Export AD group members – nested / recursive group members – input via textfile

/ December 18, 2013

Hi Readers,

This script is the extension of below script

http://gallery.technet.microsoft.com/Export-AD-group-members-6e6c8a9f

The only difference is: It takes input of group names from text file & you can run this

for multiple groups.

You just have to put CN of a group (otherwise it will not work) in the text file.

“groupname.txt”

 

Extract the script & paste it anywhere.

run the batch file, output will be saved in results folder

 

 

uniquemembers is the list of users that are part of the group & unique group is the name of groups that are nested.(including the main group)

 

Machine from which you are running it must have “ADSI Edit”–this is part of administration tools

Note:- don’t forget to delete the output files if the script has been run previously.

Don’t for get to rate if this worked for you 🙂
Download it from below link:-
##################################################################################  
#       Author: Vikas Sukhija  
#       Date: 06/31/2013  
#       Modified:12/07/2013 
#       Description: Extract group members recursevely  
#       Modification: Take input from text files 
###################################################################################  

get-content .\groupname.txt | foreach-object { 

$Group = $_ 
$groups = ".\results\" + "groups_" + $_ + "_.txt" 
$members = ".\results\" + "members_" + $_ + "_.txt" 
$uniquemembers1 = ".\results\" + "uniquemembers_" + $_ + "_.txt" 
$uniquegroups1 = ".\results\" + "uniquegroups_" + $_ + "_.txt" 

######################check if object is group or not ############################# 
function checkgroup ($Group1) 
{ 

$Search = New-Object DirectoryServices.DirectorySearcher([ADSI]"") 
$Search.filter = "(&(objectCategory=group)(objectClass=group)(cn=$Group1))" 
$input=$Search.Findall() 

if($input -ne $null) 
{ 
##Write-Host "$Group1 is a valid" 
return $true 
} 
else  
{ 
##Write-Host "$Group1 is a invalid" 
return $false 
} 
} 
##################################Recurse thru groups ############################## 

function getallmembersrecursively ($Group)  
{  
$Search = New-Object DirectoryServices.DirectorySearcher([ADSI]"")  
$Search.filter = "(&(objectCategory=group)(objectClass=group)(cn=$Group))"  
$input=$Search.Findall()  

if($input -ne $null)  
{  
Foreach($group in $input){  
$groupname = $group.GetDirectoryEntry()  
$GPName = $groupname.DistinguishedName  
$GPMember = $groupname.member  
$GPName1 = [string]$GPName  
$gsplit1 = $GPName1.split(",")  
$fpiece1 = $gsplit1[0]  
$cnsplit1 = $fpiece1.split("=")  
$GPName2 = $cnsplit1[1]  

Write-Host "$GPName2 is a Group"  
Add-Content $groups $GPName2  

####get all groups from file to compare so as there is no circular nesting 

$getallgroups = Get-Content $groups 

Foreach($gmember in $GPMember){  
$gsplit = $gmember.split(",")  
$fpiece = $gsplit[0]  
$cnsplit = $fpiece.split("=")  
$Name = $cnsplit[1]  

$result = checkgroup $Name 

if ($result -eq "true") 
{ 
    if ($getallgroups -contains $Name) 
        { 
            Write-Host "$Name equals $GPName2" 
            #####not needed for troubleshooting######Add-Content .\conflict.txt "$Name equals $getallgroups -----"   

        } 
    else  
        { 
            #####not needed for troubleshooting######Add-Content .\donotconflict.txt "$Name recurse" 
            getallmembersrecursively $Name 
        } 
} 

else 
{ 
Write-Host $Name 
Add-Content $members $Name  
##############Write-Host "$Name not equals $GPName2" 

}  
}  
}  
}  
} 
####################################################################### 
getallmembersrecursively $Group  
sleep 5  
#########################unique members################################  

$uniquemembers = Get-Content $members 
$uniquemembers = $uniquemembers | select -uniq  
Add-Content $uniquemembers1 $uniquemembers  

$uniquegroups = Get-Content $groups 
$uniquegroups = $uniquegroups | select -uniq  
Add-Content $uniquegroups1 $uniquegroups  

}  
#######################################################################  

Regards 
Sukhija Vikas

Related posts

5 thoughts on “Export AD group members – nested / recursive group members – input via textfile

  1. Hello,
    first of all thank you for sharing your script. I have a couple of problems and i hope you can help me.
    I am a student and I now have a project at work, I work for the university, where i need to analyse all groups and its members. It’s the university’s domain and there are over 200 groups and hundreds of users and we now want to optimise our group-system.
    I am not familiar with PowerShell-Scripting, but i need a list in one text-file of all groups and its members, for further analytics, which I will realise with a C-Program. I searched now for about 10h and your script is the closest I could find.
    It would be very nice if you could help me.
    The text-file should look something like that:

    GROUPNAME1, “FIRST USER” “SECOND USER” … “N USER”;
    GROUPNAME2, “FIRST USER” “SECOND USER” … “N USER”;

    If it looks like this, first the groupname, then a comma, then the users in quotes and then a semicolon, i can run my program over that file and let it analyse.

    Reply

  2. If you will do in one file than there would be issue as if there are 1000 members than 1000 columns will be consumed, that’s why script was made to take input of group names from a file & than create members in separate file for each group.

    Reply

    • The maximum number of members in one group should be around 25. It would make analysing much easier, but its okay. It is a really nice script and saved me in that form a lot of work so far. Thank you for your reply.

      Reply

Leave a comment