List AD Groups, members, count of AD membership per person of specific AD Groups

Dear PowerShell.org community

This is my first post, so hopefully I have not missed anything.

I have hit brick wall on the next step to troubleshoot.

In a nut shell what I am trying to achieve is to list Active Directory Group Name that starts with the prefix of AXCH (as an example) list the username\members in these Active Directory Groups and finally the count of many AD Group membership per person\user for AD groups starting with the prefix of AXCH. (AXCH is a made up example)

Some of the script is working, and getting the result I need it is just the final part, of getting the count command to work to count how many AD groups per individual user is a member of any AD group starting with the name of AXCH.

Below is the script

$adgroups = Get-ADGroup -Filter {name -like "*AXCH*"}  
 
$data = foreach ($adgroup in $adgroups) {
    $members = $adgroup | get-adgroupmember -Recursive  
    foreach ($member in $members) {
        [PSCustomObject]@{
            Group = $adgroup.name
            NumberofMembersinADGroup = ($members.DistinguishedName).count
            Members = $member.name
            NumberofGroupsUserMemberOf = ($member.DistinguishedName).count                   
                    }    
           }
}
     
$data  

So what this script s doing is from the top, find AD group that match\begin with the name of AXCH (made up name), then using the variable of $adgroups use a “for each” command to find nested ad groups and members.

The script is working up to a point and I can export to the screen or into a CSV file. The problem I am facing if the line highlighted in RED also pasted below

NumberofGroupsUserMemberOf = ($member.DistinguishedName).count

Basically I thought by using the command, would count how many AD groups per individual user is a member of any AD group starting with the name of AXCH.

Instead the command returns the count value of 1. Which I guess when I think about makes sense as it is counting the member name of the AD groups starting with AXCH and you can only have one AD account with the same name in one group. Which is perhaps I am thinking I need to do a different command, hence why I am making my first post in here.

So to clarify for example made up username called “Joe blogs” exist in several AD groups that have the prefix of AXCH (again made up AD group name) so he is a member of AXCH-1 \ AXCH-2 \ AXCH-3 & AXCH-4 what I would like is for a command to count those 4 AD groups and give me a return value of 4 against his user name, as he is a member of 4 AD groups.

At the moment my scripts returns the value of 1 even though he is a member of multiple AD groups.

If anyone could help with a command I could add to my script, or if I have to create a new script all together just so I can create a report that list the AD Group, the individual member\username, and then count value of how many AD Groups membership per member for AD groups starting with the prefix of AXCH

Many Thanks for taking the time to read this post.

Best

Paul

 

Paul, welcome to Powershell.org.

If I got it right it might be better/easier to run 2 separate queries to get the info you’re after.

$Pattern = '*AXCH*'
$ADGroupList = Get-ADGroup -Filter "name -like '$Pattern'" 
 
$GroupStatistics = 
foreach ($ADGroup in $ADGroupList) {
    $MemberList = Get-ADGroupMember -Identity $ADGroup.sAMAccountName  -Recursive | Where-Object {$_.objectClass -eq 'user'}
        [PSCustomObject]@{
            ADGroup                      = $ADGroup.name
            ADGroupMemberCount   = ($MemberList.DistinguishedName).count
            ADGroupMemmberList = $MemberList.sAMAccountName -join ','
    }
}
$GroupStatistics | Format-Table -AutoSize # -Wrap


$UniqueMemberList = $GroupStatistics.ADGroupMemmberList | foreach-object { $_ -split ',' } | Sort-Object -Unique
$GroupMemberStatistics = 
foreach ($Member in $UniqueMemberList) {
    $ADUser = Get-ADUser -Identity $Member -Properties MemberOf
    [PSCustomObject]@{
        ADUser = $ADUser.name
        ADGouprCount = ($ADUser.MemberOf | Where-Object { $_ -match $Pattern }).count
    }
}
$GroupMemberStatistics | Format-Table -AutoSize

Hi Olaf

Firstly thank you very much for taking the time to read and reply to my post, it is much appreciated, I am definitely further then I was, and enjoyed understanding how you would script something.

Hit a problem with the final part of the script for the line

ADGouprCount = ($ADUser.MemberOf | Where-Object { $_ -match $Pattern }).count

It gives the following error message when the script run as a whole

 parsing "*EXCH*" - Quantifier {x,y} following nothing.
At line:23 char:59
+ ... Count = ($ADuser.MemberOf | Where-Object { $_ -match $Pattern }).coun ...
+                                                ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (:) [], ArgumentException
    + FullyQualifiedErrorId : System.ArgumentException

So EXCH is the filter I am using for the variable for $Pattern to find AD Groups that begin with EXCH. All the other parts of the scripts work fine and gets the results needed.

From the trouble shooting I have done so far is if I change the command below to just use .count I get further and it actually count each user ad group members but for All AD groups not just ones that start with EXCH.

   
ADGouprCount = $ADuser.MemberOf.Count

It seems to not like the variable of $Pattern if I change the command to use the below command, it run without error but I get no AD group Count.

 ADGouprCount = ($ADUser.MemberOf | Where-Object { $_ -match $ADGroupList }).count 

I find it a bit odd as the first section of the script runs for the $GroupStatistics section, which uses that variable of $Pattern so it is unclear why it fails to use this variable for the second part of the script.

So to re-iterate the only part that is failing in the script is getting the ADGroupCount for specific groups that start with EXCH

Is there anything you can suggest \ troubleshooting steps \ alternative command.

Many thanks

Paul

Paul, … sorry … stupid me.

Of course I tested the code but of course with another pattern. One that could provide results in my environment. Then I copied the code here and just changed it to fit your need by just taking your pattern. When you use the operator -match then you’re using regular expressions and for regular expressions the asterisk (*) is a special charachter. And you your case we actually do not need it at all. So try to change your pattern to be ‘EXCH’ instead of EXCH and it should work (I hope).

I’m afraid to edit my already existing post because they often get blocked when editted again. So here an additional explanation.

As I mentioned the asterisk (*) is a special charachter when it comes to regular expressions. In particular it means “whatever comes before the asterisk should appear 0 or more times”. So it’s shorthand for the quantifier “{0,}

In your case there is nothing before the asterisk. That’s why the error “… Quantifier {x,y} following nothing.” raises.

If you like to read more about regular expressions - here is a good place to start: https://www.regular-expressions.info

Hi Olaf

Many Thanks for your reply, that did the trick able to produce the report I needed.

Also thank you for the providing documentation on regular expressions \ study material as that was going to be my next question.

Are there any good online courses \ websites \ books you recommend to learn power shell?

I am currently going through online courses by Don Jones \ Jeff Hicks \ Michael Bender. It is helping but would you recommend any sites \ material that really help you get to your level \ anything you would recommend?

Many Thanks Again

Paul

I work with Powershell for about 13 years now. The most experience comes with time. For beginners I usually recommend the beginner video course with Jeffrey Snover but I think your level is already above that. A free book to look something up if needed could be this: Windows PowerShell™ 4: TFM. I think the best way to get better is practice practice practice. :wink: