Options
Active Directory - List Groups and Members
Good Morning,
I found this site while googling how to list groups and their members in AD. I originally found this thread - http://www.techexams.net/forums/off-topic/39040-list-users-groups-ad.html But it didn't seem to work, so I wanted to frame my situation and what I'm trying to do.
I'm trying to automate my user creation for the company I work for. So far I have everything working well except for the MemberOf tab. Basically in a perfect world I would love to have a command that would say please copy the groups from USER1 to NEWUSER's MemberOf tab.
I haven't been able to find a command that will do that (if there is one let me know
) So I thought I could export a list of all groups and their members. That way I could filter by username and get all of the groups they are a part of to add them through a script.
Basically for the output I would just want a CSV that would look something like this:
Group1
User1
Group1
User2
Group1
User3
Group1
User4
Group2
User2
Group2
User4
Group3
User1
Group3
User4
Now I will preface this with....I'm REALLY new to this, so I apologize if this seems like a ridiculous question. And I appreciate any direction you can point me in.
~Michael
I found this site while googling how to list groups and their members in AD. I originally found this thread - http://www.techexams.net/forums/off-topic/39040-list-users-groups-ad.html But it didn't seem to work, so I wanted to frame my situation and what I'm trying to do.
I'm trying to automate my user creation for the company I work for. So far I have everything working well except for the MemberOf tab. Basically in a perfect world I would love to have a command that would say please copy the groups from USER1 to NEWUSER's MemberOf tab.
I haven't been able to find a command that will do that (if there is one let me know
) So I thought I could export a list of all groups and their members. That way I could filter by username and get all of the groups they are a part of to add them through a script.Basically for the output I would just want a CSV that would look something like this:
Group1
User1
Group1
User2
Group1
User3
Group1
User4
Group2
User2
Group2
User4
Group3
User1
Group3
User4
Now I will preface this with....I'm REALLY new to this, so I apologize if this seems like a ridiculous question.
And I appreciate any direction you can point me in. ~Michael
Comments
-
Options
meadIT
Member Posts: 581 ■■■■□□□□□□
There's a powershell command called Add-ADGroupMember that will allow you to script adding users to a group. Give that a google.CERTS: VCDX #110 / VCAP-DCA #500 (v5 & 4) / VCAP-DCD #10(v5 & 4) / VCP 5 & 4 / EMCISA / MCSE 2003 / MCTS: Vista / CCNA / CCENT / Security+ / Network+ / Project+ / CIW Database Design Specialist, Professional, Associate -
Options
blargoe
Member Posts: 4,174 ■■■■■■■■■□
Something like this
$SourceUser = get-user "user1" - property MemberOf
$NewUser = get-user "user2"
$SourceUserGroups = $SourceUser.MemberOf
$SourceUserGroups | add-adgroupmember -members $NewUserIT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
Options
the_Grinch
Member Posts: 4,165 ■■■■■■■■■■
Everyone is the person you want to speak with, he is a Powershell god!WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
Options
Everyone
Member Posts: 1,661
Maybe a demigod at best... I can talk to the PowerShell god(s), and I've met one of them in person, that's about it.
blargoe sort of has the right idea, but his example won't work... Get-User is only available with the Exchange snap-in loaded, and it doesn't return MemberOf. Even if it did, that example would only work if the user was only a member of 1 group, it wouldn't handle being a member of multiple groups.
To get group membership from a specified user, you need the AD Snap-in loaded (2008 R2, for 2003, you'll need to use the 3rd party Quest AD Tools and the appropriate cmdlets that come with them).
The command is:
(Get-ADUser -Identity username -Properties MemberOf | Select MemberOf).MemberOf
Add-ADGroupMember is the correct command to add a user to a group.
You'll have to use Import-CSV to work with your CSV file.
You'll need to set some variables, and work with a couple ForEach statements in your script, but shouldn't be too hard. -
Options
AlexNguyen
Member Posts: 358 ■■■■□□□□□□
the_Grinch wrote: »Everyone is the person you want to speak with...
I always thought that "everyone" is a "group" in Active Directory, not a "person"...:)Knowledge has no value if it is not shared.
Knowledge can cure ignorance, but intelligence cannot cure stupidity. -
Optionsblargoe
Member Posts: 4,174 ■■■■■■■■■□
Maybe a demigod at best... I can talk to the PowerShell god(s), and I've met one of them in person, that's about it.
blargoe sort of has the right idea, but his example won't work... Get-User is only available with the Exchange snap-in loaded, and it doesn't return MemberOf. Even if it did, that example would only work if the user was only a member of 1 group, it wouldn't handle being a member of multiple groups.
Yes, thank you for the correction... I typed it wrong here even though I just used get-aduser just an hour earlier for something else. From my past life working with Exchange, I keep finding myself typing get-user errantly IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
