Help	8	151	April 6, 2015
Powershell - group members & attribs for multiple groups report? PowerShell Help	3	182	July 30, 2014

Exporting Users From AD Security Groups and listing variables

Related Topics