My dear colleagues, below script to list the members of all Active Directory domain security groups:
$ Groupinfo = "| Select 'Group Name', 'Group Description', 'Member Name', 'Member Description'
AllGroups = $ @ ()
$ MyGroups = Get-ADGROUP -filter {GroupCategory -eq "Security"} -SearchBase "dc = DOMAIN, DC = LOCAL" -Properties Name, Member | select Name, Member
foreach ($ Group in $ MyGroups) {
$ GroupInfo.'Group Name '= $ Group.Name
$ GroupInfo.'Group Description '= $ Group.Description
foreach ($ Member in $ Group.Member) {
$ User = Get-Member ADUser $ -Properties Name | select Name
$ GroupInfo.'Member Name '= $ User.Name
$ Groupinfo | select 'Group Name', 'Member Name'
$ AllGroups + = $ groupinfo | Select 'Group Name', 'Member Name'
}
}
AllGroups = $ @ ()
$ MyGroups = Get-ADGROUP -filter {GroupCategory -eq "Security"} -SearchBase "dc = DOMAIN, DC = LOCAL" -Properties Name, Member | select Name, Member
foreach ($ Group in $ MyGroups) {
$ GroupInfo.'Group Name '= $ Group.Name
$ GroupInfo.'Group Description '= $ Group.Description
foreach ($ Member in $ Group.Member) {
$ User = Get-Member ADUser $ -Properties Name | select Name
$ GroupInfo.'Member Name '= $ User.Name
$ Groupinfo | select 'Group Name', 'Member Name'
$ AllGroups + = $ groupinfo | Select 'Group Name', 'Member Name'
}
}
$ AllGroups | Export-CSV allginfo.csv -NoTypeInformation
We can use the same script to filter out members of a single chain.For it changed the filter parameter $ MyGroups = Get-ADGROUP -filter {GroupCategory -eq "Security"} that selects all domain security groups for $ MyGroups = Get -ADGroup -filter {Name -eq "groupname"}.
I hope you find it useful!
No comments:
Post a Comment