As title says I need to get a specific part of a group name of group of users.
Yup, Get-ADPrincipalGroupMembership allows to get user's groups. But it returns all user's groups (while I would like to get an exact one) and, as I understood, only for a exact user.
So I have three OUs. Each OU has users. Each user is member of a few groups, but I need to get a group(s) with a standard name per user. And standard name is department - X, where X part is specific for each user. So in a result I want to get a table, where will be Name, SamAccountName and X part of the group(s).
Hence, I need:
department - X, where X part is specific for each user, and one user could has more than one group with the standard name;I would try something like that:
Get-ADUser -filter * -SearchBase "OU=OU1,OU=OU2,OU=OU3,DC=domain,DC=local" -Properties memberOf | % { [PSCustomObject]@{ Name = $_.Name; SamAccountName = $_.SamAccountName; Groups = ($_.MemberOf | ? { $_ -match "department" } | % { $_.Split(',')[0].Split('=')[1].Replace("department - ","") }) -join "," } }
This gets all the users from a given OU together with their membership. The value of a memberOf property is a DN of the group as a string, so somethinglike CN=group,OU=OU1,DC=domain,DC=local. Out of those it selects only entries that match department and splits the DN by comma and equal sign to get the CN part (which should match group's name).