News

Follow @ShayLevy

Navigation

How to audit AD groups in one line of PowerShell

I was tasked this morning with the following:

Get all groups from Active Directory and produce a report that includes each group Name,distinguishedName, the type of the group, its scope, mail address, description and group membership count. Armed with Quest's AD cmdlets I wrote the following. It took 3 minutes to write the code and send it to my manager with PowerShell v2 Send-MailMessage cmdlet:

Get-QADGroup -SizeLimit 0 | Select-Object Name,DN,GroupType,GroupScope,@{Name="MemberCount";Expression={ @(Get-QADGroupMember -SizeLimit 0 -Identity $_).Count }},Mail,Description | Sort-Object MemberCount -Descending | Export-Csv .\ADGroupsReport.csv

#This section requires PowerShell v2
$PSEmailServer= "EmailServerName"
Send-MailMessage -From "Me@domain.com" -To "Manager@domain.com" -Attachments .\ADGroupsReport.csv -Subject "AD Groups Report"

Once again, PowerShell and Quest saved my butt ;)

Posted: Jul 20 2009, 10:40 AM by ScriptFanatic | with 2 comment(s)

תגים:PowerShell, ITPRO, Quest AD Cmdlets, Quest

Comments

Shawn Marshall said:

Running command and getting this error to pop up every few minutes.

Select-Object : More data is available.

At line:1 char:42

+ Get-QADGroup -SizeLimit 0 | Select-Object <<<< Name,DN,GroupType,GroupScope,@{Name="MemberCount";Expression={ @(Get-

QADGroupMember -SizeLimit 0 -Identity $_).Count }},Mail,Description | Sort-Object MemberCount -Descending | Export-Csv

C:\PowerShell\ADGroupsReport.csv

Any idea as to why? The file was generated and seems complete as far as I know. Just curious about the error. The error occurred 6 times during the command.

# July 22, 2009 9:43 PM

ScriptFanatic said:

Can you output the full error information to a file and send it to my email?

PS > $error[0] | fl -force

scriptolog AT gmail DOT com

# July 23, 2009 11:02 AM

Shay Levy

Recent Posts

Tags