Filtered search for Group Name then list Users in Group

by Colin Hill at 2012-11-22 06:59:12


I was wondering if anyone could help. I’m trying to get a list of users from a number of Groups which have a standard naming convention.

For example:
VMware Console Access - Server 1
VMware Console Access - Server 2
VMware Console Access - Server 3

Has anyone seen a script or written something like this already?

Thanks in advance

by Klaas at 2012-11-22 07:17:24
Get-ADGroup -Filter 'Name -like "VMWAre*"' | Get-ADGroupMember

That would be the shortest way, I think.
You need to be on a domain controller or have RSAT installed. On Powershell V2 you have to import-Module ActiveDirectory first, with PSv3 that is no longer necessary.
If you add | gm You can see what properties are available to Select;
by Colin Hill at 2012-11-22 08:35:00
Hi Klaas,

Thanks for your quick response!

The script is fine (Thanks!) but I also need to push the information out to a CSV file (Name and Email).

Get-ADGroup -Filter ‘Name -like "VMWAre*"’ | Get-ADGroupMember | Select-Object Firstname, Lastname, Email | Export-Csv C:\users.csv -NoTypeInformation

The fist bit is fine (yours!) but the last part is failing to output what I want.

by Klaas at 2012-11-23 00:25:58
It seems that the groupmember object is not a user object and doesn’t have the properties you want. Insert another cmdlet that gets the actual user objects.
Also check the property names, because they are not the same as in ADUC; firstname -> givenname, lastname -> surname, email -> mail
Default you get a small number of properties, so if the ones you need are not in that set, you should add them with the properties parameter:
Get-ADGroup -Filter 'name -like "VMWare*"' | Get-ADGroupMember | Get-ADUser -Properties surname,givenname,mail|
Select-Object surname, givenname, mail | Export-Csv C:\users.csv -NoTypeInformation
by Colin Hill at 2012-11-23 04:36:50
Hi Klaas,

Thanks for help again - the script worked great!
Once we had the output it wasn’t as useful as we hoped for as the external users didn’t have an email address listed <sigh>…

We had a bit of a tinker and came up with this to list users to Groups so at least we could see who accessed what. Then get the business units to contact the external users:

import-module activeDirectory
$vmwareGroups = get-adGroup -filter 'name -like "VMware*Console Access"'

## output object
$output = @()

$vmwareGroups | foreach {

$groupName = $.name
$groupMembers = $
| get-adGroupMember
$groupMembers | foreach {
$memberName = $
$obj = new-object System.Management.Automation.PSObject
$obj = $obj | add-member -memberType NoteProperty -name groupName -value $groupName -passthru
$obj = $obj | add-member -memberType NoteProperty -name userName -value $memberName -passthru
$output += $obj

$output | export-csv "c:\vwmareGroups.csv" -NoTypeInformation