Search AD with user input

I am having issues getting this to work with all AD groups. Some groups return what I am looking for but the Termination OU is not returning anything. What may I be missing?

#Set target OU
$GroupsOU = "DC=fake,DC=local"
import-module ActiveDirectory

$Searchterm = read-host -Prompt "type the group name to export and press enter.  Be precise, as the search will be *text* against the name (not DN)."

#Set export location, remove if exists
$exportpath = ([environment]::getfolderpath("desktop") + "\GroupMatchMemberExport" + $Searchterm + ".csv")
$FilePathTest = test-path -Path $exportpath
if ($FilePathTest) {remove-item -path $exportpath}

#Prep Export object Array
$ExportArray = @()

#Get all groups with name similar to searchterm 
$MatchedGroups = get-adgroup -filter "name -like '*$searchterm*'" -SearchBase $GroupsOU -Properties name, sid, DESCRIPTION, objectGUID

#For each group, get members, and iterate through, adding each with group details
foreach ($group in $MatchedGroups)
    {
        #Get all group members
        $GroupMembers = get-adgroupmember -identity $group.objectGUID -Recursive
        #Iterate through grabbing the SAM and exporting with the group name, descrcription, and sid
        foreach ($user in $GroupMembers)
            {   
                #Grab user details
                $TargetMember = get-aduser -filter {name -like $user.name} -Properties SamAccountName, UserPrincipalName, givenname, surname, name, distinguishedname, sid
                #Add to export array
                write-host ('Adding information for ' + $TargetMember.SamAccountName + ' to export array.  ')
                $ExportObject = New-Object System.Object
                $ExportObject | Add-Member -MemberType noteproperty -force -Name "Path" -Value $group.DESCRIPTION
                $ExportObject | Add-Member -MemberType noteproperty -force -Name "GroupNAME" -Value $group.name
                $ExportObject | Add-Member -MemberType noteproperty -force -Name "GroupSID" -Value $group.sid
                $ExportObject | Add-Member -MemberType noteproperty -force -Name "User Name" -Value ($TargetMember.givenname + ' ' + $TargetMember.surname)
                $ExportObject | Add-Member -MemberType noteproperty -force -Name "SAMaccountname" -Value $TargetMember.SamAccountName
                $ExportObject | Add-Member -MemberType noteproperty -force -Name "UsesPrincipleName" -Value $TargetMember.UserPrincipalName
                $ExportObject | Add-Member -MemberType noteproperty -force -Name "distinguishedname" -Value $TargetMember.distinguishedname
                $ExportObject | Add-Member -MemberType noteproperty -force -Name "UserSID" -Value $TargetMember.sid
                #add object to array
                $ExportArray += $exportObject
            }
    }

#Export 
write-host "Exporting pending values.."
 $ExportArray | Export-Csv -path $exportpath -NoTypeInformation
 write-host "Process complete.  Press enter to exit.. "
 Read-Host

Scott,
Welcome to the forums.

Before we proceed could you please format your code as code? Without the proper format it is hard to copy and review it. Please edit your original post - do not create a new one.

Thanks in advance.

Hi Olaf,
Thanks for the suggestion. With me being new to the forums how would I go about formatting my code as code.
Thanks.

image

I streamlined your code a little bit to make it a little bit easier to read …

$GroupsOU = 'DC=fake,DC=local'
$Searchterm = read-host -Prompt 'type the group name to export and press enter.  Be precise, as the search will be *text* against the name (not DN).'
$exportpath = ([environment]::getfolderpath('desktop') + '\GroupMatchMemberExport' + $Searchterm + '.csv')
if (Test-Path -Path $exportpath) { Remove-Item -Path $exportpath -Confirm}

$MatchedGroups = Get-ADGroup -Filter "name -like '*$searchterm*'" -SearchBase $GroupsOU -Properties DESCRIPTION
$ExportArray = 
foreach ($group in $MatchedGroups) {
    $GroupMembers = Get-ADGroupMember -Identity $group.objectGUID -Recursive
    foreach ($user in $GroupMembers) {   
        $TargetMember = Get-ADUser -Identity $($user.DistinguishedName)
        [PSCustomObject]@{
            Path              = $group.DESCRIPTION
            GroupNAME         = $group.name
            GroupSID          = $group.sid
            UserName          = ($TargetMember.givenname + ' ' + $TargetMember.surname)
            SAMaccountname    = $TargetMember.SamAccountName
            UsesPrincipleName = $TargetMember.UserPrincipalName
            distinguishedname = $TargetMember.distinguishedname
            UserSID           = $TargetMember.sid
        }
    }
}

$ExportArray | Export-Csv -Path $exportpath -NoTypeInformation

But I do not know what you mean with “Termination OU”!?

In our AD structure there is an OU that is called terminations. Please see picture
terminations_OU

But you are only searching the OU you specified as search base !? … or did I get something wrong? :thinking:

I want to search the whole domain. That way when a tech wants to look at any ou it should display. Am I completely wrong on this code?

If your “Terminations” OU is a sub OU of the OU you provide as the SearchBase for Get-ADGroup you should find groups inside this OU if there are some groups at all and if you provided the proper “searchterm” for the filter.