The reason you cannot enumerate all ‘Domain Users’ members is due to size restrictions of the PowerShell commands, and the fact that Domain Users is a default group, so you need to get ALL the users, with their groups, plus the PrimaryGroup (which is the Domain Iusers group), export them in columns, to then later sort the results in Excel.
I know it’s a pain, but that is the ONLY way without using third party tools, until Microsoft steps up their game…
Good luck all you corporations with hundreds of thousands; I made it go as fast as possible, short of pre-fetching data.
'Get-AllUserGroups.ps1'
$day = Get-Date -Format "yyyyMMdd"
rm -force "D:\powershell\Reports\$day-AllUsersGroupsReport-withPrimary.csv"
Set-location D:\\PowerShell
Set-ExecutionPolicy Bypass CurrentUser -Force
Get-ExecutionPolicy CurrentUser
#Make sure the TLS goes on EVERY script!!!
# First, ensure TLS 1.2 for PowerShell gallery access.
[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12
$users = Get-ADUser -filter * -Properties SamAccountName, DisplayName, MemberOf, SID, primaryGroupID
$users.count
#(Read-Host -Prompt "What user do you want to check ALL groups for?")
ForEach ($user in $users) {
$userGroups = $user.memberof | Get-ADGroup | Select -ExpandProperty Name
$primaryGroup = Get-ADGroup -LDAPFilter ("(objectSID=" + $user.SID.Value.Substring(0,$user.SID.Value.LastIndexOf("-")) + "-" + $user.primaryGroupID + ")")
$userGroups += $primaryGroup.Name
New-Object PSObject -Property @{
UserName = $user.DisplayName
oSamAccountname= $user.SamAccountname
UserSID = $user.SID
Groups = $userGroups -join ","
} | Select oSamAccountname,UserName,UserSID,Groups | Export-Csv -Path "D:\powershell\Reports\$day-AllUsersGroupsReport-withPrimary.csv" -NoTypeInformation -Append
}