Active Directory - List Groups and Members

miholmes

Good Morning,

I found this site while googling how to list groups and their members in AD. I originally found this thread - http://www.techexams.net/forums/off-topic/39040-list-users-groups-ad.html But it didn't seem to work, so I wanted to frame my situation and what I'm trying to do.

I'm trying to automate my user creation for the company I work for. So far I have everything working well except for the MemberOf tab. Basically in a perfect world I would love to have a command that would say please copy the groups from USER1 to NEWUSER's MemberOf tab.

I haven't been able to find a command that will do that (if there is one let me know ) So I thought I could export a list of all groups and their members. That way I could filter by username and get all of the groups they are a part of to add them through a script.

Basically for the output I would just want a CSV that would look something like this:



Group1
User1


Group1
User2


Group1
User3


Group1
User4


Group2
User2



Group2
User4


Group3
User1


Group3
User4



Now I will preface this with....I'm REALLY new to this, so I apologize if this seems like a ridiculous question. And I appreciate any direction you can point me in.

~Michael

meadIT

There's a powershell command called Add-ADGroupMember that will allow you to script adding users to a group. Give that a google.

blargoe

Something like this

$SourceUser = get-user "user1" - property MemberOf
$NewUser = get-user "user2"
$SourceUserGroups = $SourceUser.MemberOf
$SourceUserGroups | add-adgroupmember -members $NewUser

the_Grinch

Everyone is the person you want to speak with, he is a Powershell god!

Everyone

Maybe a demigod at best... I can talk to the PowerShell god(s), and I've met one of them in person, that's about it.

blargoe sort of has the right idea, but his example won't work... Get-User is only available with the Exchange snap-in loaded, and it doesn't return MemberOf. Even if it did, that example would only work if the user was only a member of 1 group, it wouldn't handle being a member of multiple groups.

To get group membership from a specified user, you need the AD Snap-in loaded (2008 R2, for 2003, you'll need to use the 3rd party Quest AD Tools and the appropriate cmdlets that come with them).

The command is:
(Get-ADUser -Identity username -Properties MemberOf | Select MemberOf).MemberOf

Add-ADGroupMember is the correct command to add a user to a group.

You'll have to use Import-CSV to work with your CSV file.

You'll need to set some variables, and work with a couple ForEach statements in your script, but shouldn't be too hard.

AlexNguyen

the_Grinch wrote: »

Everyone is the person you want to speak with...

I always thought that "everyone" is a "group" in Active Directory, not a "person"...:)

blargoe

Everyone wrote: »

Maybe a demigod at best... I can talk to the PowerShell god(s), and I've met one of them in person, that's about it.

blargoe sort of has the right idea, but his example won't work... Get-User is only available with the Exchange snap-in loaded, and it doesn't return MemberOf. Even if it did, that example would only work if the user was only a member of 1 group, it wouldn't handle being a member of multiple groups.

Yes, thank you for the correction... I typed it wrong here even though I just used get-aduser just an hour earlier for something else. From my past life working with Exchange, I keep finding myself typing get-user errantly