Export AD Group

Glenn Maxwell 10,146 Reputation points
2022-08-24T21:52:45.85+00:00

Hi All

i have an AD group lets say gp1 it has 100 AD groups with in it and 5 users. i want to export these AD groups and 5 users to csv file. my output should be 100AD groups and 5 users i.e 105. i dont want to export all the users with in the AD groups.

when i use the below syntax i am not getting the output. experts please correct me 

$Input = "Name,Description,UserprincipalName,SamAccountName,office,DepartmentNumber,Department" -split ','  
Get-ADGroupMember -Identity "GP1"  |   
Get-ADUser -Properties $Input  |   
Select-Object $Input  |   
Export-CSV -Path C:\temp\output.csv -NoTypeInformation
Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,474 questions
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,383 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,912 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,383 questions
0 comments
Accepted answer
  1. Rich Matheisen 45,096 Reputation points
    2022-08-25T02:17:46.517+00:00

    I think @Rafael da Rocha had it almost right. Revamping his code a bit to place the membership of each group into a separate CSV was, I think, what you were looking for though.

    Since you only want the membership of the main group and its immediate child groups you can do this without using recursion: 

    $Input_Users = "Name,Description,UserprincipalName,SamAccountName,office,DepartmentNumber,Department" -split ','  
$GroupNames = @()  
  
# get the users in the main group  
Get-ADGroupMember -Identity "GP1" |  
    ForEach-Object {   
        if ($_.objectClass -eq "user") {   
            Get-ADUser $_.SamAccountName -Properties $Input_Users | Select-Object $Input_Users   
        }   
        elseif ($_.objectClass -eq "Group") {   
            $GroupNames += $_.distinguishedName  
        }   
    } | Export-Csv -Path C:\temp\ParentGroupUsers.csv -NoTypeInformation  
# get the users (ignoring other ogject types) that are members of each child group  
# place the users in a unique CSV for each group  
ForEach ($group in GroupNames){  
    $g = "c:\temp\{0}.csv" -f (Get-ADGroup -Identity $group).Name  
    Get-ADGroupMember -Identity $group |  
        ForEach-Object{  
            Get-ADUser $_.SamAccountName | Select-Object $Input_Users  
        } | Export-Csv $g -NoTypeInformation  
}
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rafael da Rocha 5,076 Reputation points
    2022-08-24T22:58:19.667+00:00

    Hello,
    You're not getting the output probably because when get-aduser tries a group that is a member of the first one, it errors and breaks the script.
    Try this: 

    $Input_Users = "Name,Description,UserprincipalName,SamAccountName,office,DepartmentNumber,Department" -split ','  
$input_Groups = "Name,Description,SamAccountName" -split ','  
Get-ADGroupMember -Identity "GP1" |  
ForEach-Object {if ($_.objectClass -eq "user") {Get-ADUser $_.SamAccountName -Properties $Input_Users | Select-Object $Input_Users}   
elseif ($_.objectClass -eq "Group") {Get-ADGroup $_.SamAccountName -Properties $input_Groups | Select-Object $input_Groups}} |  
Export-CSV -Path C:\temp\output.csv -NoTypeInformation
    0 comments