question

GlennMaxwell-2309 avatar image
0 Votes"
GlennMaxwell-2309 asked ·

Export AD Group members

Hi Experts
i have a AD Security group and mail enabled security group, i want to export their members. when i use the below syntax i am getting output.

Get-ADGroupMember -identity "group@contoso.com" | select name | Export-csv -path C:\output.csv -NoTypeInformation

When i am trying the below syntax i am not getting output. i want to use this to export AD group members, mail enabled security group members and distribution group members. please correct me with the syntax.

Get-ADGroupMember -identity "group@contoso.com" -Properties DisplayName,Userprincipalname,title,Office,description,co,personalTitle,DepartmentNumber,employeeNumber | Select DisplayName,Userprincipalname,title,Office,employeeNumber,description,co,personalTitle,@{Name='DepartmentNumber';Expression={[string]::join(";", $($_.DepartmentNumber))}} | Export-csv C:\output.csv -Notypeinformation

office-exchange-server-administrationwindows-server-powershellwindows-active-directoryoffice-exchange-online-itpro
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

EricYin-MSFT avatar image
0 Votes"
EricYin-MSFT answered ·
  1. For command Get-ADGroupMember, identity has to be the highlight values:
    30305-1.png
    So group@contoso.com will not work.

  2. As RichMatheisen says, Get-ADGroupMember cannot read those property you want.

  3. For aduser property, there's no "co", I assume you want "company", correct it to any value as you want:
    30294-2.png

Please inform me if there's any error:

 (Get-ADGroupMember -identity "sg3-11664937739").name |
   get-aduser -properties DisplayName,Userprincipalname,title,Office,description,company,personalTitle,DepartmentNumber,employeeNumber|
   Select DisplayName,Userprincipalname,title,Office,employeeNumber,description,company,personalTitle,@{N='Departmentnumber';E={$_.Departmentnumber[0]}}|
   Export-csv C:\temp\output.csv -Notypeinformation

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.








1.png (12.6 KiB)
2.png (51.1 KiB)
· 6 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I think your script's first line is incorrect. Piping the name of the group won't work with the Get-ADUser. I think you meant:

 Get-ADGroupMember -identity "sg3-11664937739" |


0 Votes 0 ·

Thanks for reply.
But Get-ADuser does work with Sam account name:
30901-3.png


Anyway, your command should be more clear.

0 Votes 0 ·
3.png (15.2 KiB)

Yes, you're correct. I misread the cmdlet you used as "Get-ADGroup" instead of "Get-ADGroup*Member*". I apologize for the misinformation I posted!

0 Votes 0 ·

@GlennMaxwell-2309
I am writing here to confirm with you how the thing going now?
If you need further help, please provide more detailed information, so that we can give more appropriate suggestions.


If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 Votes 0 ·

There is an attribute "co" in the AD schema, though . . . it's just not the same as the one named "company". "co" is the ldapDisplayName for the attribute "Text-Country". It's value is the name of a country, not to be confused with the "Country-Code" attribute (ldapDisplayName "countryCode") which is the the "UN Code" (a numeric value) assigned to a country (e.g. USA is 840).

So, if he was after the numeric code for the country he'd use "CountryCode" which is the same in both LDAP and PowerShell. If he was after the country name he'd use "Country' in PowerShell and "co" in LDAP.

The AD schema can be a confusing place. :-)

0 Votes 0 ·

Yes I found this: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adls/b9f3e685-af3c-4add-95c3-4448208e906d
The AD schema can be a confusing place. :-)
-Agree with you. Exchange properties are much better.

0 Votes 0 ·
StoyanChalakov avatar image
0 Votes"
StoyanChalakov answered ·

Hi @GlennMaxwell-2309,

can you do a simple test and try without the expression, you have defined:

 Get-ADGroupMember -identity "group@contoso.com" -Properties DisplayName,Userprincipalname,title,Office,description,co,personalTitle,DepartmentNumber,employeeNumber | Select DisplayName,Userprincipalname,title,Office,employeeNumber,description,co,personalTitle | Export-csv C:\output.csv -Notypeinformation

Do you get a result? If Yes, then you need to check just the expression:

 @{Name='DepartmentNumber';Expression={[string]::join(";", $($_.DepartmentNumber))}}

Regards,
Stoyan


·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RichMatheisen-8856 avatar image
0 Votes"
RichMatheisen-8856 answered ·

Get-ADGroupMember does not retrieve the user object from the AD. It simply returns the identity of each member. You have to use the member's identity by piping the output of Get-ADGroupMember into Get-ADUser and then pipe the output from that into your Select-Object.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.