SyntaxFix

[powershell] How to list AD group membership for AD users using input list?

I'm fairly new PS user... Looking for some assistance with a powershell script to obtain list of security groups user is member of.

To describe what I need:

  • I have input list (txt file) with many users (samaccountnames). Every name is on a new line.
  • I need the script to search these names in AD - whole forest, not just one single domain
  • output should look like "samaccountname" and list of groups this account is member of in one line, so I can sort it in excel

This is the script I have:

$users = Get-Content C:\users.txt

ForEach ($User in $users) {
  $getmembership = Get-ADUser $User.Users -Properties MemberOf | Select -ExpandProperty memberof
  $getmembership | Out-File -Append c:\membership.txt 
}

but it throws me an error:

Get-ADUser : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument and try the command again.
At line:4 char:28
+ $getmembership = Get-ADUser <<<<  $User.Users -Properties MemberOf | Select -ExpandProperty memberof
    + CategoryInfo          : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser

Anyway, this script wouldn't search the whole forest.

Sample input list:

username1
username2
username3
username4... etc

Sample output list

username1;group1;group2;group3
username2;group1;group2;group3;group4... etc or something similar

Any help would be greatly appreciated.

This question is related to powershell active-directory membership

The answer is

Or add "sort name" to list alphabetically

Get-ADPrincipalGroupMembership username | select name | sort name

Get-ADPrincipalGroupMembership username | select name

Got it from another answer but the script works magic. :)

Everything in one line:

get-aduser -filter * -Properties memberof | select name, @{ l="GroupMembership"; e={$_.memberof  -join ";"  } } | export-csv membership.csv

The below code will return username group membership using the samaccountname. You can modify it to get input from a file or change the query to get accounts with non expiring passwords etc

$location = "c:\temp\Peace2.txt"
$users = (get-aduser -filter *).samaccountname
$le = $users.length
for($i = 0; $i -lt $le; $i++){
  $output = (get-aduser $users[$i] | Get-ADPrincipalGroupMembership).name
  $users[$i] + " " + $output 
  $z =  $users[$i] + " " + $output 
  add-content $location $z
}

Sample Output:

Administrator Domain Users Administrators Schema Admins Enterprise Admins Domain Admins Group Policy Creator Owners
Guest Domain Guests Guests
krbtgt Domain Users Denied RODC Password Replication Group
Redacted Domain Users CompanyUsers Production
Redacted Domain Users CompanyUsers Production
Redacted Domain Users CompanyUsers Production

Source: Stackoverflow.com

Examples related to powershell

Why powershell does not run Angular commands? How do I install the Nuget provider for PowerShell on a unconnected machine so I can install a nuget package from the PS command line? How to print environment variables to the console in PowerShell? Check if a string is not NULL or EMPTY The term 'ng' is not recognized as the name of a cmdlet VSCode Change Default Terminal 'Connect-MsolService' is not recognized as the name of a cmdlet Powershell Invoke-WebRequest Fails with SSL/TLS Secure Channel Install-Module : The term 'Install-Module' is not recognized as the name of a cmdlet Change directory in PowerShell

Examples related to active-directory

Powershell: A positional parameter cannot be found that accepts argument "xxx" How to switch to another domain and get-aduser How can I verify if an AD account is locked? Powershell script to see currently logged in users (domain and machine) + status (active, idle, away) Querying Windows Active Directory server using ldapsearch from command line How to list AD group membership for AD users using input list? Import-Module : The specified module 'activedirectory' was not loaded because no valid module file was found in any module directory What are CN, OU, DC in an LDAP search? PowerShell script to return members of multiple security groups How do I get specific properties with Get-AdUser

Examples related to membership

How to list AD group membership for AD users using input list? "The system cannot find the file specified" Check if something is (not) in a list in Python

Tags

Azman Onactionexecuting Algebraic-data-types Http-request-parameters Bigdecimal Executionengineexception Remote-connection Wpmu Ihttphandler Isolatedstorage External-dependencies Account-management Uitabview Static-functions Safe-browsing Zend-filter Compiler-errors Return Server-core Corflags Mpeg-2 Reintegration Data-scrubbing Payment-processing Shouldstartload Loadviewstate Firefox-3 Ptr-vector Prado Async-workflow Gd Cloud Jinfo Form-helpers Azure-queues Configuration Richtext Nmock2 Cloud-foundry White-labelling Binsor Ilist Database-comparison Cookie-path Html-manipulation Watij Server-push Xypic Android-manifest Atmega Geshi Mongrel-cluster Boost-signals2 Isset Db2-connect Plot Phpfox Filegroup Mailmessage Casbah Dih Time-and-attendance Gnu-assembler Boost-spirit-qi Confirmation Uiswitch Http-referer Wingdings Wtl Time-travel Godi Import-from-excel Computational-finance Django-openid-auth Desktop-wallpaper Optional-arguments Mysource Export-to-word Outputdebugstring Escape-analysis Pep8 Custom-sections Android-ui Bmp Coupling Boundfield Slidetoggle Libpcap Sicstus-prolog Lower-bound Custom-model-binder Conkeror Event-wait-handle Yield-return Strtotime Hdl Treetable Scientific-computing Asio Persistent-data