28 Jun 2012 @ 1:43 PM
Last week a fellow Dutch IT Pro named Kees Baggerman mentioned something about the ability to use PowerShell to report all members of the Domain Admins in an Active Directory.
So just for the fun of it I started to script… but instead of reporting for the members of a specific group I’ve written a function you can use to get the users from ANY group you specify… I hope you find it useful!
<#
.Synopsis
Get all (nested) members of an Active Directory Group.
.DESCRIPTION
Get all (nested) members of an Active Directory Group.
.EXAMPLE
Get-ADNestedGroupMembers "Domain Admins"
.EXAMPLE
Get-ADNestedGroupMembers "Domain Admins" | Select-Object DistinguishedName
#>
function Get-ADNestedGroupMembers {
[cmdletbinding()]
param ( [String] $Group )
Import-Module ActiveDirectory
$Members = Get-ADGroupMember -Identity $Group
$members | % {
if($_.ObjectClass -eq "group") {
Get-ADNestedGroupMembers -Group $_.distinguishedName
} else {
return $_
}
}
}
And based on the comment below from Robert Martin, here’s a more elegant version:
<#
.Synopsis
Get all (nested) members of an Active Directory Group.
.DESCRIPTION
Get all (nested) members of an Active Directory Group.
.EXAMPLE
Get-ADNestedGroupMembers "Domain Admins"
.EXAMPLE
Get-ADNestedGroupMembers "Domain Admins" | Select-Object DistinguishedName
#>
function Get-ADNestedGroupMembers {
[cmdletbinding()]
param ( [String] $Group )
Import-Module ActiveDirectory
$Members = Get-ADGroupMember -Identity $Group -Recursive
$members
}
Categories: Active Directory, PowerShell
Previous 
Next -
Robert Martin
-
http://www.jeffwouters.nl Jeff Wouters
-
Pat Richard
-
http://www.jeffwouters.nl Jeff Wouters
Categories
Tag Cloud
Blog RSS
Comments RSS
Last 50 Posts
Back
Void 
Life 
Earth 
Wind 
Water 
Fire