The memberOf attribute returns DN names, I want simple group names

Home Forums Scripting PowerShell The memberOf attribute returns DN names, I want simple group names

This topic contains 17 replies, has 6 voices, and was last updated by Avatar sherifdd 1 year, 3 months ago.

Viewing 18 posts - 1 through 18 (of 18 total)
  • Author
    Posts
  • Avatar
    joeyg2391
    Member
    #160821

    Hi guys was wondering if there a simple way to format my result of a command i ran. see below
    GET-ADUSER -Identity NAME -Properties MemberOf | Select-Object MemberOf

    the result i get is the full DN of the groups but what i want is the results just to show the simple name and not the full DN. Can you assist and recommend a good starter book for learning powershell?

    Thanks

    Avatar
    Dumber
    Participant
    #202048

    Re: Newbie Powershell help

    Not sure if this gives you the output you’re looking for…
    But try this:

    GET-ADUSER -Identity NAME -Properties MemberOf | Select-Object -ExpandProperty MemberOf

    Avatar
    Rems
    Moderator
    #228264

    Re: Newbie Powershell help

    The memberof property of the user objec contains the DN of each secundairy group the user is a member of.
    You can additionally get the NAME of the group by using the DN string to connect to the group object and get the name property.

    GET-ADUser -Identity [I][COLOR=”DarkSlateBlue”]USRNAME[/COLOR][/I] –Properties MemberOf | Select-Object -ExpandProperty MemberOf | Get-ADGroup -Properties name | Select-Object name[/CODE]

    /Rems[CODE]GET-ADUser -Identity USRNAME –Properties MemberOf | Select-Object -ExpandProperty MemberOf | Get-ADGroup -Properties name | Select-Object name[/CODE]

    /Rems

    Avatar
    joeyg2391
    Member
    #346770

    Re: The memberOf attribute returns DN names, I want simple group names

    thanks guys. This is exactly what i was looking for.

    Avatar
    joeyg2391
    Member
    #346771

    Re: The memberOf attribute returns DN names, I want simple group names

    sorry one more thing. How about the results showing only the Security groups and not both?

    Thanks

    Avatar
    Dumber
    Participant
    #202053

    Re: The memberOf attribute returns DN names, I want simple group names

    I believe that is something like this:

    Code:
    Get-ADGroup -filter { GroupCategory -eq “Security” }

    You might also be interested in:
    http://blogs.msdn.com/b/adpowershell/archive/2009/04/03/active-directory-powershell-advanced-filter.aspx
    http://blogs.msdn.com/b/adpowershell/archive/2009/04/14/active-directory-powershell-advanced-filter-part-ii.aspx
    http://blogs.msdn.com/b/adpowershell/

    Avatar
    joeyg2391
    Member
    #346772

    Re: The memberOf attribute returns DN names, I want simple group names

    i did add that after but i got this error:
    Get-ADGroup : The input object cannot be bound to any parameters for the comman
    d either because the command does not take pipeline input or the input and its
    properties do not match any of the parameters that take pipeline input.
    At line:1 char:133

    Avatar
    Rems
    Moderator
    #228266

    Re: The memberOf attribute returns DN names, I want simple group names

    GET-ADUser -Identity [I][COLOR=”Navy”]usrname[/COLOR][/I] –Properties MemberOf | Select-Object -ExpandProperty MemberOf | Get-ADGroup -Properties name | where { $_.GroupCategory -eq “Security” } | sort | Select-Object name,GroupCategory
    [/CODE]

    /Rems[CODE]
    GET-ADUser -Identity usrname –Properties MemberOf | Select-Object -ExpandProperty MemberOf | Get-ADGroup -Properties name | where { $_.GroupCategory -eq “Security” } | sort | Select-Object name,GroupCategory
    [/CODE]

    /Rems

    Avatar
    joeyg2391
    Member
    #346773

    Re: The memberOf attribute returns DN names, I want simple group names

    exactly what i wanted. Thanks

    Avatar
    mariobraga82
    Member
    #391221

    hello everyone..good post.
    The memberOf attribute returns DN names, I want simple group names for below script:
    Import-Module ActiveDirectory
    $search=’dc=xyz,dc=abc’
    [email protected](
    ‘Name’,
    ‘sAMAccountName’,
    ‘Description’,
    ‘Enabled’,
    ‘created’,
    ‘modified’,
    @{name=”MemberOf”;expression={$_.memberof -join “;”}},
    ‘LastLogonDate’,
    ‘LockedOut’,

    )

    Get-ADUser -filter * -Properties * -SearchBase $search| select $props | export-Csv C:new.csv

    can anyone please assist me.
    Thanks

    Avatar
    Ossian
    Moderator
    #191007

    So scroll up to Post #8 above and see if the solution Rems :bowdown: gives helps you

    Avatar
    Rems
    Moderator
    #228466

    atulram;n494068 wrote:
    hello everyone..good post.
    The memberOf attribute returns DN names, I want simple group names for below script:

