I've been using this script for a while to export group memberships for users listed in a CSV file. However, I've just realized that the script is not including the primary group for the users, and I'm not sure why. My internet searches haven't helped, and even Copilot isn't being useful. Does anyone have any insights on how to address this issue? Here's my script:
```
# This script exports the group memberships for every user in the list of users specified below
# Define the path to the input CSV file containing the list of users
$inputFilePath = "C:ScriptsCSVUsersToExport.csv"
# Define the output CSV file path
$outputFilePath = "C:ScriptsCSVExportedListOfUsers.csv"
# Import the list of users from the CSV
$selectedUsers = Import-Csv -Path $inputFilePath
# Initialize an array to store the selected user information
$selectedUserList = @()
foreach ($selectedUser in $selectedUsers) {
$samAccountName = $selectedUser.SamAccountName
# Get the AD user based on SamAccountName
$user = Get-ADUser -Filter "SamAccountName -eq '$samAccountName'" -Properties *
if ($user -ne $null -and $user.Enabled) {
# Extract the manager name without the OU
$managerName = ($user.Manager -replace "CN=([^,]+).*", '$1')
# Retrieve user group memberships as an array
$groups = Get-ADUser -Identity $user.SamAccountName -Properties MemberOf |
Select-Object -ExpandProperty MemberOf |
ForEach-Object { Get-ADGroup -Identity $_ } |
Select-Object -ExpandProperty Name
# Create a custom object with user information, including group memberships
$groupLines = $groups | ForEach-Object {
[PSCustomObject] @{
Name = $user.Name
SamAccountName = $user.SamAccountName
OrganizationalUnit = ($user.DistinguishedName -replace "CN=([^,]+)", "").TrimStart(',')
DisplayName = $user.DisplayName
Manager = $managerName
Title = $user.Title
Department = $user.Department
Group = $_
}
}
# Add the user information to the selectedUserList array
$selectedUserList += $groupLines
}
}
# Export the selected user list to CSV
$selectedUserList | Out-GridView
```
Any help would really be appreciated!
3 Answers
You might want to take a look at your calls to `Get-ADUser`. You're calling it twice when you only need to do so once and can filter directly in that call. Simplifying your logic a bit could help you spot the problem. You can also set a breakpoint in your script and debug it to see where it might be going wrong.
You might want to change your approach a bit. Instead of getting the groups the user is a member of, you could fetch the AD groups that list the user as a member. This can include nested memberships, which might give you the results you're looking for with fewer queries overall. Here's a snippet to check out:
```powershell
$user = Get-ADUser $samAccountName -Properties Manager, Title, Department
$groups = Get-ADGroup -Filter "member -recursiveMatch '$($user.DistinguishedName)'"
```
Don't forget, the primary group is stored in a property called `PrimaryGroup`. If your goal is to list all groups including the primary one, ensure you're accessing this property correctly.
That’s a great point! I’ve restructured your logic to avoid the `+=` operator, which can be inefficient with arrays. Instead, you can just set the `$selectedUserList` directly from the outputs of your loop. Plus, make sure you're not using `-Properties *` unless absolutely necessary—just list what you actually need!