Need a little help with syntax

by Jod_Lan at 2013-02-25 11:55:00

I’m using Quest ActiveRoles Management Shell snap-in to pull some info from a specific security group, but I need a little help with my syntax. Here is the command I’m using:

Get-QADGroupMember “Example_Group” -SizeLimit 3500| Export-CSV -path “C:\export\Example_Group.csv”

This command works fine, but it pulls over 100 attributes per user that I don’t need to look at, and takes a while to run. All I really need is DisplayName, LogonName, AccountIsDisabled, and LastLogon exported to a csv file in that order. Total group membership is around 3000, hence the -SizeLimit command. I’m not sure which parameter to use to limit the search to just these attributes. I’ve been looking over the administrators guide, but so far it hasn’t been obvious to me which parameter to use. I think I’m supposed to use -UseDefaultExcludedProperties in conjunction with -IncudeAllProperties but I’m just not sure how to type it in. Any help is appreciated.
by kittH at 2013-02-25 11:58:44
Rather than filtering what properties the command returns, it is much simpler to select only the objects you want to include in the CSV and then pipe that out…

Get-QADGroupMember “Example_Group” -SizeLimit 3500| Select-Object DisplayName, LogonName, AccountIsDisabled, LastLogon | Export-CSV -path “C:\export\Example_Group.csv”
by Jod_Lan at 2013-02-25 12:36:52
Thanks kittH that worked perfectly. I even added -NoTypeInformation at the end of it all to get rid of that first row with the type of search. I’m a super n00b when it comes to powershell, so not knowing the Select-Object was probably a given. I need to get back on CBT Nuggets for Powershell.
by Christopher.Ellis at 2013-02-26 11:45:55
I tried the command below, Pressed enter, powershell process about 15 seconds and returned no error, I then ran it again with | ft Name, PasswordExpired, no values returned, no errors, what is powershell doing when no errors occur

PS C:> get-adgroupmember ‘non_cbs_employees’ | where-object {$.PasswordExpired -eq ‘True’}
PS C:> get-adgroupmember ‘non_cbs_employees’ | where-object {$
.PasswordExpired -eq ‘True’} | ft Name, PasswordExpired
PS C:>
by ArtB0514 at 2013-02-26 13:00:12
If you do a Get-Member -MemberType *Property on one of the objects returned by Get-ADGroupMember, you will discover that the PasswordExpired property is not included. Thus, Where-Object will always return $false. You need to do some more work (e.g., a Get-ADUser against each of the members).

(Get-ADGroupMember ‘some-group-name’)[0] | Get-Member -MemberType *property

TypeName: Deserialized.Microsoft.ActiveDirectory.Management.ADPrincipal

Name MemberType Definition
---- ---------- ----------
PSComputerName NoteProperty System.String PSComputerName=hou-gc-03
PSShowComputerName NoteProperty System.Boolean PSShowComputerName=True
RunspaceId NoteProperty System.Guid RunspaceId=e5b11c8b-b9a7-4ff9-86a6-6814160ea701
distinguishedName Property System.String {get;set;}
name Property System.String {get;set;}
objectClass Property System.String {get;set;}
objectGUID Property System.Guid {get;set;}
SamAccountName Property System.String {get;set;}
SID Property System.String {get;set;}