Get-ADUser and Get-ADPrincipalGroupMembership combined

I'm trying to get a list of template user account and what their membership are exported to a csv file. I'm trying to combine the tables on them but having a hard time figuring it out. I spent the day racking my brain on this and figured I would reach out
for help. This gets all my template users.
Import-Module ActiveDirectory
$User = "*Template*"
$usernames = (Get-ADUser -Filter "DisplayName -like '*$User*'" -Properties * | format-table Displayname, SamAccountName)
$usernames
I can use this to get all the members of the groups, but since the groups repeat it doesnt break down where one user stops and the others begin. 
$groups = Get-ADUser -Filter "SamAccountName -like '*$Usr*'" -Properties DisplayName | foreach-object{Get-ADPrincipalGroupMembership -Identity $_.SamAccountName} | format-table name
I was thinking of joining the tables but that wasnt much help to me since I cant figure out what to join on. I also thought about looping through the first table with a foreach loop but it was assigning the whole table in the first pass and displaying nothing.
If anyone could help or suggest something, I would greatly appreciate.
Matt

Hi Matt,
Give this a shot:
Get-ADUser -Filter "DisplayName -like '*Template*'" -Properties MemberOf | ForEach {
$username = $_.SamAccountName
$_.MemberOf | ForEach {
$props = @{
Username = $username
GroupName = (Get-ADGroup $_).Name
New-Object PsObject -Property $props
} | Sort Username,GroupName |
Select Username,GroupName |
Export-Csv .\GroupMemberships.csv -NoTypeInformation
Don't retire TechNet! -
(Don't give up yet - 13,225+ strong and growing)

Similar Messages

  • GET OBJEC and GET PERNR

    I am new to ABAP-HR.......
    what is the difference between GET OBJEC and GET PERNR.
    Iam asked to write a program using logical databases .. which one should I use ...
    thanks,
    shekhar....

    Hi Nevali.
    I would like to suggest,
    OBJEC - Work Area for Database PCH
    PERNR - HR Master Data Reporting - PNP
    Differences,
    GET OBJEC - Reporting on Personnel Planning data
    GET PERNR - Reporting on HR master data.
    I would like to suggest a Reference,
    [SAP HELP - Standard Reference for HR Logical Databases|http://help.sap.com/saphelp_nw04/helpdata/en/c6/8a15381b80436ce10000009b38f8cf/content.htm]
    Hope that's usefull.
    Good Luck & Regards.
    Harsh Dave

  • Get latepernr  and get pernr

    Hi all,
    can u explain the get event functionality ?
    Can u tell me the difference between
    get pernr and get late pernr.
    when should i use these type of statements ?
    Regards
    charan

    Hi Ravi,
    GET PERNR event initiates the data extraction for a pernr.
    GTE PERNR LATE event is triggered after all the other events are triggered and right before the end-of-selection.
    PL take a look at the following <a href="http://help.sap.com/saphelp_47x200/helpdata/en/ac/764da4496f11d3967200a0c9306433/frameset.htm">SAP Help</a> where it is explained very clearly.
    Regards,
    Suresh Datti

  • GET RESPONSE and GET STATUS

    Hi all,
    I wish some information about use of get response and get status commands or where I can find answer to my questions.

    Hi, GET STATUS command description can be found in GlobalPlatform 2.1.1 specification and ISO/IEC 7816-4 standard.
    GET RESPONSE is described in ISO/IEC 7816-4 and 7816-3 standards.
    Best regards,
    Eve

