Reputation: 3
Trying to Get a Nested List of Users in a Group in Active PowerShell Directory
I am trying to get a list of users in a group in an active directory. We have multiple domains. I want to run it from a central location that will poll each domain for each group. Also, I want it to display nested members as well.
Currently, I tried running this and it sort of worked when the machine was on the same domain as the domain I am polling. All members and nested members get displayed.
dsquery group -samid "group name" | dsget group -members -expand >c:\list.txt
"cn=username,ou=users,dc=domain1,dc=com"
But when I try to poll another domain there is no output.
dsquery group -samid "cn=group name,cn=users,dc=domain2,dc=com" | dsget group -members -expand >c:\list.txt
dsget failed: 'target object for this command' is missing
Then if I try it without the same id I get an output.
dsquery group "cn=group name,cn=users,dc=domain2,dc=com" | dsget group -members -expand >c:\list.txt
"CN=username2,OU=users,DC=domain2,DC=com"
"CN=S-1-5-21,CN=ForeignSecurityPrincipals,DC=domain1,DC=com"
"cn=group name,ou=users,dc=domain2,dc=com"
So I get ids and it is not showing the nested members.
What can I do to get it to resolve the correct nested members and non-sids? Also, how would I go about making it poll multiple group names in multiple domains? Or should I just separate it all out and do one at a time?
Thanks in advance!
Upvotes: 0
Views: 15542
Answers (2)
Reputation: 299
In all cases you need to query your result from a GC "using Global Catalog option"
- IF you have the SamID as an input use below:
dsquery group -samid "group's SamID" -gc | dsget group -memberof -expand
- BUT IF you have the DistinguishedName as an input use below:
dsget group "group's Distinguished Name" -gc | dsget group -memberof -expand
Upvotes: 0
Reputation: 72612
As far as I understand your question is partly answered in Listing users in ad group recursively with powershell script without CmdLets
But if you are working in W2K8R2 environement you can use Active-Directory module.
Import-Module activedirectory
Get-ADGroupMember groupName -Recursive
Upvotes: 4
Related Questions
- Unable to retrieve cross domain users with get-adgroupmember -recursive
- Get AD Group Members from AD using powershell
- How to find which of nested ad groups user belongs to
- Get-ADUser and issue with nested groups
- Listing members from multiple AD groups with Get-ADGroupMember
- List members from nested Azure AD group
- How to get users of a group in a group AD PowerShell
- Get-ADGroupMember from list
- Powershell & ActiveDirectory - trying to output users in a group and their membership
- Getting nested members of AD security group