Do it is advisable get all of the teams in your Lively Listing or simply want to seek out the placement of the one group that’s hiding someplace in an OU? In PowerShell, we are able to use the Get-ADGroup cmdlet to rapidly extract all details about our teams from the AD.
Teams in your Lively Listing can actually assist you with protecting your AD organized. It permits you to assign permissions or licenses to a number of customers which are members of a single group. When for instance administration wants entry to PowerBi, you’ll solely need to assign the license to the PowerBi Group.
On this article, we’re going to check out easy methods to use the Get-ADGroup cmdlet in PowerShell. On the finish of the article, additionally, you will discover a full script that exports all of the teams in your Lively Listing to CSV.
Necessities
Earlier than we are able to use the Get-ADGroup cmdlet, you will have to have the Lively Listing module put in in PowerShell. It’s put in by default on the area controller, however on Home windows 10 or 11 you will have to put in it.
Run the next command in PowerShell to put in the module:
Add-WindowsCapability –on-line –Identify “Rsat.ActiveDirectory.DS-LDS.Instruments~~~~0.0.1.0”
Discovering Teams with Get ADGroup in PowerShell
Get Get-ADGroup cmdlet permits us to seek out all group objects within the Lively Listing and extract data from them. The benefit of this cmdlet is that we are able to use totally different parameters to seek out the teams in our AD.
We will use the next parameters relating to discovering the teams:
- Id – Discover a group primarily based on the group title. This can return solely a single group
- Filter – Retrieve a number of teams primarily based on a filter question
- LDAPFilter – Use a LDAP question string to filter the group objects
- SearchBase – Specify the Lively Listing path (OU) to go looking in
- SearchScope – Specify how deep you need to search (base stage, one stage, or full subtree)
The commonest technique to get a gaggle is by utilizing the id parameter. However for this, you will have to know the title of the group. It’ll return a single group with an important properties:
Get-ADGroup -identity SG_M365_E5
As you may see, solely the fundamental properties are returned from the group. We will use the -properties parameter to retrieve all properties of the group. I’ll clarify extra about retrieving totally different properties later, however if you wish to see all data from the group, then use the next command:
Get-ADGroup -identity SG_M365_E5 -properties *
Utilizing the Filter Parameter
When you’re trying to find a specific group and also you don’t know the precise title, then you should utilize the filter parameter. This enables us to go looking by all teams primarily based on part of the title or different property.
The filter parameter will also be used to retrieve a number of teams or all teams from the Lively Listing.
Let’s check out a few generally used examples to seek out teams:
To discover a group primarily based on part of the title you should utilize the -like filter:
Get-ADGroup -Filter "Identify -like 'SG_*'" | ft
This can return all teams the place the title begins with SG_.
To get all safety teams we are able to filter the teams on the Group Class worth:
Get-ADGroup -Filter "GroupCategory -eq 'Safety'" | ft
In case you run the command above, you’ll discover that it additionally returns all of the built-in teams. More often than not you don’t want these in your exports. So let’s filter these out:
Get-ADGroup -Filter "GroupCategory -eq 'Safety' -and GroupScope -ne 'Domainlocal'" | ft
Now you might be nonetheless left with some built-in teams. These teams are situated within the default Customers OU container in your Lively Listing. There are two choices to filter these out as nicely, you may specify the search base, see the subsequent chapter, or filter out all the outcomes the place the DistinguishedName ends with OU=Customers,DC=Area,DC=native.
# Exchange DC=Area,DC=Native along with your AD area title
Get-ADGroup -Filter "GroupCategory -eq 'Safety' -and GroupScope -ne 'Domainlocal'" | The place-Object { $_.DistinguishedName -notlike "*,CN=consumer,DC=Area,DC=native" } | ft
You may as well use the next cmdlet to get the DN path of your area:
Get-ADDomain | Choose -ExpandProperty DistinguishedName
Get ADGroup SearchBase
If you need to retrieve a number of teams out of your Lively Listing you may need to slender down the search. As talked about within the earlier chapter, whenever you listing all teams, all built-in teams are listed as nicely. More often than not you could have your teams organized in a separate OU, so we are able to use the SearchBase (distinguishedName) parameter to specify the OU the place we need to search.
