Share via

Issues with Powershell script

Robert C. Dobbs 1 Reputation point
2021-10-21T04:32:28.677+00:00

I'm trying to build a powershell script that will get a list of users from one group, then collect what AD groups each user is a member of and if any of the ad groups match a special list of ADgroups. The script with output them to a CVS file. The CSV file would be "username,Group1,group2,group3, ect.. with true/yes for each group the user is a member of.

here is what I have so far, any help would be appreciated or any recommendations on a better way to accomplish this.

import-module activedirectory

$Base-users-Group = get-adgroupmember ADgroup | select samaccountname

$Grouplist = 'ADGroupA','ADGroupB','ADGroupC'

Get-adprincipalGroupMembership username | select name

foreach ($user in $sdzusers)
{
$membershiplist = Get-adprincipalgroupmembership $user |select name |Where-Object -Property name -Like $grouplist
foreach ($member in $membership)
{
$obj = new-object PSobject
$obj | add-member Noteproperty username $user
$obj | add-member Noteproperty SDZ-MSAccess2010 if ($member -eq "ADGroupA") {Write-host ("yes")} else{ write-host ("no") }
$obj | add-member Noteproperty SDZ-MSAccess2003 if ($member -eq "ADGroupB") {Write-host ("yes")} else{ write-host ("no") }
$obj | add-member Noteproperty SDZ-MSOffice2010 if ($member -eq "ADGroupC") {Write-host ("yes")} else{ write-host ("no") }

      $arr += $obj      }}
Windows for business | Windows Server | User experience | PowerShell
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rich Matheisen 48,116 Reputation points
    2021-10-21T19:05:45.203+00:00

    See if this works for you. It's a bit more complicated, but you only have to change the $BaseGroup value and the keys/values in the $GroupToColumn has to make it work for any group name to whatever column name you want in the result. 

    $BaseGroup = 'GroupX'

# keys are group names, values are column names
$GroupToColumn = @{ 
    'GroupA' = 'SDZ-MSAccess2010'
    'GroupB' = 'SDZ-MSAccess2003'
    'GroupC' = 'SDZ-MSOffice2010'
}
# create the hash used to build the PSCustomObject
$GroupNames = [string[]]($GroupToColumn.Keys)
$h = [ordered]@{
    User = ""
}
$GroupNames | 
    Sort-Object |
        ForEach-Object{
            $h[$GroupToColumn[$_]] = $false
        }

# Get each user that's a member of the base group
get-adgroupmember $BaseGroup | 
    Select-Object -Expand samaccountname |
        ForEach-Object{
            # Get this user's group membership
            $h.User = $_    # put the samaccount into the hash
            # set each group's "presence" in hash to $false 
            $GroupNames |
                ForEach-Object{
                    $h[$GroupToColumn[$_]] = $false
                }
            Get-ADPrincipalGroupMembership $_ |     # get the users group membership -- Should this use -RECURSE???
                ForEach-Object{
                    if ($GroupNames -contains $_.name){
                        $h[$GroupToColumn[$_.name]] = $true
                    }
                }
            [PSCustomObject]$h
        }

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.