0

I need to find AD group members from given groups in csv file as input. the groups contains Users and Groups also. below is sample input data

enter image description here

I wrote the below code. for users I am getting the output (i.e. for the first entry), but for the second one, as they are groups within group, I am not able to fetch the email.

$GroupCollection= Import-csv -Path "C:\Groups.csv" $Report = @() Foreach($Group in $GroupCollection){ $MemberGroup=@() $Group = $Group.'OPE DLs' if($Group -match '@') { $pos = $Group.IndexOf("@") $leftPart = $Group.Substring(0, $pos) } else { $leftPart = $Group } $MemberGroup = Get-ADGroupMember -identity $leftPart -recursive | Get-ADUser -Properties mail | Select-Object mail $MemberGroups = ($MemberGroup.mail) -join "`r`n" if($MemberGroups -ne ""){ $Out = New-Object PSObject $Out | Add-Member -MemberType noteproperty -Name 'Contract Details' -Value $Group.'Customer subset' $Out | Add-Member -MemberType noteproperty -Name 'Group Name' -Value $leftPart $Out | Add-Member -MemberType noteproperty -Name 'Member Groups' -Value $MemberGroups $Report += $Out } } $Report | Sort-Object Name | FT -AutoSize $Report | Sort-Object Name | Export-Csv -Path ‘C:\Group-MemberGroups-Report.csv’ -NoTypeInformation

Please let me know how to get the details. Is the approach is fine or there is any other way to do this.

expected output

enter image description here

Improve this question
1
  • You need to test inside a loop to see what kind of objects Get-ADGroupMember returned. If objectClass -eq 'user' then do Get-ADUser, elseif objectClass -eq 'group' then use Get-ADGroup. if objectClass -eq 'computer' then don't do anything Commented Jun 22, 2022 at 11:52

1 Answer 1

Reset to default
1

As commented, if the object returned by Get-ADGroupMember is a group, you won't get results by piping it through to Get-ADUser, because... it is a group, not a user.

You need to loop over the results and depending on what type the object is (group, user or computer) you use either Get-ADUser or Get-ADGroup (not interested in computer objects).

Try

$Report = foreach ($Group in $GroupCollection){ $groupName = ($Group.'OPE DLs' -split '@')[0] $groupMembers = Get-ADGroupMember -Identity $groupName -Recursive | ForEach-Object { $adObject = $_ switch ($adObject.objectClass) { 'group' { ($adObject | Get-ADGroup -Properties mail).mail } 'user' { ($adObject | Get-ADUser -Properties EmailAddress).EmailAddress } } } if (@($groupMembers).Count) { [PsCustomObject]@{ 'Group Name' = $groupName 'Contract Details' = $Group.'Customer subset' 'Member Groups' = $groupMembers -join [environment]::NewLine } } } $Report = $Report | Sort-Object 'Group Name' $Report | Format-Table -AutoSize $Report | Export-Csv -Path 'C:\Group-MemberGroups-Report.csv' -NoTypeInformation

Notes:

  • adding to an array with += is extremely wasteful because the entire array needs to be rebuilt in memory on each iteration
  • To take the group name as the part left of the @ character, I simply use the -split operator and take the first element ([0])
  • To output an object, I'm using a [PsCustomObject]@{..} construct rather than the old (pre PowerShell 3.0) New-Object PSObject method
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.