The distinguishedName is the total path of the OU, which we write from the OU up the tree to the AD area title.
Take the next AD construction, we need to get all computer systems from the Amsterdam website:
The search base string, on this case, could be:
1 2 3 4 5 "OU=Computer systems,OU=Amsterdam,OU=Websites,DC=Lazyadmin,DC=NL"
To get for instance all teams from the OU Amsterdam we are able to use the next SearchBase path:
Get-ADGroup -Filter * -SearchBase "OU=Amsterdam,OU=Websites,DC=Lazyadmin,DC=NL" | ft
Utilizing the SearchScope
The -SearchBase parameter will return all computer systems from the desired and nested OU’s. Through the use of the -SearchScope parameter, we are able to specify how deep or not we need to search by the Lively Listing tree.
For instance, we need to get all teams from the Amsterdam website, besides the take a look at teams:
To get all of the teams from Amsterdam, besides the teams within the sub OU “take a look at”, we are able to restrict the searchBase to solely the present stage, utilizing the searchScope parameter:
$searchBase = "OU=Teams,OU=Amsterdam,OU=Websites,DC=Lazyadmin,DC=NL" Get-ADGroup -Filter * -SearchBase $searchBase -SearchScope OneLevel
Get Group Supervisor
Lively Listing teams could be managed by customers. This manner a consumer can add or take away members of the group, which is admittedly helpful for distribution teams or when you could have many mutations in a gaggle.
To get the supervisor of a gaggle we are able to use the Get-ADGroup cmdlet and the property managedBy:
# You may as well use a filter or searchbase to get the supervisor of a number of teams Get-ADGroup -Id administration -Properties managedby | choose title, managedBy | ft
As you may see within the screenshot above, the managedBy property returns the distinguished title of the consumer. If you need solely the title, you may pipe the Get-ADUser cmdlet behind it:
Get-ADGroup -Id administration -Properties ManagedBy | % {Get-ADUser -Id $_.managedBy} | choose title
Get Group Membership of Teams
Teams will also be member of different teams, that is notably helpful whenever you need to assign licenses or different permissions primarily based on group membership. For instance, all managers ought to have entry to PowerBi. Now you may add every supervisor individually to the SG_M365_PowerBi group, however you can even make the group Administration member of SG_M365_PowerBi.
To listing all of the teams {that a} group is a member of you could possibly use the memberOf property:
Get-ADGroup -Id administration -Properties memberOf | choose title,memberOf
However as you may see within the screenshot above, this isn’t actually a readable title. Similar to with the group supervisor, we might want to lookup every group to get the title.
Fortunately there may be another choice, we are able to use the Get-ADPrincipalGroupMembership cmdlet to get solely the title of the group, {that a} group is a member of:
Get-ADPrincipalGroupMembership -identity administration | ft
Export all AD Teams to CSV with PowerShell
If you wish to get an outline of all teams in your Lively Listing then exporting to CSV if a very good technique. This lets you undergo all teams in Excel and listing all group managers or memberships for instance.
I’ve written a full information in regards to the Export-CSV cmdlet, however I additionally need to provide you with a few helpful examples when working with the Get-ADGroup cmdlet.
To easily export all AD Group objects, we are able to use the next command:
Get-ADGroup -filter * | Export-csv c:tempadgroups.csv -NoTypeInformation
This can listing all teams, together with the built-in with solely the default properties. More often than not probably not the data you want.
Full Export AD Teams to CSV Script
I’ve created a PowerShell script that may Export all AD Teams to CSV for you with probably the most generally wanted properties.