  • Get-ADReplicationFailure and Get-ADReplicationUpToDatenessVectorTable

    Hi,
    Where does the Get-ADReplicationFailure and Get-ADReplicationUpToDatenessVectorTable cmdlets retrieve it`s data from?
    Lets start with Get-ADReplicationFailure: It shows 2 replication failures which is not current. Running the following in the same environment shows no errors:
    $dclist= get-addomaincontroller-filter *
    foreach($dc in$dclist) {
    repadmin /showrepl /csv | ConvertFrom-Csv
    Get-ADReplicationUpToDatenessVectorTable: This cmdlet returns a lot of Microsoft.ActiveDirectory.Management.ADReplicationUpToDatenessVectorTable objects. Many of them have old timestamps and
     no value for the Partner property:
    LastReplicationSuccess : 26.04.2010 21:01:02
    Partition              : DC=domain,DC=local
    PartitionGuid          : 7ddec540-31db-44d3-9ab5-d5adb479627e
    Partner                :
    PartnerInvocationId    : 0e2fbc85-8d50-4c30-ae65-27648a0888b9
    Server                 : dc01.domain.local
    UsnFilter              : 19853
    These are probably old domain controllers which is decomissioned years ago. Why does these show up? And where is the cmdlet getting this data from?
    The replication topology seems healthy using the legacy tools, but the new cmdlets isn`t giving the same impression.
    Some clarifications would be appreciated.

    Hi scripter42,
    The Get-ADReplicationFailure cmdlet returns all failures currently associated with a given domain controller or Active Directory Lightweight Directory Services (AD LDS) instance. The return object is of type ADReplicationFailure. This cmdlet returns the
    list of failures in the ADReplicationSummary object for a specific server.
    The ADReplicationUpToDatenessVectorTable displays the highest Update Sequence Number (USN) for the specified domain controller(s). This information shows how up-to-date a replica is with its replication partners.
    Regards,
    Lany Zhang

  • Demantra 7.3 ,Analytical Engine Is not getting up and getting terminated

    Hi,
    When i am trying to make my Demantra 7.3 - analytical engine up on linux server, is not getting up and getting terminated. Can any body help me in the same.
    For your information
    Mine Weblogic server is 32 bit and linux operating system is 64 Bit.
    Thanks in advance.
    Thanks,
    Ankur Dawra
    Edited by: Ankur Dawra on Aug 16, 2010 2:52 PM

    If that specific patch is causing a conflict with CU7 or Rules Engine Update Service, the best option would be to LOG a case with Microsoft and let them either fix it or provide a justification of why that specific Windows Patch is not a good idea (file
    an exemption in case of later with the customer/security team).
    Regards.

  • [Mac mini] Display getting dark and get back to normal, If there is an idle mode, where can I adjust it or turn if off?

    MAC MINI (Mid 2011)
    OSX Yosemite 10.10.2 / OSX Mavericks 10.9.5
    While I were using mac mini for a while, the external display (LG_22MP55) has been getting dark and getting back to normal.
    Did it enter into idle mode?
    Anywhere I can find, can't find the related options to turn it off or adjust it.
    Even adjusting "Never" for both "computer sleep" and "display sleep" can happen this annoying situation.
    Beside, I have tried to connect iphone5S to external display (LG_22MP55) and double check LD will not enter into idle mode itself.
    So, I guess this situation was happened by MAC mini.

    When I use find file http://www.macupdate.com/app/mac/30073/find-file (which does tend to find files that "Finder" can't), it's not coming up with any other itunes library files that have been modified in the past week, which I know it would have been - unfortunately, I don't have a very recent backup of the hard drive.  It would be a few months old so it wouldn't have the complete library on it....any ideas?  I'm wondering if restarting the computer might help but have been afraid to do so in case it would make it harder to recover anything...I was looking at this thread https://discussions.apple.com/thread/4211589?start=0&tstart=0 in the hopes that it might have a helpful suggestion but it's definitely a different scenario.

  • How do I use Get-ADUser to get just the Managers attribute? And then get rid of duplicates in my array/hash table?

    Hello,
          I am trying to just get the Managers of my users in Active Directory. I have gotten it down to the user and their manager, but I don't need the user. Here is my code so far:
    Get-ADUser-filter*-searchbase"OU=REDACTED,
    OU=Enterprise Users, DC=REDACTED, DC=REDACTED"-PropertiesManager|SelectName,@{N='Manager';E={(Get-ADUser$_.Manager).Name}}
    |export-csvc:\managers.csv-append 
    Also, I need to get rid of the duplicate values in my hash table. I tried playing around with -sort unique, but couldn't find a place it would work. Any help would be awesome.
    Thanks,
    Matt

