Announcement

Collapse
No announcement yet.

The memberOf attribute returns DN names, I want simple group names

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • The memberOf attribute returns DN names, I want simple group names

    Hi guys was wondering if there a simple way to format my result of a command i ran. see below
    GET-ADUSER -Identity NAME -Properties MemberOf | Select-Object MemberOf

    the result i get is the full DN of the groups but what i want is the results just to show the simple name and not the full DN. Can you assist and recommend a good starter book for learning powershell?

    Thanks

  • #2
    Re: Newbie Powershell help

    Not sure if this gives you the output you're looking for...
    But try this:

    GET-ADUSER -Identity NAME -Properties MemberOf | Select-Object -ExpandProperty MemberOf
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Newbie Powershell help

      The memberof property of the user objec contains the DN of each secundairy group the user is a member of.
      You can additionally get the NAME of the group by using the DN string to connect to the group object and get the name property.

      Code:
      GET-ADUser -Identity USRNAME –Properties MemberOf | Select-Object -ExpandProperty MemberOf | Get-ADGroup -Properties name | Select-Object name
      /Rems
      Last edited by Rems; 2nd February 2013, 15:36.

      This posting is provided "AS IS" with no warranties, and confers no rights.

      __________________

      ** Remember to give credit where credit's due **
      and leave Reputation Points for meaningful posts

      Comment


      • #4
        Re: The memberOf attribute returns DN names, I want simple group names

        thanks guys. This is exactly what i was looking for.

        Comment


        • #5
          Re: The memberOf attribute returns DN names, I want simple group names

          sorry one more thing. How about the results showing only the Security groups and not both?

          Thanks

          Comment


          • #6
            Re: The memberOf attribute returns DN names, I want simple group names

            I believe that is something like this:
            Code:
            Get-ADGroup -filter { GroupCategory -eq "Security" }
            You might also be interested in:
            http://blogs.msdn.com/b/adpowershell...ed-filter.aspx
            http://blogs.msdn.com/b/adpowershell...r-part-ii.aspx
            http://blogs.msdn.com/b/adpowershell/
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: The memberOf attribute returns DN names, I want simple group names

              i did add that after but i got this error:
              Get-ADGroup : The input object cannot be bound to any parameters for the comman
              d either because the command does not take pipeline input or the input and its
              properties do not match any of the parameters that take pipeline input.
              At line:1 char:133

              Comment


              • #8
                Re: The memberOf attribute returns DN names, I want simple group names

                Code:
                GET-ADUser -Identity usrname –Properties MemberOf | Select-Object -ExpandProperty MemberOf | Get-ADGroup -Properties name | where { $_.GroupCategory -eq "Security" } | sort | Select-Object name,GroupCategory
                /Rems
                Last edited by Rems; 5th February 2013, 21:44.

                This posting is provided "AS IS" with no warranties, and confers no rights.

                __________________

                ** Remember to give credit where credit's due **
                and leave Reputation Points for meaningful posts

                Comment


                • #9
                  Re: The memberOf attribute returns DN names, I want simple group names

                  exactly what i wanted. Thanks

                  Comment


                  • #10
                    hello everyone..good post.
                    The memberOf attribute returns DN names, I want simple group names for below script:
                    Import-Module ActiveDirectory
                    $search='dc=xyz,dc=abc'
                    [email protected](
                    'Name',
                    'sAMAccountName',
                    'Description',
                    'Enabled',
                    'created',
                    'modified',
                    @{name="MemberOf";expression={$_.memberof -join ";"}},
                    'LastLogonDate',
                    'LockedOut',

                    )

                    Get-ADUser -filter * -Properties * -SearchBase $search| select $props | export-Csv C:\new.csv

                    can anyone please assist me.
                    Thanks

                    Comment


                    • #11
                      So scroll up to Post #8 above and see if the solution Rems gives helps you
                      Tom Jones
                      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                      PhD, MSc, FIAP, MIITT
                      IT Trainer / Consultant
                      Ossian Ltd
                      Scotland

                      ** Remember to give credit where credit is due and leave reputation points where appropriate **

                      Comment


                      • #12
                        Originally posted by atulram View Post
                        hello everyone..good post.
                        The memberOf attribute returns DN names, I want simple group names for below script:

                        [script...]

                        can anyone please assist me.
                        Thanks
                        Code:
                        Import-Module ActiveDirectory
                        
                        $search='dc=xyz,dc=abc'
                        
                        [email protected](
                           'Name',
                           'sAMAccountName',
                           'Description',
                           'Enabled',
                           'created',
                           'modified',
                           @{n="MemberOf";e={($_.memberof | %{(Get-ADGroup $_).sAMAccountName}) -join ";"}},
                           'LastLogonDate',
                           'LockedOut'
                        )
                        
                        Get-ADUser -filter * -Properties * -SearchBase $search | select $props | export-Csv "C:\new.csv" -notypeinfo -encoding "UTF8"
                        Last edited by Rems; 28th October 2015, 00:48.

                        This posting is provided "AS IS" with no warranties, and confers no rights.

                        __________________

                        ** Remember to give credit where credit's due **
                        and leave Reputation Points for meaningful posts

                        Comment


                        • #13
                          Rems the code is perfect! thanks a lot

                          Comment


                          • #14
                            Rems can we also arrange memberOf column value so there is one row per user/group combination?

                            Comment


                            • #15
                              Originally posted by atulram View Post
                              @Rems can we also arrange memberOf column value so there is one row per user/group combination?
                              That is possible. See the Explanation here, http://blogs.technet.com/b/evand/arc...-together.aspx

                              For your question, these are the three steps...
                              1. Get-ADUsers load the desired attributes of each into a Hash Table. Create an Array of the collection of the groups of all these users. Remove duplicate groups from the array.
                              2. Get-ADGroupMember of each of the groups in the Array, filter the users from $search. Next, using the userobject's distinguishedName to link the member with the user from Hash Table.
                              3. Export UserDetails to CSV file.
                              If you have specific intrested in Security groups (User access rights and permissions) then you likely also intrested in groups the user is indirectly memberof. If that is the case then replace the line:
                              $Groups += $_.MemberOf | Get-ADGroup | %{$_.sAMAccountName}
                              With:
                              $Groups += Get-ADPrincipalGroupMembership $_.distinguishedName | %{$_.sAMAccountName}
                              Attached Files
                              Last edited by Rems; 7th November 2015, 20:41.

                              This posting is provided "AS IS" with no warranties, and confers no rights.

                              __________________

                              ** Remember to give credit where credit's due **
                              and leave Reputation Points for meaningful posts

                              Comment

                              Working...
                              X