Groups

Greetings! 👀 After a comment on my initial post asking for user email addresses in the output, I ended up getting a bit confused for 4 hours while trying to achieve the goal (it was a Friday night so several beers were involved) 🍻 !!

When I started seeing the dreaded pages of red errors in my results I soon realised I was not thinking that objects other than users can be members of a group. Of course! So I need to cater for computers, nested groups and users with no email address.

The result is below and from initial testing it seems to work well. Key points:

1. As with the original script, the CSV will output AD groups and members.
2. Where a group has no members, the group name is output with ‘No Members’ in the members column (and also now in the EmailAddress column).
3. The CSV has an ‘EmailAddress’ column added:
   • Where the member is a user and has an email address, the address is displayed.
   • Where the member is a user and does not have an address, ‘No Email Address’ is displayed.
   • Where the member is a computer, ‘Computer Object’ is displayed.
   • Where the member is a group, ‘Nested Group’ is displayed.

Voilà mes amis ! Code is below – as usual please comment if it helped or you made it better or it didn’t work for you ✌😃🤞. Thanks for coming, until nek tiya !

# export active directory groups and members to csv (also output empty groups with 'No Members' value)
# assumes run on 2012 R2 or newer domain controller or import of ActiveDirectory module
# 2022-04-02 - added logic to output email address column, catering for other object types that do not have addresses.

$allgroups = Get-ADGroup -Filter *

$result = foreach ( $group in $allgroups ) {

    $hash = @{GroupName=$group.SamAccountName;Member='';EmailAddress=''}
    $groupid = $group.DistinguishedName
    
    if ( $members = Get-ADGroupMember $groupid ) {
            
         foreach ( $member in $members ) {
            
                if ( $member.objectClass -eq 'user' ) {
                    $memberemail = (Get-ADUser -Properties mail $member.distinguishedName).mail
                        if ( $memberemail -ne $null ) {
                            $hash.Member = $member.Name
                            $hash.EmailAddress = $memberemail
                            New-Object psObject -Property $hash
                        }
                        else {
                            $memberemail = "No Email Address"
                            $hash.Member = $member.Name
                            $hash.EmailAddress = $memberemail
                            New-Object psObject -Property $hash
                        }       
                }       
                        else {                
                            if ( $member.objectClass -eq 'group' ) {
                                $memberemail = "Nested Group"
                                $hash.Member = $member.Name
                                $hash.EmailAddress = $memberemail
                                New-Object psObject -Property $hash
                            }
                            if ( $member.objectClass -eq 'computer' ) {
                                $memberemail = "Computer Object"
                                $hash.Member = $member.Name
                                $hash.EmailAddress = $memberemail
                                New-Object psObject -Property $hash
                            }
                        }
            }
    }
        else {
        $emailaddress = "No Members"
        $displayname = "No Members"
        $hash.Member = $displayname
        $hash.EmailAddress = $emailaddress
        New-Object psObject -Property $hash
    }
}

$result | Export-Csv -Path C:\temp\ActiveDirectoryGroupsAndMembers.csv -NoTypeInformation

# End