Reputation: 185
Get-ADUser and issue with nested groups
When I run the command below on a nested group, I get the error below.
$properties = 'SamAccountName','GivenName'
(Get-ADGroup -identity $group -properties members).members | Get-ADUser -property $properties | select-object $properties
The setup is such that $group is a parent of all other groups, for example $group = 'All_USA', there are other groups all under $group such as NY_Group and TX_Group to name a few.
Get-ADUSer cannot find object with identity 'CN=DG NY_Group,OU=Messaging...
This issue only happens where the group is a parent group which has other child groups inside it.
Upvotes: 1
Views: 792
Answers (1)
Reputation: 61208
The members from Get-ADGroup can also be other groups or computer objects, not only users.
Try
Get-ADGroupMember -Identity $group -Recursive |
Where-Object { $_.objectClass -eq 'user' } |
Get-ADUser |
Select-Object SamAccountName, GivenName
You may want to add switch -Unique to the Select-Object cmdlet so you don't listy users that were found in nested groups aswell.
'SamAccountName' and 'GivenName' properties are returned by default with Get-ADUser
Upvotes: 1
Related Questions
- powershell get-adgroups returns wrong result
- Combine Get-ADGroup and Get-ADUser Results
- Issue in accessing member details of groups in ADUser
- Using Get-ADGroup & Get-Groupmember when in multiple Groups
- Get-AdGroupMember -recursive does not return groups when also returning users
- PowerShell Script Not Working As Intended When Getting AD Groups
- Get-ADUser within a specific AD group
- Getting nested group members via Get-ADObject
- Powershell not returning expected groups
- Trying to Get a Nested List of Users in a Group in Active PowerShell Directory