All geek questions in one place

Extract all users from active directory groups from multiple domains using Powershell?

I do not have much experience in Active Directory or Powershell, I need to pull out all the users and their details that belong to more than 1000 security groups.

I tried several different PS scripts available on the Internet, but due to the large amount of data the script takes a very long time (I stopped the script after it continued to work for 3 days)

I also tried to break the list of groups and run 100 groups at the same time using SSIS, but that didn't help.

I use the following 1st script to pull out group elements and 2nd script to pull out the rest of the user's details

PS groups and users are a mixture of several subdomains.

Script 1:

$groups = Get-Content c:\temp\Groups.txt      
foreach($Group in $Groups) {            
    Get-ADGroupMember -Id $Group | select  @{Expression=    {$Group};Label="Group Name"},* | Export-CSV c:\temp\GroupsInfo.CSV -    NoTypeInformation
}

Script 2:

$objForest =     [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$DomainList = @($objForest.Domains | Select-Object Name)
$Domains = $DomainList | foreach {$_.Name}
$Users = Import-CSV c:\users\public\users.csv
#Act on each domain
foreach($Domain in ($Domains))
{
    Write-Host "Checking $Domain" -fore blue
    Foreach($mail in ($Users.mail))
    {
        Get-ADUser -filter {mail -eq $mail} -Server $domain -properties     mail | select mail,employeeID,title,department,name

        Export-CSV c:\temp\MemberDetails.CSV -NoTypeInformation
    }
}
+4
2

4300+

$groupname = <whatever your group name is>
$servername = <whatever domain your group is with>

$dns = get-adgroup $groupname -server $servername -Properties member | select -ExpandProperty member
    $adobjects = @()
    $objqry = {
        param([string[]]$items)
        function GetAdsiObj {
            param($dn)
            $item = [adsi]$("LDAP://$_")
            $item.setinfo()
            return $item
        }
        return $items | select @{n='adsiobj';e={ GetAdsiObj $_}} | `
            select @{n='samaccountname';e={$_.adsiobj.properties.samaccountname[0]}}, `
                   @{n='name';e={$_.adsiobj.properties.name[0]}}, `
                   @{n='objectclass';e={$_.adsiobj.properties.objectclass[$_.properties.adsiobj.objectclass.count - 1]}}, `
                   @{n='dn';e={$_.adsiobj.path}}, `
                   @{n='useraccountcontrol';e={$_.adsiobj.useraccountcontrol[0]}}
    }
    $jobs = @()

    for($i= 0; $i -lt $dns.Count;$i += 250){
        $data = $dns[$i..$($i + 249)] 
        $jobs += Start-Job -ScriptBlock $objqry -ArgumentList (,$data)
    }

    $runningcount = {
        param($j)
        return $($j | ?{ $_.State -eq "Running" }).Count
    }
    $jobcount = $jobs.Count
    while($(&$runningcount $jobs) -gt 0){
        write-progress -activity "Processing members" -status "Progress:" `
        -percentcomplete (($jobcount- $(&$runningcount $jobs))/$jobcount*100)
    }
    $responses = $jobs | Wait-Job | Receive-Job
    $responses | %{ $adobjects += @($_) }
    $adobjects
0

, , , , . , -, -. , -, , , , -. Hm, , -: , , - , - , .

$GroupList = Get-Contant c:\temp\Groups.txt
$GroupHash = @{}
$UserHash = @{}
ForEach($Group in $Groups){
    $GroupHash.$Group = Get-ADGroupMember $Group

    ForEach($User in ($GroupHash.$Group|Where{!$UserHash.($_.distinguishedName)})){
        $UserHash.($User.distinguishedName) = Get-ADUser $User.distinguishedName -Server $($User.distinguishedName -replace "^.*?DC=" -replace ",DC=", ".") -Prop Mail
    }
}

$GroupHash, , $UserHash, , . , , ...

ForEach($Group in $GroupHash.Keys){
    $GroupHash.$Group.distinguishedName | ForEach{%UserHash.$_} | Select mail,employeeID,title,department,name | Export-CSV C:\Temp\$Group.csv -NoType
}

CSV C:\Temp .

, , , , , .

+1

Source: https://habr.com/ru/post/1613539/

More articles:


All Articles