Help with getting User's Group Memberships tidied up

PowerShell Help
1

I can successfully get the AD Users up and iterates through the list just fine. The issue lies in getting the user’s groups listed out in a table with the user. It seems like my code either isn’t resetting like it should or something is really off with my code. I’d appreciate some help to get me over the hurdle.

#$NormalUsers variable is a Get-ADUser command
	ForEach ($NormalUser in $NormalUsers) {
		$tempNormalUser = Get-ADUser $NormalUser -Properties GivenName, sn, SAMAccountName, Description, Enabled, MemberOf, LastLogon, LastLogonTimeStamp, WhenCreated
		$UserGroups = $tempNormalUser.MemberOf
		ForEach ($UserGroup in $UserGroups) {
			$tempUserGroup = (Get-ADGroup -Identity $UserGroup).Name
			$Groups += $tempUserGroup + "`r`n"
		}

Which all that ends up in a custom object and added to a variable which is dumped into the output html file.

		$MemberRow = New-Object -Type PSObject -Property @{
			Enabled = $tempNormalUser.Enabled
			RecentActivity = $NormalizedRecentAccountDate
			LastName = $tempNormalUser.sn
			FirstName = $tempNormalUser.GivenName
			UserAccount = $tempNormalUser.SAMAccountName
			Description = $tempNormalUser.Description
			GroupMembership = $Groups
		}
	$MemberList += $MemberRow
	}
	$MemberList = ($MemberList | Sort-Object LastName | Select-Object UserAccount, FirstName, LastName, Enabled, RecentActivity, Description, GroupMembership) | ConvertTo-HTML -Fragment

and the piece of relevant code taken from the html array variable is

<table class="normal">$MemberList</table>

The end file at this point is beautiful except for the group memberships which appears to be a random collection of ALL AD groups in the environment rather than just the actual ones the user belongs to. It would be helpful if I could get each group onto its own line. The sample below is from a user that belongs to 3 groups.

Group Policy Creator Owners Domain Admins Enterprise Admins Schema Admins Administrators Guests Domain Users
2

Hi, welcome back :wave: - it’s been quite a while :slight_smile:

You’re not clearing the $Groups variable, so you’re adding every user’s groups to the same array.

You could clear it, when you first process the user:

ForEach ($NormalUser in $NormalUsers) {
    $Groups = @()
    ...
}

But it’s considered bad practice to use += to add array members as it does not scale well because the array is destroyed and recreated with every addition.
This would be better:

#$NormalUsers variable is a Get-ADUser command
	ForEach ($NormalUser in $NormalUsers) {
		$tempNormalUser = Get-ADUser $NormalUser -Properties GivenName, sn, SAMAccountName, Description, Enabled, MemberOf, LastLogon, LastLogonTimeStamp, WhenCreated
		$UserGroups = $tempNormalUser.MemberOf
		$Groups = ForEach ($UserGroup in $UserGroups) {
			$tempUserGroup = (Get-ADGroup -Identity $UserGroup).Name
			$tempUserGroup + "`r`n"
		}

I also note from your commented line, that the $NormalUsers is populated by a Get-ADUser command. That being the case, there should be no need to get the user again in your outer foreach loop. Just get the data once.

3

Yes. It has been a while. I took a side trip into Linux and shell scripting, now coming back to my home turf.

I thought that would be what the issue was (not clearing the variable). Let me throw it in as suggested and report back.

And you’re right, there is some repetitive calls to AD. I cleaned it up a lot from my initial write.

4

I set the suggested code in place. The GroupMembership column is certainly cleaned up. I just need to figure out why I’m not getting the “Domain Users” group, and which could address the other question as to why I’m getting

System.Object[]

on others or not all the groups. I’m sure it is in that AD-Groups logic in some fashion.

5

The “Primary Group” of a user which usually is the “Domain Users” group is not listed in the MemberOf attribute. :wink:

6

Well, that’s just silly. :smiley:

I added a line to put the Domain Users in. I only destroy and recreate the array once outside the ForEach loop so it scales still okay.

Still figuring out the systemobject thing and a few other oddities that I see (last names aren’t captured). Have to ensure the data I’m pulling is valid.

Let’s close this thread and award Gryffindor the house cup!