    I would caution that, although it is not likely, managers can also be contact, group, or computer objects. If this is possible in your situation, use Get-ADObject in place of Get-ADUser inside the curly braces.
    Also, if you only want users that have a manager assigned, you can use -LDAPFilter "(manager=*)" in the first Get-ADUser.
    Finally, if you want all users that have been assigned the manager for at least one user, you can use:
    Get-ADUser
    -LDAPFilter "(directReports=*)" |
    Select @{N='Manager';E={ (Get-ADUser
    $_.sAMAccountName).Name }}
    -Unique | Sort Manager |
    Export-Csv .\managerList.csv -NoTypeInformation
    This works because when you assign the manager attribute of a user, this assigns the user to the directReports attribute of the manager. The directReports atttribute is multi-valued (an array in essence).
    Again, if managers can be groups or some other class of object (not likely), then use Get-ADObect throughout and identify by distinguishedName instead of sAMAccountName (since contacts don't have sAMAccountName).
    Richard Mueller - MVP Directory Services

  • Get-ADuser and formatting results

    What Im looking to do is to output all of my AD Users, including all of their properties, and then output that to a tabular format. The issue I am having is that some of the fields, like MemberOf, dont come through. My script looks like the following:
    Get-ADuser -Filter * -Properties * | Export-CSV C:\Temp\MyFile.csv
    This is almost what I want, but I just need for all of the properties to be expanded. Some end in "..." meaning there is more to be shown, and others such as "MemberOf" show "Microsoft.ActiveDirectory.Management.ADPropertyValueCollection" instead of showing
    the actual groups.
    Thanks in advance for any help!
    Jarrod Sturdivant [email protected]

    I had the same question and the "Exchange Proxy Address (alias) Report" Blog entry helped me a lot in this case.
    Here is my adaption
    $multipcgroups = @()
     $Pclist = import-csv mypclist.csv | foreach {get-adcomputer -identity $_.name -Properties * | select name, memberof}
     foreach ($pc in $pclist) {
     [array]$pcgroups = $pc.memberof
    $ErrorActionPreference = 'SilentlyContinue'
     $pcadgroup = New-Object PSObject -Property @{
    Name = $pc.name
     pcadgroup0 = $pcgroups[0] -replace "OU=SW,OU=Groupx,OU=foo,DC=company,DC=de" -replace "OU=Filter,OU=Technical Roles,DC=company,DC=de"
    pcadgroup1 = $pcgroups[1] -replace "OU=SW,OU=Groupx,OU=foo,DC=company,DC=de" -replace "OU=Filter,OU=Technical Roles,DC=company,DC=de"
    pcadgroup2 = $pcgroups[2] -replace "OU=SW,OU=Groupx,OU=foo,DC=company,DC=de" -replace "OU=Filter,OU=Technical Roles,DC=company,DC=de"
    $ErrorActionPreference = 'Continue'
     $pcadgroupCount = ($pcgroups).count
     if ($pcadgroupCount -gt 0) {
    $multipcgroups += $pcadgroup
     $multipcgroups | select name, pcadgroup0,pcadgroup1,pcadgroup2 | Export-CSV pcadgroups.csv -notype
    regards
    Andreas

  • Use Get-ADUser to get locked status and if locke give a choice to unlock it.

    Hi guys and girls,
    Im startling to learn powershell scripting and have made my first tool/Script.
    Below script is the one i use, however i do have an problem i would like some help with.
    I use the script to display some basic info and also to show if the user is lockedout or not.
    However i do would like to have the choice to unlock the user in the script as well, therefore im using the if statement.
    But dont get it to return the value i want. What i want it to do is to check if the account is locked if so ask if it should unlock it. Any help or input is appreciated.
    /Json
    $userinput = Read-Host "Enter Username Here"
    Get-ADUser -Identity $userinput -Properties * | Select-Object DisplayName, city, department, EmailAddress, HomeDirectory, MobilePhone, OfficePhone, Manager, PasswordExpired, PasswordLastSet, LockedOut
      If(((Get-ADUser -Identity $userinput -Properties lockedout).lockedout = $true))

