PowerShell List all Users and Group Membership
Scenario:
PowerShell List all Users and Group Membership
In an environment with a lot of user and groups, it is very difficult to keep track of the groups that each user is a member.Have you ever thought to check the group and their member and clarify that only the intended user are members for each group? My case when I have created the below script, was to find out that users in a specific location are under the correct groups only. So I needed a list to check the groups.
The below script connects to Active directory and get a list of all users for a specific location (ex. Cyprus Office). Then the script check the membership of each user and gather all the information in a report and sends it by email. If there be an error or exception during the run then the script will provide me with the error or list of errors if they exist.
You can download the script here or copy it from below.
Related Links:
- PowerShell Scripts
- PowerShell Tutorials
- PowerShell Users and Membership – Part 2
- Encrypt password with key using PowerShell
- Send Email using PowerShell
- Email error variable in PowerShell
- Import-Module – Microsoft Docs
- Get-Content – Microsoft Docs
- ConvertTo-SecureString – Microsoft Docs
- New-Object – Microsoft Docs
- Get-ADUser – Microsoft TechNet
- Get-ADPrincipalGroupMembership – Microsoft TechNet
- Send-MailMessage – Microsoft Docs
Solution / Script:
import-module ActiveDirectory
cd ad:
$File = "C:\Scripts\Password.txt"
$Key = (1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32)
$EmailUser = "Script-User@domain.com"
$Password = Get-Content $File | ConvertTo-SecureString -Key $Key
$EmailCredentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $EmailUser,$Password
$To = 'User1@domain.com'
$From = 'Script-User@domain.com'
$CyprusUsers = Get-ADUser -Filter * -SearchBase "OU=Employees,OU=Cyprus,DC=domain,DC=com"
$EmailResult = ""
$ErrorEmailTemp = ""
Foreach ($CyprusUser in $CyprusUsers) {
$CyprusGroups = Get-adprincipalgroupmembership $CyprusUser.SamAccountName | select Name
$CyprusUserName = $CyprusUser.Name
$CyprusGroupsName = $CyprusGroups.Name
$CyprusPrincipalName = $CyprusUser.UserPrincipalName
$EmailTemp = @"
<tr>
<td class="colorm">$CyprusUserName</td>
<td>$CyprusGroupsName</td>
</tr>
"@
$EmailResult = $EmailResult + "`r`n" + $EmailTemp
}
$EmailUp = @"
<style>
body { font-family:Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, sans-serif !important; color:#434242;}
TABLE { font-family:Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, sans-serif !important; border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}
TR {border-width: 1px;padding: 10px;border-style: solid;border-color: white; }
TD {font-family:Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, sans-serif !important; border-width: 1px;padding: 10px;border-style: solid;border-color: white; background-color:#C3DDDB;}
.colorm {background-color:#58A09E; color:white;}
.colort{background-color:#58A09E; padding:20px; color:white; font-weight:bold;}
.colorn{background-color:transparent;}
</style>
<body>
<h3>Script has been completed successfully</h3>
<h4>Users and their MemberOf Attribute have been exported.</h4>
<table>
<tr>
<td class="colort">User</td>
<td class="colort">Groups</td>
</tr>
"@
$EmailDown = @"
</table>
</body>
"@
$Email = $EmailUp + $EmailResult + $EmailDown
if ($EmailResult -ne "") {
send-mailmessage `
-To $To `
-Subject "Users and their Groups Cyprus Report $(Get-Date -format dd/MM/yyyy)" `
-Body $Email `
-BodyAsHtml `
-Priority high `
-UseSsl `
-Port 587 `
-SmtpServer 'smtp.office365.com' `
-From $From `
-Credential $EmailCredentials
}
if ($error -ne $null) {
foreach ($value in $error) {
$ErrorEmailTemp = @"
<tr>
<td class="colorm">$value</td>
</tr>
"@
$ErrorEmailResult = $ErrorEmailResult + "`r`n" + $ErrorEmailTemp
}
$ErrorEmailUp = @"
<style>
body { font-family:Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, sans-serif !important; color:#434242;}
TABLE { font-family:Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, sans-serif !important; border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}
TR {border-width: 1px;padding: 10px;border-style: solid;border-color: white; }
TD {font-family:Segoe, "Segoe UI", "DejaVu Sans", "Trebuchet MS", Verdana, sans-serif !important; border-width: 1px;padding: 10px;border-style: solid;border-color: white; background-color:#C3DDDB;}
.colorm {background-color:#58A09E; color:white;}
.colort{background-color:#58A09E; padding:20px; color:white; font-weight:bold;}
.colorn{background-color:transparent;}
</style>
<body>
<h3 style="color:#BD3337 !important;> WARNING!!!</h3>
<p>There were errors during users check</p>
<p>Please check the errors and act accordingly</p>
<table>
"@
$ErrorEmailDown = @"
</table>
</body>
"@
$ErrorEmail = $ErrorEmailUp + $ErrorEmailResult + $ErrorEmailDown
send-mailmessage `
-To $To `
-Subject "Users and their Groups Report $(Get-Date -format dd/MM/yyyy) - WARNING" `
-Body $ErrorEmail `
-BodyAsHtml `
-Priority high `
-UseSsl `
-Port 587 `
-SmtpServer 'smtp.office365.com' `
-From $From `
-Credential $EmailCredentials
}


[…] https://www.sconstantinou.com/powershell-list-all-users-and-group-membership/ […]