We do a dump of AD to LDIF every night and use that to search for things like you mentioned. We use it more for querying mailbox locations, though, than anything else.
Regards, Don Guyer Catholic Health East - Information Technology Enterprise Directory & Messaging Services 3805 West Chester Pike, Suite 100, Newtown Square, Pa 19073 email: [email protected] Office: 610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440 For immediate assistance, please open a Service Desk ticket or call the helpdesk @ 610-492-3839. -----Original Message----- From: Michael Leone [mailto:[email protected]] Sent: Wednesday, February 27, 2013 1:47 PM To: NT System Admin Issues Subject: Re: Powershell witth Quest - listing group memberships of users I ended up doing this: $AllUsers = Get-QADUser -SizeLimit 0 | Select givenName,LastName,DisplayName,description,mail,ParentContainer,SAMAccountName,homeDirectory,AccountIsDisabled,MemberOf | sort AccountIsDisabled,LastName,FirstName ForEach ($User in $AllUsers) { $Cells.Item($CurrentRow, $CurrentCol) = $User.displayName $CurrentCol++ $ListOfGroups = Get-QADMemberOf $User.sAMAccountName $UsersGroups = "" ForEach ($GroupName in $ListOfGroups) { $UsersGroups += "|" + $GroupName.Name + "|, " } $Cells.Item($CurrentRow, $CurrentCol) = $UsersGroups $Sheet.columns.item($CurrentCol).columnWidth = 52 $Cells.Item($CurrentRow, $CurrentCol).WrapText = $True } So I nested a couple loops, and I broke out each group, enclosed it in "|" - which I found makes it more readable - and stored it in an Excel cell, which I widen and wrap, for readability. Basically this gives me a spreadsheet of all users, their home folders, and group memberships. I keep it as a sort of snapshot of AD, so that in 5 years, when I get a request to restore the home folder of some user that doesn't work here anymore, and who has been deleted out of AD, I have a way to find out where that home folder was, and I can query the backup system for that location and time frame. (and yes, I have had that happen, which is why I wrote the script). On Tue, Feb 26, 2013 at 4:48 PM, Steven Peck <[email protected]> wrote: > .memberOF outputs an array and arrays don't play well with other types > of info with just a straight select-object > > I used to use Get-QadUser JDoe | Get-QADMemberOf for this type of > stuff > > Haven't actually had to solve this problem in a while now though. > > > > On Tue, Feb 26, 2013 at 12:36 PM, Michael Leone <[email protected]> wrote: >> >> On Tue, Feb 26, 2013 at 2:56 PM, Michael Leone <[email protected]> >> wrote: >> > I am unsure what I am doing wrong. I want a list of all my user >> > accounts, and I want the contents of the "MemberOf" property, among >> > other things. >> > >> > Get-QADuser -SizeLimit 0 | Select >> > >> > givenName,LastName,DisplayName,mail,ParentContainer,SAMAccountName, >> > homeDirectory,AccountIsDisabled,MemberOf,NestedMemberOf,AllMemberOf >> > >> > I sort this, and export to CSV. When I import the CSV into Excel, >> > the "MemberOf", "NestedMemberOf" and "AllMemberOf" are showing as >> > "System.String[]". >> > >> > What am I doing wrong? I want that "MemberOf" to actually list what >> > groups the user is a member of. >> >> So here is where I am. I am trying to output into an Excel spreadsheet: >> >> $AllUsers = Get-QADUser -SizeLimit 0 LeoneM | Select >> >> givenName,LastName,DisplayName,description,mail,ParentContainer,SAMAc >> countName,homeDirectory,AccountIsDisabled,MemberOf,NestedMemberOf,All >> MemberOf >> | sort AccountIsDisabled,LastName,FirstName >> >> ForEach ($User in $AllUsers) >> { >> >> $Cells.Item($CurrentRow, $CurrentCol) = $User.displayName >> $CurrentCol++ >> >> $ListOfGroups = Get-QADMemberOf $User.sAMAccountName >> $Cells.Item($CurrentRow, $CurrentCol) = $ListOfGroups >> >> Write-Host $User.displayName $ListOfGroups >> >> $CurrentRow++ >> $CurrentCol = 1 >> } >> >> And my $ListOfGroups writes out on my screen, but does NOT get >> written into the spreadsheet. >> >> What's that about? >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
