Skip to main content

Export all group members of one or more particular groups in Active Directory Domain

 Export all group members of one or more particular groups in Active Directory Domain


You can Use this for Group Audit

Dear All,
I'll give you two different ways to export Domain Group members.

1. Simple way
Code:
csvde -f c:\Groups.csv -r "(sAMAccountName=CSRM-Web)" -l member

2. With powershell script,batch file
script will have three files groupaudit.bat ,groupaudit.ini and groupaudit.ps1 and all are on the same folder.



groupaudit.bat
Code:
@echo off
powershell .\groupaudit.ps1

groupaudit.ini
Code:
CN=GROUPNAME,OU=Groups,OU=Corp,DC=ChildDomainName,DC=EgyEng,DC=com
You list the groups you want to export their members each in one line with syntax above.

groupaudit.ps1
Code:
function Get-Members
    {
        param ($groupDN)
        
        $nested = @()
        $nesting = "false"
        $nl = [Environment]::NewLine
        $group = [ADSI] "LDAP://$groupDN"
        
        $retval = "Members of group: " + $group.cn + " (" + $group.distinguishedName + ")"
        
        foreach ($member in $group.member)
            {
                $user = new-object directoryservices.directoryentry("LDAP://$member")
                if ($user.objectclass -contains "group")
                    {
                        $retval = $retval + $nl + "+" + $user.cn
                        $nesting = "true"
                        $nested += $user.distinguishedname
                    }
                else
                    {
                        $retval = $retval + $nl + $user.SAMAccountName
                    }
            }
        
        if ($nesting -contains "true")
            {
                $retval = $retval + $nl + $nl + "Nested Group Members:"
                foreach ($g in $nested)
                    {
                        $retval += $nl
                        $retval += Get-Members($g)
                        $retval += $nl
                    }
            }
        return $retval
    }

foreach ($line in Get-Content ".\groupaudit.ini")
    {
        $output = ""
        $groupDN = $line
        $group = [ADSI] "LDAP://$groupDN"
        $groupName = $group.cn
        $runDate = Get-Date -format "yyyyMMdd-HHmmss"
        $outfile = ".\" + $groupName + "_" + $runDate + ".txt"
        
        Get-Members($groupDN) | Out-File -FilePath $outfile
    }
You have the option to change the line of
Code:
$retval = $retval + $nl + $user.SAMAccountName
instead of $user.SAMAccountName to $user.DisplayName to have a friendly name instead of login ID

Also you can export a .csv file instead of .txt by change the line
Code:
$outfile = ".\" + $groupName + "_" + $runDate + ".txt"
Change ".txt" to ".csv".

i uploaded the full folder in the below link.
http://www.4shared.com/rar/rOOQBZEd/groupaudit.html

Comments

Post a Comment

Popular posts from this blog

Calculate how much data can be transferred in 24 hours based on link speed in data center

  In case you are planning for migration via DIA or IPVPN link and as example you have 200Mb stable speed so you could calculate using the below formula. (( 200Mb /8)x60x60x24) /1024/1024 = 2TB /per day In case you have different speed you could replace the 200Mb by any rate to calculate as example below. (( 5 00Mb /8)x60x60x24) /1024/1024 =  5.15TB  /per day So approximate each 100Mb would allow around 1TB per day.
Post a Comment
Read more

Integration with vCloud Director failing after NSXT upgrade to 4.1.2.0 certificate expired

  Issue Clarification: after upgrade from 3.1.3 to 4.1.2.0 observed certificate to be expired related to various internal services.   Issue Verification: after Upgrade from 3.1.3 to 4.1.2.0 observed certificate to be expired related to various internal services.   Root Cause Identification: >>we confirmed the issue to be related to the below KB NSX alarms indicating certificates have expired or are expiring (94898)   Root Cause Justification:   There are two main factors that can contribute to this behaviour: NSX Managers have many certificates for internal services. In version NSX 3.2.1, Cluster Boot Manager (CBM) service certificates were incorrectly given a validity period of 825 days instead of 100 years. This was corrected to 100 years in NSX 3.2.3. However any environment originally installed on NSX 3.2.1 will have the internal CBM Corfu certs expire after 825 regardless of upgrade to the fixed version or not. On NSX-T 3.2.x interna...
Post a Comment
Read more

Recreating a VMFS-3 or VMFS-5 partition table in ESXi 5.x

For this kind of issues you need to engage VMware support on this, following any part of this article could lead to more complex situation if not ran by an expert.   Symptoms Datastore does not mount because of a lost or overwritten partition table.   Purpose When a VMFS partition is created in ESX 3.x or ESX 4.x, it has a Master Boot Record (MBR) partition map. The MBR is written to the first 512 B block (LBA0) and contains the information where the (VMFS) partition starts and ends. ESXi 5.0 introduced VMFS-5, which uses a GUID partition table (GPT) for new datastores. When a VMFS-3 partition is created in ESXi 5.x and is later updated to VMFS-5, the original partition map (MBR) is maintained. If the partition information of a VMFS datastore is deleted or overwritten (for example, by a Windows system with direct access to the same disks), it is impossible to determine if the partition map was GPT or MBR. The only time you can be sure that a GPT partition map was used is if th...
Post a Comment
Read more