If you run the script you specify a few choices:
- Specify the searchBase (OU), default entire Lively Listing
- Embrace or exclude built-in teams (default exclude)
- Export path CSV file (default none, console output)
The script will get all of the teams from the Lively Listing in the event you don’t specify the searchBase (OU). It’s additionally attainable to specify a number of OU’s:
.Get-ADGroups.ps1 -searchBase "OU=teams,OU=Amsterdam,DC=LazyAdmin,DC=Native","OU=teams,OU=Oslo,DC=LazyAdmin,DC=Native" -csvpath c:tempcomputers.csv
Observe these steps to export the AD Teams with the PowerShell script:
- Obtain the entire Export AD Teams script from my Github
- Open PowerShell and navigate to the script
- Run the export script: Get-ADGroups.ps1
When full, the script will routinely open Excel for you.
param(
[Parameter(
Mandatory = $false,
HelpMessage = "Enter the searchbase between quotes or multiple separated with a comma"
)]
[string[]]$searchBase,
[Parameter(
Mandatory = $false,
HelpMessage = "Include built-in groups or exclude"
)]
[ValidateSet("include", "exclude")]
[string]$builtin = "exclude",
[Parameter(
Mandatory = $false,
HelpMessage = "Enter path to save the CSV file"
)]
[string]$CSVpath
)
Perform Get-Teams{
<#
.SYNOPSIS
Get teams from the requested DN
#>
param(
[Parameter(
Mandatory = $true
)]
$dn
)
course of{
# Set the properties to retrieve
$properties = @(
'Identify',
'CanonicalName',
'GroupCategory',
'GroupScope',
'ManagedBy',
'MemberOf',
'created',
'whenChanged',
'mail',
'data',
'description'
)
# Get all teams, or exclude the builtin teams
# Get the computer systems
change ($builtin)
{
"embody" choose $properties
"exclude" {
$builtinUsers = "CN=customers,$dn"
$filter = "GroupScope -ne 'Domainlocal'"
Get-ADGroup -filter $filter -searchBase $dn -Properties $properties | The place-Object { $_.DistinguishedName -notlike "*,$builtinUsers" } | choose $properties
}
}
}
}
Perform Get-ADGroups {
<#
.SYNOPSIS
Get all AD Teams
#>
course of {
Write-Host "Gathering teams" -ForegroundColor Cyan
$teams = @()
# Acquire teams
if ($searchBase) {
# Get the requested teams
foreach ($dn in $searchBase) {
Write-Host "- Get teams in $dn" -ForegroundColor Cyan
$teams += Get-Teams -dn $dn
}
}else Choose -ExpandProperty DistinguishedName
Write-Host "- Get teams in $dn" -ForegroundColor Cyan
$teams += Get-Teams -dn $dn
# Loop by all computer systems
$teams | ForEach {
$managedBy = ''
$memberOf=""
# If the group is managed, get the customers title
if ($null -ne $_.ManagedBy) choose -ExpandProperty title
# If the group is member of different teams, get the group names
if ($_.MemberOf.rely -gt 0) choose -ExpandProperty title
[pscustomobject]@ out-string).Trim()
"Date created" = $_.created
"Date modified" = $_.whenChanged
}
}
}
If ($CSVpath) {
# Get mailbox standing
Get-ADGroups | Export-CSV -Path $CSVpath -NoTypeInformation -Encoding UTF8
if ((Get-Merchandise $CSVpath).Size -gt 0) {
Write-Host "Report completed and saved in $CSVpath" -ForegroundColor Inexperienced
Invoke-Merchandise $CSVpath
}
else {
Write-Host "Did not create report" -ForegroundColor Crimson
}
}
Else {
Get-ADGroups
}
Wrapping Up
The Get-ADGroup cmdlet is nice when it is advisable get all of the teams out of your Lively Listing. With the assistance of filters and/or the searchbase parameter you may rapidly choose solely the teams that you just want.
When you’ve got any questions, simply drop a remark beneath.
