Get-ADPrincipalGroupMembership and save it to .csv report

Hi all,
I am looking for help, this is what i try to acomplishe
I am loking for disabled users and moving them to Disabled OU, then before i clean up this OU, i want to get and save all data about this users with GroupMembership etc…
this is my code and in some reason it saving just one user,

Please, help me to fix this
Thanks

$Users = Get-ADUser -Filter {LastLogonTimeStamp -lt $time  -and Enabled -eq $false} -SearchBase $sb -ResultPageSize 0 -Property Name, LastLogonDate, DistinguishedName, SamAccountName


ForEach ($user in $Users)
{
 $UserGroups = (Get-ADUser $user -Properties memberof | select -expand memberof | get-adgroup) | select Name,groupscope

 $UserProperties = [pscustomobject][ordered] @{
                    "Name" = $user.name
                    "DistinguishedName" = $user.DistinguishedName
                    "User ID" = $User.samaccountname
                    "Email Address" = $User.emailaddress
                    "Title" = $User.title
                    "Description" = $User.Description
                    "Department" = $User.Department
                    #"Manager" = $managerDetails.Name
                    "Office Phone" = $User.officephone
                    "Mobile" = $User.mobile
                    "Account Created" = $User.Created
                    "LastLogonDate" = $user.LastLogonDate
                    "Password Last Changed" = $User.PasswordLastSet
                    "AD Group Information" = $UserGroups.Name -join ';'
                    
                }
}

$UserProperties | Export-Csv -Path "$Report" -NoTypeInformation

Hi welcome back to the forum. You are setting the $userproperties variable inside your foreach loop. Remove the assignment inside and put it in front of the foreach.

$userproperties = foreach(…)

Thx krzdoug,
i try your way, but didnt worked, file empty

$UserProperties = ForEach ($user in $Users)
{

 $UserGroups = (Get-ADUser $user -Properties memberof | select -expand memberof | get-adgroup) | select Name,groupscope

 [pscustomobject][ordered] @{
                    "Name" = $user.name
                    "DistinguishedName" = $user.DistinguishedName
                    "User ID" = $User.samaccountname
                    "Email Address" = $User.emailaddress
                    "Title" = $User.title
                    "Description" = $User.Description
                    "Department" = $User.Department
                    #"Manager" = $managerDetails.Name
                    "Office Phone" = $User.officephone
                    "Mobile" = $User.mobile
                    "Account Created" = $User.Created
                    "LastLogonDate" = $user.LastLogonDate
                    "Password Last Changed" = $User.PasswordLastSet
                    "AD Group Information" = $UserGroups.Name -join ';'
                    
                }
}

$UserProperties | Export-Csv -Path "$Report" -NoTypeInformation

If you’re not getting output then the variable will be empty. Remove the variable and the export and just confirm you’re getting the output you expect.

you right , $UserProperties empty
now my question why?
if i run $UserGroups, i received all data for one user

Not with the code shown. The code show $usergroups would have two properties: name and groupscope. Perhaps you’re running modified version of what is shown?

For me, it was confusing to call the ForEach loop = $UserProperties because I don’t know if that is per user collection or the whole, so made a slight adjustment.
I believe in this example its ok to have $UserProperties inside the loop.

$Users = Get-ADUser -Filter {LastLogonTimeStamp -lt $time  -and Enabled -eq $false} -SearchBase $sb -ResultPageSize 0 -Properties *

$Results = ForEach ($user in $Users) {

    $UserGroups = $User | Select-Object -ExpandProperty memberof | Get-ADGroup | Select-Object Name,groupscope 

    [pscustomobject][ordered] @{
        "Name" = $$User.name
        "DistinguishedName" = $$User.DistinguishedName
        "User ID" = $$User.samaccountname
        "Email Address" = $$User.emailaddress
        "Title" = $$User.title
        "Description" = $$User.Description
        "Department" = $$User.Department
        #"Manager" = $managerDetails.Name
        "Office Phone" = $$User.officephone
        "Mobile" = $$User.mobile
        "Account Created" = $$User.Created
        "LastLogonDate" = $$User.LastLogonDate
        "Password Last Changed" = $User.PasswordLastSet
        "AD Group Information" = $UserGroups.Name -join ';'
        }
}
$Results | Export-Csv -Path "$Report" -NoTypeInformation

edit: Updated to include first line which was initially missed, removed Get-ADUser from inside loop

… but you need to query each user twice … I’d consider this as inefficient.

I did not see original poster mention speed as an issue
You are 100% correct but I do not understand Regex at all to parse out the MemberOf property to a nicely formatted GroupName;GroupName; etc

Until a certain degree that should be mandatory.

What? … you don’t need regex at all … what I meant was - you query all users once in advance to get the list of users you want to iterate over and then you query each individual user again inside the loop to get their properties … that’s redundand.

I initially missed the top line of code and was unaware the format of input. Also, just noticed the button that copies ALL code and will do that going forward.
Edit incoming!

I want to Thank you all to participate in this conversation, but in some reason this still come up empty in report

"AD Group Information" = $UserGroups.Name -join ';'

Glad to help, apologies for the multiple edits. I see what happened, forgot to rename a variable in my changes.

I made another edit and corrected this part from:

 $UserGroups = $UserProperties | Select-Object -ExpandProperty memberof | Get-ADGroup | Select-Object Name,groupscope 

To:

 $UserGroups = $User | Select-Object -ExpandProperty memberof | Get-ADGroup | Select-Object Name,groupscope 

Thx posh_enjoyer for your help
all looking good now