I need to provide a report of accounts that are disabled, but still have security groups in their account so I can purge them. Can you help me with this? In my file, it doesnt show groups Name. I only get Microsoft.ActiveDirectory.Management.ADPropertyValueCollection

$path = "c:\temp\DisabledUsers_ContainGroups ($(Get-Date -Format "yyyy-MM-dd")).xlsx"
$date = Get-Date -Format yyyy-MM-dd
Get-ADUser -Filter ({enabled -eq $false -and memberof -like '*'}) -properties Name, Samaccountname, memberof | select Name, Samaccountname, memberof | Export-excel -Path $path -WorksheetName $date -AutoSize -AutoFilter -TableStyle Medium2

CodePudding user response：

I got what im looking for. Not sure how i can add a new line instead of -join ';' but it works fine. Thanks for your help.

$path = "c:\temp\DisabledUsers_GroupMembership ($(Get-Date -Format "yyyy-MM-dd")).xlsx"
$date = Get-Date -Format yyyy-MM-dd

GET-ADUSER -Filter {Enabled -eq $false} –Properties name, samaccountname, MemberOf | 
where {$_.MemberOf.Count -gt 1} | 
select name, samaccountname, @{N= "Groups"; E ={(($_.MemberOf).split(",") | 
where-object {$_.contains("CN=")}).replace("CN=","") -join ';'}} | 
Export-excel -Path $path -WorksheetName $date -AutoSize -AutoFilter -TableStyle Medium2

CodePudding user response：

This should get you going...

Get-AdUser -Filter {Enabled -eq $false} |
    select *, @{l='MemberOf'; e={Get-AdPrincipalGroupMemberShip $_}} |
    where {$_.MemberOf.Count -gt 1}

Then you can filter out the properties you would like to keep

Get-AdUser -Filter {Enabled -eq $false} |
    select *, @{l='MemberOf'; e={Get-AdPrincipalGroupMemberShip $_}} |
    where {$_.MemberOf.Count -gt 1} |
    SamAccountName, MemberOf

or if you don't like to get all properties of the groups

Get-AdUser -Filter {Enabled -eq $false} |
    select *, @{
        l='MemberOf'; 
        e={Get-AdPrincipalGroupMemberShip $_ | Select Name}
    } |
    where {$_.MemberOf.Count -gt 1} |
    SamAccountName, MemberOf