Get AD security group members list on email as attachment.
This script will provide members list as csv file. You will get it over email and will be stored in specified location and it will only will keep 30 files latest.
#Get-ADGroupMember -Server "bbntech.com" -Identity "G-SE-NTT-MFAEnable" -Recursive | get-aduser -Properties GivenName,Surname,Name,DisplayName,samaccountname,UserPrincipalName,mail,OfficePhone,telephoneNumber,Enabled | Select GivenName,Surname,Name,DisplayName,samaccountname,UserPrincipalName,mail,OfficePhone,telephoneNumber,Enabled | export-csv D:\bbn\G-SE-NTT-MFAEnable_Users.csv -Notypeinformation
# BBN Techinfo
#Would talk about pre-requisites for importing Active Directory Module at end of post
import-module ActiveDirectory
#Preparing files to write data and attach to email
$file1 = "D:\bbn\MFA_Users\G-SE-NTT-MFAEnable_Users_$((Get-Date).ToString('MM-dd-yyyy_hh-mm-ss')).csv"
#################################################
$path = "D:\bbn\MFA_Users"
$files = Get-ChildItem -Path $path -Recurse | Where-Object {-not $_.PsIsContainer}
$keep = 5
if ($files.Count -gt $keep) {
$files | Sort-Object CreationTime | Select-Object -First ($files.Count - $keep) | Remove-Item -Force -WhatIf
}
#####################################
##$file2 = "c:\temp\GroupMembershipDetails_$((Get-Date).ToString('MM-dd-yyyy_hh-mm-ss')).csv"
#Powershell command to fetch all AD Users data, Columns can be added/ removed
#Get-ADUser -Properties * -filter *| select SamAccountName,CN,DisplayName,EmailAddress,MobilePhone,Department,City,Company,Enabled,ObjectClass,Created,msExchWhenMailboxCreated,Modified,LastLogonDate,LastBadPasswordAttempt,PasswordLastSet,PasswordNeverExpires,AccountExpirationDate,BadLogonCount,Manager,DistinguishedName,whenCreated | export-csv "$file1" -noTypeInformation
Get-ADGroupMember -Server "bbn.com" -Identity "G-SE-NTT-MFAEnable" -Recursive | get-aduser -Properties GivenName,Surname,Name,DisplayName,samaccountname,UserPrincipalName,mail,OfficePhone,telephoneNumber,Enabled | Select GivenName,Surname,Name,DisplayName,samaccountname,UserPrincipalName,mail,OfficePhone,telephoneNumber,Enabled | export-csv "$file1" -Notypeinformation
#Powershell command to fetch group memberships of each single user in AD
##Get-ADUser -Filter * -Properties SamAccountName,DisplayName,memberof | % { New-Object PSObject -Property @{ DomainID = $_.SamAccountName UserName = $_.DisplayName Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -join "," } } | Select DomainID,UserName,Groups | Export-Csv "$file2" -noTypeInformation
#Email related settings
$smtpServer = "smtp.bbn.com"
$att1 = new-object Net.Mail.Attachment($file1)
##$att2 = new-object Net.Mail.Attachment($file2)
$msg = new-object Net.Mail.MailMessage
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$msg.From = "AD-Reports@bbn.com"
$msg.To.Add("bbn@bbntech.com")
$msg.To.Add("bbn1@bbntech.com")
$msg.Subject = "List of Users from MFA Enabled Group"
$msg.Body = "Attached is the List of MFA Enabled users from the Group - G-SE-NTT-MFAEnable."
$msg.Attachments.Add($att1)
##$msg.Attachments.Add($att2)
$smtp.Send($msg)
$att1.Dispose()
##$att2.Dispose()
#### Keeps only 7 files and removes older files###
$path = "D:\bbn\MFA_Users"
$files = Get-ChildItem -Path $path -Recurse | Where-Object {-not $_.PsIsContainer}
$keep = 7
if ($files.Count -gt $keep) {
$files | Sort-Object CreationTime | Select-Object -First ($files.Count - $keep) | Remove-Item -Force
}
#Script ends here
Comments