PowerShell - Create Custom Object to Export as CSV-CodePudding

I'm trying to pull a report using PowerShell and export it as CSV. I want to grab an AD Group, get the "Members" and "Members Of", then export it.

The final export, I want it to look like this:

Group Name        Member Of      Member ID    Member Name      Member Email
Finance Group     AD Group 1     User 1       John Smith       [email protected]
Finance Group     AD Group 2     User 2       Ryan Smith       [email protected]             
Finance Group     AD Group 3     User 3       Amanda Smith     [email protected]           
Finance Group     AD Group 4      
Finance Group     AD Group 5

I have the following script to get the AD Group Members and Member Of:

$Groups = "Finance Group"

$Object = New-Object PSObject

ForEach ($Group in $Groups) {
    
    $MemberOf = Get-ADPrincipalGroupMembership -Identity $Group

    ForEach ($Access in $MemberOf.Name) {
        $Object | Add-Member -NotePropertyName "Group Name" -NotePropertyValue $Group
        $Object | Add-Member -NotePropertyName "Member Of" -NotePropertyValue "$MemberOf
    }
}

I'm just trying to make the first 2 columns, however, Add-Member seems to just replace the current values, and I can't seem to find a way to append the values. Afterwards I will try to add in the users information columns. The reason I want the "Group Name" to repeat is because I want to use a Pivot Table to group "Finance Group" to its respective "Member Of" and "Members". Am I going about this the right way or is there some better way to do this?

Thanks in advance.

CodePudding user response：

Following Abraham's helpful answer which just needs a slight modification to get the user's DisplayName and Mail properties:

$Groups = "Finance Group"

$export = foreach ($Group in $Groups)
{
    $thisGroup = Get-ADGroup $Group -Properties MemberOf
    $memberOf = $thisGroup.MemberOf
    $member = @(Get-ADGroupMember $group).where({
        $_.objectClass -eq 'user'
    }) | Get-ADuser -Properties DisplayName, mail

    $max = [Math]::Max($memberOf.Count, $member.Count)
    
    for ($i = 0; $i -lt $max; $i  )
    {
        [PSCustomObject]@{
            GroupName   = $thisGroup.Name
            MemberOf    = $memberOf[$i] -replace '^CN=(.*?)(?<!\\),.*','$1'
            MemberID    = $member[$i].Name
            MemberName  = $member[$i].DisplayName
            MemberEmail = $member[$i].mail
        }
    }
}

$export | Export-Csv .... -NoTypeInformation

The use of -replace on MemberOf is because the MemberOf property of AD Group are DistinguishedName and this would get their CN (Common Name). See https://regex101.com/r/jrbwVb/1 for more details.

CodePudding user response：

If I'm not mistaken, this is your intentions:

$Groups = "Finance Group"

foreach ($Group in $Groups)
{
    $groupObj = Get-ADGroup -Identity $Group -Properties Members, MemberOf
    for ($i = 0; $i -lt [Math]::Max($groupObj.Members, $groupObj.MemberOf; $i  )
    {
        [PSCustomObject]@{
            GroupName = $Group
            MemberOf  = $groupObj[$i].MemberOf
            Members   = $groupObj[$i].Members # here you can substitute this field, or add new ones, with a new Get-ADUser call - 
                                              # to get the display name or other properties.
        }
    }
}

. . .as noted in the in-line comment, you can substitute the returned field for a call to AD using Get-ADUser to swap for a display name or other fields instead.

Unfortunately, I do not have AD installed on my computer, nor have access to an AD environment anymore so this was all based off what I though is correct. I believe that Get-ADGroup returns it's membersof property as well; so only one call would be needed in that aspect.