Greetings! 👀 After a comment on my initial post asking for user email addresses in the output, I ended up getting a bit confused for 4 hours while trying to achieve the goal (it was a Friday night so several beers were involved) 🍻 !!
When I started seeing the dreaded pages of red errors in my results I soon realised I was not thinking that objects other than users can be members of a group. Of course! So I need to cater for computers, nested groups and users with no email address.
The result is below and from initial testing it seems to work well. Key points:
- As with the original script, the CSV will output AD groups and members.
- Where a group has no members, the group name is output with ‘No Members’ in the members column (and also now in the EmailAddress column).
- The CSV has an ‘EmailAddress’ column added:
- Where the member is a user and has an email address, the address is displayed.
- Where the member is a user and does not have an address, ‘No Email Address’ is displayed.
- Where the member is a computer, ‘Computer Object’ is displayed.
- Where the member is a group, ‘Nested Group’ is displayed.
Voilà mes amis ! Code is below – as usual please comment if it helped or you made it better or it didn’t work for you ✌😃🤞. Thanks for coming, until nek tiya !
Also check out the Azure AD script: export-azure-ad-groups-and-members-to-csv
# export active directory groups and members to csv (also output empty groups with 'No Members' value)
# assumes run on 2012 R2 or newer domain controller or import of ActiveDirectory module
# 2022-04-02 - added logic to output email address column, catering for other object types that do not have addresses.
$allgroups = Get-ADGroup -Filter *
$result = foreach ( $group in $allgroups ) {
$hash = @{GroupName=$group.SamAccountName;Member='';EmailAddress=''}
$groupid = $group.DistinguishedName
if ( $members = Get-ADGroupMember $groupid ) {
foreach ( $member in $members ) {
if ( $member.objectClass -eq 'user' ) {
$memberemail = (Get-ADUser -Properties mail $member.distinguishedName).mail
if ( $memberemail -ne $null ) {
$hash.Member = $member.Name
$hash.EmailAddress = $memberemail
New-Object psObject -Property $hash
}
else {
$memberemail = "No Email Address"
$hash.Member = $member.Name
$hash.EmailAddress = $memberemail
New-Object psObject -Property $hash
}
}
else {
if ( $member.objectClass -eq 'group' ) {
$memberemail = "Nested Group"
$hash.Member = $member.Name
$hash.EmailAddress = $memberemail
New-Object psObject -Property $hash
}
if ( $member.objectClass -eq 'computer' ) {
$memberemail = "Computer Object"
$hash.Member = $member.Name
$hash.EmailAddress = $memberemail
New-Object psObject -Property $hash
}
}
}
}
else {
$emailaddress = "No Members"
$displayname = "No Members"
$hash.Member = $displayname
$hash.EmailAddress = $emailaddress
New-Object psObject -Property $hash
}
}
$result | Export-Csv -Path C:\temp\ActiveDirectoryGroupsAndMembers.csv -NoTypeInformation
# End
recent comms…