Script to Output ADUser, Group, and Enabled to CSV

Hi all!

I'm trying to put together a script that grabs all enabled users from AD and the respective groups of which they are a member. Finally, I would like to have the output go to a CSV.

I found this script which appears to do what I am looking for, but the output is non-existent; the file is blank. I guess the good thing is there are no errors.

$DateTime = Get-Date -f "yyyy-MM"

Get-ADGroup -filter "enabled -eq 'true'"| Foreach-Object{
$Grp = $_ | Select Name, GroupCategory, Groupscope
$users = Get-ADGroupMember $_ |get-aduser -filter "enabled -eq 'true'" |select Name

New-Object -TypeName PSObject -Property @{
member = $Users.Name
GroupName = $grp.name
Groupscope = $grp.GroupScope
GRPCategory = $grp.GroupCategory
}


} |select Member,Groupname,Groupscope,Grpcategory| Export-Csv "C:\Scripts\Output\AD_Groups_and_Users $DateTime.csv" -NoTypeInformation

Can someone please help me?

  • Step through the script one step at a time to make sure you are getting what you'd expect.

    There are no results due to how this is put together.

    For example this...

        Get-ADGroup -filter "enabled -eq 'true'"

    ... by itself returns nothing, because there is no 'enabled' property / value in the results.

    Even when you use the extended properties parameter, there is no enabled property / value.

        Get-ADGroup -filter * -Properties * | Select -First 1

    So, break your sample in to pieces and make sure results are returning. It's also vital that you don't run someone's else's code unless you are sure you know what it does. I mean get-* is fine as long as you are not sending it elsewhere. Yet, the more destructive, Set, Create, New, etc... would not be prudent to use, without testing in a isolated test environment. YOu can use the MS TechNet Virtual labs for that sort of thing.

    This appears to indicate you are new to PowerShell. If that is true, it would be prudent for you to hit up some of the very good no-cost training to lay the groundwork for you PoSH futures. Take a look at the PowerShell course on Microsoft Virtual Academy and YouTube. Just search for Beginning powershell.

    There are far more samples like this available from Microsoft via the MS powershellgallery.com and the MS scripting guys script repository.

    Lastly, when it comes to ADDS and PoSH, there is no real reason to use code found on the web first when MS Windows Server 2008R2 and higher provides you a tool that will write the PoSH code for you - it's call ADAC. Then you can copy and paste in to an editor (PowerShell_ISE  or download and use Visual Studio Code) to tweak it for more use cases.

    See:

    Step-By-Step: Utilizing PowerShell History Viewer in Windows Server 2012 R2
    'blogs.technet.microsoft.com/canitpro/2015/03/04/step-by-step-utilizing-powershell-history-viewer-in-windows-server-2012-r2'

    Learning PowerShell with Active Directory Administrative Center (PowerShell History Viewer)
    'sid-500.com/2017/10/10/learning-powershell-with-active-directory-administrative-center-powershell-history-viewer'

  • You will probably want to change the output at the bottom, this creates individual CSV files for each account (all accounts, not just users), containing their AD groups. Great for small AD environments or if you change $GrabEnabled to something like "Read-Host "Account Name" (which is how I wrote the script originally). You might be able to use something like add-content to get it all in one file - but I'm relatively new to powershell in my opinion, so there may be better ways.

    #Variable that grabs all enabled accounts
    $GrabEnabled = get-aduser -filter 'enabled -eq $true'
    #For each user that was grabbed
    foreach ($user in $GrabEnabled){
    #Get their groups (except Domain Users)
    $ADgroups = Get-ADPrincipalGroupMembership -Identity $user | where {$_.Name -ne "Domain Users"}
    #Filter the groups to the group names only
    $ADOut = $ADgroups | select name
    #Output group memberships to file, with their username as the name of the file
    $ADOut | export-csv $("c:\scripts\output\" + $user.SamAccountName + ".csv")
    }