Need a script to read group names in a list. Find users in each group with "vendor" as Description output to a CSV thei group name and it members.

Question

Running this:
$grouplist = get-content c:\BAS\grouplist2321.txt
foreach ($group in $grouplist)
{
get-adgroupmember $group
get-aduser -properties Description -Filter "(Description -like "Vendor") -and (MemberOf -like "Enterprise Support/Groups")" | Select-Object name,description,memberof | Sort memberof | Export-Csv c:\BAS\Group.csv -notypeInformation}

The output comes back with the column headers Name ... Description. However I get all the names in the group. It's filtering just those with Vendor in their Description field.

Answer 1

See if this works better:

Get-Content c:\BAS\grouplist2321.txt |
    ForEach-Object{
        Get-ADGroupMember $_ |      # NOTE: This will return Users, Group, Computers, etc., so Get-ADUser may throw errors
            ForEach-Object{
                Get-ADUser -properties Description -Filter '(Description -like "Vendor") -and (MemberOf -like "Enterprise Support/Groups")' |
                    Select-Object name, description, memberof
            }    
    } |
        Sort-Object memberof | 
            Export-Csv c:\BAS\Group.csv -notypeInformation

I'm surprised your code ran at all! The quoting of the Filter string was incorrect. You used double-quotes inside a double-quoted string

Answer 2

This runs but the csv file is blank. It has something to do with the statement -and (MemberOf -like "Enterprise Support/Groups")'. If I remove this I get several duplicates of each user who's description is Vendor. Maybe as many as 25 for each.

My goal would be to get each Group name to be a header. followed by the list of users in that group. Should the Member of statement be written differently? The image I added shows the AD hierarchy. The Groups OU is where these groups reside.

Answer 3

I'm having some trouble conceptualizing how you want the results to look.

For each group in your input file you want a list of all users that are "vendors" and are also a member of another group named "Groups". Each "vendor" should report their name and their description properties. Is that correct? And you want it all reported on one line in a CSV?

If that's correct then the collection of the data is easy. The presentation won't work if you want a CSV that holds a reasonable number of columns . . . each member of the group would occupy two columns (name and description), and there would be two columns times the largest number of vendors in any of the groups in your input file.

OTOH, if you want one CSV row for each VENDOR and a column for each group of which they are a member, then you'd have a larger number of rows but the columns would only be as "wide" as the number of groups in the input file (plus two for the vendor name and description).

Here's some code that'll produce a PSCustomObject for each group that has an array of arrays for the vendors/descriptions.

$dn = (Get-ADGroup -Identity Groups).distinguishedname   # "Enterprise Support/Groups"
Get-Content c:\BAS\grouplist2321.txt |
    ForEach-Object {
        $vendorsingroup = @()
        $groupname = $_
        Get-ADGroupMember $_ | # NOTE: This will return Users, Group, Computers, etc., so Get-ADUser may throw errors
            ForEach-Object {
                $u = Get-ADUser -properties Description -Filter {(Description -like "Vendor") -and (MemberOf -contains $dn)}
                $x = $u.Name, $u.Description
                $vendorsingroup += ,$x          # the "magic comma"!! Create an array of arrays
            }
        [PSCustomObject]@{
            GroupName = $groupname
            Vendors = $vendorsingroup
        }
}

Answer 4

I think it's close. When I launch the script I get the following:

Also the output file is empty.

Answer 5

That sounds right. Output would be a csv with the group name listed and the users (members of the group with description Vendors) next to the group name.