    Hi there, I've not tested this properly but it should do the trick.
    add-type -AssemblyName System.DirectoryServices.AccountManagement
    $userinput = Read-Host "Enter Username Here"
    $res = Get-ADUser -Identity $userinput -Properties DisplayName, city, department, EmailAddress, HomeDirectory, MobilePhone, OfficePhone, Manager, PasswordExpired, PasswordLastSet, LockedOut | Select-Object DisplayName, city, department, EmailAddress, HomeDirectory,
    MobilePhone, OfficePhone, Manager, PasswordExpired, PasswordLastSet, LockedOut
    if ($res.lockedout -eq $true){
    $unlock = Read-host "Unlock? Y/N"
    if ($unlock -eq "Y")
    $context = [System.DirectoryServices.AccountManagement.ContextType]::Domain
    [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($context,$userinput).UnlockAccount()

  • How do I run Get-ADUser and filter out two separate OUs

    Ha! I was assuming that Where-Object wouldn't do me any better. Well, I guess I made an ass out of me. ;)
    Your first script is what I will use. We have some user accounts in other OUs that are disabled for other reasons.
    It's little quirks like this that keep me from using Powershell more often.
    Thanks Matt!

    Hi again all!I am trying to write a script that will search for AD users that have the "Password Never Expires" box checked, but not if they are in one of two OUs. These OUs are not parent/child, they are separate.If I run this, I get about 30 results:
    Powershellget-aduser -filter { PasswordNeverExpires -eq $true }Some of the results are in the "Disabled Accounts" OU, some are in the "Contractors" OU, and the rest are in neither.
    If I run either of these, I get zero results:
    Powershellget-aduser -filter { PasswordNeverExpires -eq $true -and DistinguishedName -notlike "*Disabled*"}get-aduser -filter { PasswordNeverExpires -eq $true -and ( DistinguishedName -notlike "*Disabled*" -and DistinguishedName -notlike "*Contractors*")}I know for a fact that I have users that are not in either of these two OUs that have that box checked because I...
    This topic first appeared in the Spiceworks Community

  • Get-AdUser and a other domain

    I'm having problems running a script to search all accounts on a Domain.
    I want to be able to switch domain choices
    Current script is:
    Import-Module activedirectory
    Get-ADUser -Filter * -Properties * |
    Select-Object Name,LastLogonDate | export-csv C:\users.csv -notypeinformation
    I've tried the following to no avail - still outputs my domain not the selected:
    import-module activedirectory
    $data =@()
    $domains = "another.domain.com"
    foreach($domain in $domains)
     $data += Get-ADUser -Filter * -Properties * | Select-Object Name,LastLogonDate
    $data | export-csv C:\users.csv -notypeinformation
    Any ideas?

    Hi ESXi,
    I’m writing to just check in to see
    if the suggestions were helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up.
    If you have
    any feedback on our support, please click here.
    Best Regards,
    Anna Wang
    TechNet Community Support

  • Pipeline get-mailbox and get-mailboxstatistics

    Dears,
    I am finding great difficulty in having output what seems to be a quite simple...
    I just need to output all user's mailbox prohibitsendquota and the totalitemsize and I am running the below command but it is giving me null values in totalitemsize,
    Get-Mailbox -ResultSize Unlimited  | Select-Object DisplayName, ProhibitSendQuota, @{label="TotalItemSize";expression={(Get-MailboxStatistics $_name).TotalItemSize}}
    However, when I make get-mailbox -identity
    [email protected] it gives me the correct output...I need to run it for everyone.
    MCP,MCTS(Vista),MCSA(Messaging)