    [noparse][script…][/noparse]

    can anyone please assist me.
    Thanks

    Import-Module ActiveDirectory

    $search=’dc=xyz,dc=abc’

    [email protected](
    ‘Name’,
    ‘sAMAccountName’,
    ‘Description’,
    ‘Enabled’,
    ‘created’,
    ‘modified’,
    @{n=”MemberOf”;e={($_.memberof | %{(Get-ADGroup $_).sAMAccountName}) -join “;”}},
    ‘LastLogonDate’,
    ‘LockedOut’
    )

    Get-ADUser -filter * -Properties * -SearchBase $search | select $props | export-Csv “C:new.csv” -notypeinfo -encoding “UTF8”

    [/Code][Code]
    Import-Module ActiveDirectory

    $search=’dc=xyz,dc=abc’

    [email protected](
    ‘Name’,
    ‘sAMAccountName’,
    ‘Description’,
    ‘Enabled’,
    ‘created’,
    ‘modified’,
    @{n=”MemberOf”;e={($_.memberof | %{(Get-ADGroup $_).sAMAccountName}) -join “;”}},
    ‘LastLogonDate’,
    ‘LockedOut’
    )

    Get-ADUser -filter * -Properties * -SearchBase $search | select $props | export-Csv “C:new.csv” -notypeinfo -encoding “UTF8”

    [/Code]

    Avatar
    mariobraga82
    Member
    #391222

    [USER=”2530″]Rems[/USER] the code is perfect! thanks a lot :)

    Avatar
    mariobraga82
    Member
    #391223

    [USER=”2530″]Rems[/USER] can we also arrange [FONT=&quot]memberOf column value so there is one row per user/group combination? [/FONT]

    Avatar
    Rems
    Moderator
    #228467
    atulram;n494088 wrote:
    [noparse]@Rems[/noparse] can we also arrange [FONT=&quot]memberOf column value[/FONT] so there is one row per user/group combination?

    That is possible. See the Explanation here, http://blogs.technet.com/b/evand/arc…-together.aspx

    For your question, these are the three steps…

    1. Get-ADUsers load the desired attributes of each into a Hash Table. Create an Array of the collection of the groups of all these users. Remove duplicate groups from the array.
    2. Get-ADGroupMember of each of the groups in the Array, filter the users from $search. Next, using the userobject’s distinguishedName to link the member with the user from Hash Table.
    3. Export UserDetails to CSV file.
    Code:
    [URL=”https://www.petri.com/forums/filedata/fetch?id=494262&d=1446925196″]63668-powershell, include password attributes.txt[/URL]

    If you have specific intrested in Security groups (User access rights and permissions) then you likely also intrested in groups the user is indirectly memberof. If that is the case then replace the line:
    $Groups += $_.MemberOf | Get-ADGroup | %{$_.sAMAccountName}
    With:
    $Groups += Get-ADPrincipalGroupMembership $_.distinguishedName | %{$_.sAMAccountName}

    Avatar
    mariobraga82
    Member
    #391225

    [USER=”2530″]Rems[/USER] thanks a lot! code 63668-powershell, include password attributes.txt works perfect.

    Avatar
    mariobraga82
    Member
    #391226

    Hi Rems..while the script executes properly, when I Filter SAM account name and select Blanks field it shows some Groups in Names column and which group it belongs to in groups column and rest column blank. Can you please tell me why so ? groups eg: domain admins,enterprise admins,schema admins and others.

    Avatar
    sherifdd
    Member
    #391969
    Rems;n494079 wrote:

    Import-Module ActiveDirectory

    $search=’dc=xyz,dc=abc’

    [email protected](
    ‘Name’,
    ‘sAMAccountName’,
    ‘Description’,
    ‘Enabled’,
    ‘created’,
    ‘modified’,
    @{n=”MemberOf”;e={($_.memberof | %{(Get-ADGroup $_).sAMAccountName}) -join “;”}},
    ‘LastLogonDate’,
    ‘LockedOut’
    )

    Get-ADUser -filter * -Properties * -SearchBase $search | select $props | export-Csv “C:new.csv” -notypeinfo -encoding “UTF8”

    [/Code][/QUOTE]

    Tks for the code, but, could you help me use this CSV to create a new user, a member of the same groups[Code]
    Import-Module ActiveDirectory

    $search=’dc=xyz,dc=abc’

    [email protected](
    ‘Name’,
    ‘sAMAccountName’,
    ‘Description’,
    ‘Enabled’,
    ‘created’,
    ‘modified’,
    @{n=”MemberOf”;e={($_.memberof | %{(Get-ADGroup $_).sAMAccountName}) -join “;”}},
    ‘LastLogonDate’,
    ‘LockedOut’
    )

    Get-ADUser -filter * -Properties * -SearchBase $search | select $props | export-Csv “C:new.csv” -notypeinfo -encoding “UTF8”

    [/Code]

    Tks for the code, but, could you help me use this CSV to create a new user, a member of the same groups

Viewing 18 posts - 1 through 18 (of 18 total)

You must be logged in to reply to this topic.