0

I want to write script for getting AD Group Membership that is beginning with SSL_VPN for usernames listed in a CSV.

I have tried so far : 

Import-Csv C:\Users.csv | ForEach-Object -pv user { Get-AdUser -filter "displayname -eq '$($_.username)'"} | Get-ADprincipalGroupMembership | Select-Object @{ n = 'samaccountname'; e = { $user.samaccountname } }, name | Export-csv -path C:\UserPermiss.csv -NoTypeInformation
Improve this question
1
  • Does Get-ADPrincipalGroupMembership | Where Name -like 'SSL_VPN*' do what you need? It is hard to tell if your issues are filtering for the groups or outputting in the proper format in the CSV. Commented Feb 27, 2020 at 12:57

2 Answers 2

Reset to default
1

Getting users by their DisplayName property is not the safest thing to do. It would be so much better if your CSV file has other, more unique properties to go by, like SamAccountName, UserPrincipalName, DistinguishedName or EmailAddress..

Anyway, in your loop, you should check if a user with that name can be found and only if so, get the group membership.

Import-Csv 'C:\Users.csv' | ForEach-Object { $user = Get-ADUser -Filter "DisplayName -eq '$($_.username)'" -Properties DisplayName if ($user) { Get-ADprincipalGroupMembership -Identity $user.DistinguishedName | Where-Object { $_.name -like 'SSL_VPN*' } | Select-Object @{ Name = 'SamAccountName'; Expression = { $user.SamAccountName } }, @{ Name = 'Group'; Expression = { $_.name }} } else { Write-Warning "User '$($_.username)' not found" # if you want this message to also appear in your output CSV, do something like this: [PsCustomObject]@{ 'SamAccountName' = "User '$($_.username)' not found" 'Group' = '' } } } | Export-Csv -Path 'C:\UserPermiss.csv' -NoTypeInformation

If you want to see a warning message when the user is not a member of the SSL_VPN group, you can do:

Import-Csv 'C:\Users.csv' | ForEach-Object { $user = Get-ADUser -Filter "DisplayName -eq '$($_.username)'" -Properties DisplayName if ($user) { $group = Get-ADprincipalGroupMembership -Identity $user.DistinguishedName | Where-Object { $_.name -like 'SSL_VPN*' } if ($group) { [PsCustomObject]@{ 'SamAccountName' = $user.SamAccountName 'Group' = $group.name } } else { Write-Warning "User '$($_.username)' is not a member of ssl_vpn group" } } else { Write-Warning "User '$($_.username)' not found" } } | Export-Csv -Path 'C:\UserPermiss.csv' -NoTypeInformation
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

how can I add username is not member ssl_vpn group warning
@Arbelac Please see my edit. If the user DisplayName could not be found, the code now emits the warning message as object to the output aswell. Is that what you mean?
@Arbelac I also added code for displaying a warning when the user is not a member of the group
0

You can use something like this(frist line of csv must be samaccountname):

$users=Import-Csv D:\adusers.CSV foreach($user in $users){ $groupname=Get-ADPrincipalGroupMembership -Identity $user.samaccountname |where {$_.name -like "SSL_VPN*"}|select -ExpandProperty name if($groupname -ne $null){ foreach($group in $groupname){ [string]$data=($user|select -ExpandProperty samaccountname)+';'+$group $data|Out-File -FilePath d:\stack.csv -Encoding utf8 -Append } } }
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.