    .. i noticed that too, but chaning $_name to $_.name  still doesnt work - it gives me totalitemsize only on the last subject
    However, i have a script i use (not one-liner though) - giving me way more information
    $mailboxes = get-mailbox -database $(read-host "enter database") |select -first 10 | select name,alias,database
    $Mycol = @()
    foreach ($mbx in $mailboxes)
    $mbxstat = get-mailboxstatistics $mbx.name |select lastlogontime,lastloggedonuseraccount,totalitemsize,itemcount
    $user = get-aduser $mbx.name -properties enabled,lastlogondate
    $MyObject = New-Object PSObject -Property @{
    mbxName = $mbx.name
    mbxAlias = $mbx.alias
    mbxDatabase = $mbx.database
    ADuser = $user.enabled
    ADuserLogon = $user.lastlogondate
    mbxLastlogon = $mbxstat.lastlogontime
    mbxLastAccount = $mbxstat.lastloggedonuseraccount
    mbxItemSize = $mbxstat.totalitemsize
    mbxCount = $mbxstat.itemcount
    $Mycol += $MyObject
    $Mycol |select mbxname,mbxalias,mbxdatabase,aduser,aduserlogon,mbxlastlogon,mbxlastaccount,mbxitemsize,mbxcount #|export-csv report.csv -Delimiter ";"
    just delete rows u dont need

  • Syntax for Get-ADUser to get only these items "DistinguishedName" "SamAccountName" "Title"

    Is there a way to pull these three parts in PowerShell???

     you always get the default set of properties, whether you ask for them or not. [...] always get all the default properties.
    Richard Mueller - MVP Directory Services
    It is true that the default set of properties is retrieved, but with a few more lines the OP can get what he is looking for. I had the same problem and overcame it by defining the output I wanted to display.  The following code did what I think he is
    asking for my test user; though my test user had no title.  
    $reportObject = @()
    $userList = Get-ADUser USERNAME -Properties DistinguishedName,SamAccountName,Title
    $userList | %{
    $output = "" | Select DistinguishedName,SamAccountName,Title
    $output.sAMAccountName = $_.sAMAccountName
    $output.DistinguishedName = $_.DistinguishedName
    $output.Title = $_.Title
    $reportObject += $output
    $output | fl *
    $reportObject | Convertto-CSV -NoTypeInformation | Out-File C:\Output.txt
    you can pull any -property that is a "Attr LDAP Name" (List: http://www.kouti.com/tables/userattributes.htm)
    you may also find the -filter flag useful if you have to get more than one user.

  • GET PAYROLL  And GET PERNR  Events .. Query

    Hi All
    I have used  Get Payroll  Event to fetch data from Database for Payroll Reporting.
    It work fine for me till now..
    But i am  not sure  that ,it can be used indiviusally  without GET PERNR Event.
    And wht are the other conditions to be usedd in Get Payroll Event...
    Regards
    Lakhan

    Pernr Is the personnel numbers
    for a particular Country
    Country you can use MOLGA
    GET PERNR
    GETPAYROLL
    You can loop and get the resuults for the Employee for that particulat Country
    Ok
    Take Care

Maybe you are looking for

  • IPod touch 5th gen. Home button stuck and power button not working! Please help!

    I have an iPod 5th Generation and the home button is jammed down! It felt sticky earlier but now it's stuck down. I used it when the home button wasn't working and had to use my notifications to change from app to app (as I didn't know about assistiv

  • FontBook will not load or open some fonts

    We have quite a few font files that FontBook simply will not recognise as fonts. When we double-click the font file FontBook launches, but the font's preview window never appears. If we drag the font into FontBook's list it never gets added. If we us

  • Users and Tablespaces

    Specs: OS: Win 2003 Sp1 Oracle 9i - rel2 (9.2.0.5.0) I had something like 200 users and dedicated tablespaces associated to them. Eventually, I ran into a usual very natural and obvious problem of -running low on disk space. So I took a task to free

  • Copying SQL Server Agent - Jobs in SSMS - 2012

    Hi, I am using SQL 2012 version. when i try to copy the existing sql agent job (job "X") (using, Script Job As--> Create To--> New query window) and paste it into different database it is giving me some errors as below. (this method is working fine w

  • When install db 10.2.0.1, report many undefined reference error.

    Hi, I try install the db 10.2.0.1 under fc4 linux. I select to install software only, but report error: Error invoking target 'relink' of makefile '/usr/local/oracle/db10g/precomp/lib/ins_precomp.mk' ... I check the install/make.log, there are many "