top of page
Search

🔍 PowerShell Script to Fetch AD User Group Details by Employee ID & Email the Excel Report



PowerShell Script to Fetch AD User Group Details by Employee ID & Email the Excel Report

PowerShell Script to Fetch AD User Group Details by Employee ID & Email the Excel Report


💡 Introduction


In a busy IT environment, admins often need to quickly check which Active Directory (AD) groups an employee belongs to—whether for access troubleshooting, audit, or onboarding/offboarding. This guide provides a ready-to-run PowerShell Script to Fetch AD User Group Details by Employee ID & Email the Excel Report. Below is the stepwise process:

  • Reads Employee IDs from C:\EMP_ID\Empids.txt

  • Finds each user’s sAMAccountName in the domain

  • Retrieves their group memberships

  • Exports Group Name, Type of Group (Security/Distribution), and Group sAMAccountName to Excel

  • Marks any ID not found as “EMP ID not found in the Domain”

  • Emails the Excel file to the specified TO and CC recipients automatically ✉️


📋 Prerequisites


  • Windows PowerShell 5.1 (or PowerShell 7+ with Windows Compatibility features)

  • Active Directory module (RSAT: Active Directory tools)

  • ImportExcel module (Install-Module ImportExcel)

  • SMTP server reachable from the machine (and credentials if required)

  • Permissions to read AD user and group attributes

  • File with Employee IDs at: C:\EMP_ID\Empids.txt


🧾 Input File Format (C:\EMP_ID\Empids.txt)

One Employee ID per line, for example:


🛠️ What the Script Does

  1. Loads AD and ImportExcel modules.

  2. Reads each EmployeeID from the text file.

  3. Searches AD for a user where employeeID -eq <value>.

  4. If found:

    • Captures sAMAccountName

    • Enumerates memberOf (group DNs) → resolves to Group Name, Group Category (Security/Distribution), and Group sAMAccountName

    • Adds a row per group

  5. If not found:

    • Adds a single row with “EMP ID not found in the Domain”

  6. Exports everything to a neat Excel (.xlsx) file

  7. Email the report to TO and CC via your SMTP server


▶️ How to Use

  1. Ensure C:\EMP_ID\Empids.txt exists with one ID per line.

  2. Update the SMTP settings and From/To/Cc addresses in the script.

  3. Save the script as Get-ADUserGroupsAndEmail.ps1.

  4. Run PowerShell as Administrator and execute the script.

  5. Check your mailbox for the report 📬


⚠️ Disclaimer

This script is provided as-is without any guarantees. Always test in a non-production environment before deployment. Verify permissions, module availability, and SMTP settings to avoid disruptions. Use with caution and adapt as per your organisation’s policies.

💻 Script (Complete Script)



📥 Download the Script


The full script named "Get-ADUserGroupsAndEmail.ps1" is included in the zip file "Get-ADUserGroupsAndEmail.zip". You can download it, unzip it, and use it.


✅ Conclusion

This script gives you a repeatable, auditable way to translate employee IDs into clear AD group membership reports—delivered straight to your inbox. It’s fast, accurate, and perfect for access reviews, ticket resolution, and compliance. 🚀



bottom of page