Script to Output ADUser, Group, and Enabled to CSV

Hi all!

I’m trying to put together a script that grabs all enabled users from AD and the respective groups of which they are a member. Finally, I would like to have the output go to a CSV.

I found this script which appears to do what I am looking for, but the output is non-existent; the file is blank. I guess the good thing is there are no errors.

$DateTime = Get-Date -f "yyyy-MM"

Get-ADGroup  -filter "enabled -eq 'true'"| Foreach-Object{
$Grp = $_ | Select Name, GroupCategory, Groupscope
$users = Get-ADGroupMember $_ |get-aduser  -filter "enabled -eq 'true'" |select Name

        New-Object -TypeName PSObject -Property @{
        member =      $Users.Name
        GroupName =   $
        Groupscope =  $grp.GroupScope
        GRPCategory = $grp.GroupCategory

} |select Member,Groupname,Groupscope,Grpcategory| Export-Csv "C:\Scripts\Output\AD_Groups_and_Users $DateTime.csv" -NoTypeInformation

I must mention that I am very green to PS and have no clue as to how to modify a script other than basic things.

Please help!

You’ve got a couple of things going on.

$users and $grp both contain multiple objects. You need to enumerate those, in ForEach loops, so that you can work with just one thing at a time. “$Users” technically doesn’t have a name property; each object WITHIN it does, so you ned to get to those.

Also, your Select-Object bits are completely unnecessary.

Finally, CSV files are flat files. They’re meant to contain one entity per line. What you’re trying to do is include one user entity and multiple group entities per line. That’s not what CSV files are meant for, unfortunately. So if you’re going to do this, you’re going to have to find a way to “delimit” the list of groups, like putting a pipe between each name, so they can live within a single “column.” FWIW, I see people do this ALL THE TIME and it just creates a very hard-to-work0with output. If you were doing this right, you’d want TWO CSV files. One with user info, and another with one line for each username/group combination.

I suspect this might be easier to do if you got all the users, enumerated them, and then used their MemberOf property to figure out which groups they were in. As-is, getting all the groups and then the users in them is going to create a big, ugly cartesian set on you.

Best advice ever. Thank you!