Active Directory Group Membership Report

This PowerShell script generates a report of user memberships for specified Active Directory groups. It is essential for system administrators to regularly monitor group memberships to ensure appropriate access controls and security policies are enforced. By integrating this report with ServerEngine, organizations can streamline their user management processes and enhance overall security posture by keeping group memberships in check.

param (
    [string[]]$groupNames = @("Domain Admins", "Enterprise Admins"),
    [string]$outputFilePath = "C:\ADGroupMembershipReport.csv"
)
# Initialize an array to store group membership details
$groupMembershipReport = @()
foreach ($group in $groupNames) {
    # Get the group object
    $adGroup = Get-ADGroup -Identity $group -ErrorAction SilentlyContinue
    if ($adGroup) {
        # Get the members of the group
        $members = Get-ADGroupMember -Identity $adGroup | Select-Object Name, SamAccountName, ObjectClass
        foreach ($member in $members) {
            $groupMembershipReport += [PSCustomObject]@{
                GroupName = $group
                MemberName = $member.Name
                SamAccountName = $member.SamAccountName
                ObjectClass = $member.ObjectClass
            }
        }
    } else {
        Write-Output "Group '$group' not found in Active Directory."
    }
}
# Export the group membership report to a CSV file
$groupMembershipReport | Export-Csv -Path $outputFilePath -NoTypeInformation
Write-Output "Active Directory group membership report has been saved to $outputFilePath."