question

raviraja-7112 avatar image
0 Votes"
raviraja-7112 asked piaudonn edited

Using get-aduser to pull multiple properties

I am trying to pull multiple properties of a particular group like userid, account status, locked out, etc as mentioned below:

$group = Get-ADGroup -Server "test.com" -Identity "test_test_test"
$members = Get-ADUser -Server "test.com" -LDAPFilter "(&(objectClass=user)(memberOf=$group))" -Properties 'samaccountname', 'enabled','passwordexpired','lockedout','whenchanged'
$members | select -ExpandProperty 'samaccountname', 'enabled','passwordexpired','lockedout','whenchanged'| Out-File -FilePath "D:\userids_final.txt"

When I tried to run above script I am getting below error. Please help

Select-Object : Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'ExpandProperty'.
Specified method is not supported.
At line:3 char:35
+ $members | select -ExpandProperty 'samaccountname', 'enabled'| Out-Fi ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Select-Object], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgument,Microsoft.PowerShell.Commands.SelectObjectCommand

windows-active-directory
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

piaudonn avatar image
0 Votes"
piaudonn answered piaudonn edited

Few comments:

  1. You don't need to do two requests to get the members and their attributes. You can pipe the first one with the second. The way you do it will only get teh direct members of the groups and not its nested members (unless that's what you want and in that case you could stick with that I guess).

  2. You don't need to use quotes in the list of properties.

  3. You don't need to expand any properties. It is failing at the moment because you can expand only one property. But in your case, since you are exporting stuff to a a file, you don't need to do that. And you could also export it in a more useful format such as csv.

So here is a revisited version of your script:

  $members = Get-ADGroupMember -Identity  "test_test_test" -Recursive | Get-ADUser -Properties samaccountname,enabled,passwordexpired,lockedout,whenchanged
  $members | Export-Csv userids_final.csv -NoTypeInformation

You could remove the -Recursive if you wanted only the direct group membership. And you could also do that in one line.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.