Greetings! 👀 After a comment on my initial post asking for user email addresses in the output, I ended up getting a bit confused for 4 hours while trying to achieve the goal (it was a Friday night so several beers were involved) 🍻 !!
When I started seeing the dreaded pages of red errors in my results I soon realised I was not thinking that objects other than users can be members of a group. Of course! So I need to cater for computers, nested groups and users with no email address.
The result is below and from initial testing it seems to work well. Key points:
- As with the original script, the CSV will output AD groups and members.
- Where a group has no members, the group name is output with ‘No Members’ in the members column (and also now in the EmailAddress column).
- The CSV has an ‘EmailAddress’ column added:
- Where the member is a user and has an email address, the address is displayed.
- Where the member is a user and does not have an address, ‘No Email Address’ is displayed.
- Where the member is a computer, ‘Computer Object’ is displayed.
- Where the member is a group, ‘Nested Group’ is displayed.
Voilà mes amis ! Code is below – as usual please comment if it helped or you made it better or it didn’t work for you ✌😃🤞. Thanks for coming, until nek tiya !
Also check out the Azure AD script: export-azure-ad-groups-and-members-to-csv
# export active directory groups and members to csv (also output empty groups with 'No Members' value)
# assumes run on 2012 R2 or newer domain controller or import of ActiveDirectory module
# 2022-04-02 - added logic to output email address column, catering for other object types that do not have addresses.
$allgroups = Get-ADGroup -Filter *
$result = foreach ( $group in $allgroups ) {
$hash = @{GroupName=$group.SamAccountName;Member='';EmailAddress=''}
$groupid = $group.DistinguishedName
if ( $members = Get-ADGroupMember $groupid ) {
foreach ( $member in $members ) {
if ( $member.objectClass -eq 'user' ) {
$memberemail = (Get-ADUser -Properties mail $member.distinguishedName).mail
if ( $memberemail -ne $null ) {
$hash.Member = $member.Name
$hash.EmailAddress = $memberemail
New-Object psObject -Property $hash
}
else {
$memberemail = "No Email Address"
$hash.Member = $member.Name
$hash.EmailAddress = $memberemail
New-Object psObject -Property $hash
}
}
else {
if ( $member.objectClass -eq 'group' ) {
$memberemail = "Nested Group"
$hash.Member = $member.Name
$hash.EmailAddress = $memberemail
New-Object psObject -Property $hash
}
if ( $member.objectClass -eq 'computer' ) {
$memberemail = "Computer Object"
$hash.Member = $member.Name
$hash.EmailAddress = $memberemail
New-Object psObject -Property $hash
}
}
}
}
else {
$emailaddress = "No Members"
$displayname = "No Members"
$hash.Member = $displayname
$hash.EmailAddress = $emailaddress
New-Object psObject -Property $hash
}
}
$result | Export-Csv -Path C:\temp\ActiveDirectoryGroupsAndMembers.csv -NoTypeInformation
# End
Whether this scripts includes nested Groups
Hi Rajesh, as in the notes at the top, it will note in the output that the member of a group is a ‘nested group’. Since a nested group is also ‘a group’ on its own, it and its members will also be in the output. You could use Excel to filter on members that equal ‘nested group’ to get a list of nested groups, and which groups they are members of.
Where the member is a user and has an email address, the address is displayed.
Where the member is a user and does not have an address, ‘No Email Address’ is displayed.
Where the member is a computer, ‘Computer Object’ is displayed.
Where the member is a group, ‘Nested Group’ is displayed.
Hope that helps, cheers =)
Amazing work, this is nearly what I need to do in Azure, and has given me lots of ideas. Thank you very much, consider this as your ‘random act of kindness’ for the day 🙂
Cheers SCCM-Simon! If it helps you I am harikoa =)
PS – is this your blog? https://sccmsimon.home.blog