Was wondering if you could help me with script.
This script would search a specific OU (let's say Disabled Users OU) and display all the AD groups all users are part of, the output to a CSV file showing Usernames and AD group names.
I have got a command that will display all AD groups of a user but I have to keep changing the username:
Get-ADPrincipalGroupMembership username_withoutdomain | select name
I have a script that requires the username entered and will display the AD group membership.
do {
write-host -NoNewline "Type username: "
$user = read-host
if ($user -eq "") { break }
(get-aduser $user -Properties memberof).memberof |
get-adgroup |
select -exp name
} while ($true)
I also know it is possible to do this via command prompt:
net userusername
Thanks for all assistance.
You can query all users under an OU by using the -SearchBase parameter, from there you can enumerate each user and then enumerate each group the user is a memberOf to generate your report:
$base = 'OU=disabledUsers,DC=domain,DC=com'
Get-ADUser -Filter * -SearchBase $base -Properties memberOf |
ForEach-Object {
foreach($group in $_.memberOf) {
[pscustomobject]@{
User = $_.Name
SamAccountName = $_.SamAccountName
MemberOf = $group -replace '^CN=|(?<!\\),.+'
}
}
} | Export-Csv path\to\report.csv -NoTypeInformation