AD User Export - Looping through different OU's

Question

Hi
I wonder if you can assist with a PS script I am working on, I am exporting AD users and their security groups for specific OU's as we have a number of user based OU's for 3rd parties etc which I need to ignore.

The script runs but only when I specify an OU I have tried to import a .txt file of the OU's but am unsure how to loop through the imported .txt file list.

The script below includes the original way I was able to export just hashed out

#$OU = "OU=Office 1,OU=User Office Locations,DC=Dummy,DC=CO,DC=UK"  
$OU = Get-Content "C:\Scripts\AD\UserSecGroupExport\OUList.txt"  
  
foreach($Site in $OU)  
{  
  
$List = Get-ADUser -Filter * -Properties surname,givenname,samaccountname,mail,manager,office,physicaldeliveryofficename,enabled,memberof -searchbase $Site |   
    ForEach-Object {  
        $User = $_  
        $User.memberof |   
            ForEach-Object {  
            [PSCustomObject]@{  
            Surname = $User.surname  
                    FirstName = $User.givenname  
            SamAccountName = $User.samaccountname  
                    EmailAddress = $User.mail  
                    LineManager = $user.manager  
                    Office = $user.office  
                    PhysicalOffice = $user.physicaldeliveryofficename  
                    Enabled = $User.enabled  
                    GroupName = Get-ADGroup -Identity $_ | Select-Object -ExpandProperty Name  
                    GroupDescription = Get-ADGroup -Identity $_ -Properties * | Select Description  
                    GroupCategory = Get-ADGroup -Identity $_ -Properties * | Select GroupCategory  
                    GroupMail = Get-ADGroup -Identity $_ -Properties * | Select mail  
            }    
            }    
    }    
  }  
  
$List  
#$List | Export-Csv -Path "C:\Scripts\AD\UserSecGroupExport\GroupMembershipExport-$(get-date -format dd_MM_yyyy).csv" -Append -NoTypeInformation -Encoding UTF8  
$List | Export-Csv -Path "C:\Scripts\AD\UserSecGroupExport\GroupMembershipExport-$(get-date -format dd_MM_yyyy).csv" -NoTypeInformation -Encoding UTF8  

Errors with:

Get-ADUser : The supplied distinguishedName must belong to one of the following partition(s): 'DC=Dummy,DC=CO,DC=UK , CN=Configuration,DC=Dummy,DC=CO,DC=UK ,   
CN=Schema,CN=Configuration,DC=Dummy,DC=CO,DC=UK , DC=DomainDnsZones,DC=Dummy,DC=CO,DC=UK , DC=ForestDnsZones,DC=Dummy,DC=CO,DC=UK'.  
At line:7 char:9  
+ $List = Get-ADUser -Filter * -Properties surname,givenname,samaccount ...  
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
    + CategoryInfo          : InvalidArgument: (:) [Get-ADUser], ArgumentException  
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser  

.txt files looks as below:
"OU=Office 1,OU=User Office Locations,DC=Dummy,DC=CO,DC=UK"
"OU=Office 2,OU=User Office Locations,DC=Dummy,DC=CO,DC=UK"

I'm sure this will be simple but can't get my head round why the AD user loop works fine when I reference a single OU but trying to loop through multiple OU's just doesn't play nicely for me.

Any help would be great folks.

Answer 1

Possibilities are that you have an empty line in the input file. Or leading or trailing space(s) in one or more lines in the input file. Or, if I take your input file contents literally, there are quotation marks at the beginning and end of each line!

See if this works any better:

Get-Content "C:\Scripts\AD\UserSecGroupExport\OUList.txt" |
    ForEach-Object{
        $Site = $_.Trim()
        $Site = $Site.Trim('"')
        if ($Site.Length -gt 13){       # long enough to hold DC's and at least one OU?
            Get-ADUser -Filter -Properties surname, givenname, samaccountname, mail, manager, office, physicaldeliveryofficename, enabled, memberof -searchbase $Site |
                ForEach-Object {
                    $User = $_
                    $User.memberof |
                        ForEach-Object {
                            $g = Get-ADGroup -Identity $_ -Properties *
                            [PSCustomObject]@{
                                Surname          = $User.surname
                                FirstName        = $User.givenname
                                SamAccountName   = $User.samaccountname
                                EmailAddress     = $User.mail
                                LineManager      = $user.manager
                                Office           = $user.office
                                PhysicalOffice   = $user.physicaldeliveryofficename
                                Enabled          = $User.enabled
                                GroupName        = $g.Name
                                GroupDescription = $g.Description
                                GroupCategory    = $g.GroupCategory
                                GroupMail        = $g.mail
                            }
                        }
                }
            }
    } | Export-Csv -Path "C:\Scripts\AD\UserSecGroupExport\GroupMembershipExport-$(Get-Date -format dd_MM_yyyy).csv" -NoTypeInformation -Encoding UTF8

Answer 2

When posting ode, please use the "Code Sample" editor. It's the 5th icon from the left on the Format Basr and is uses the graphic "101 010".

The "normal" editor mangles the code. It removes certain characters, treats some comments as if they should be in a different font size and bolded, makes it difficult to separate code from surrounding commentary, etc.

Please edit your post so the code is usable.