Nelson Figueroa
Reputation: 13
Get AD Group Members - exclude computers
I have security groups with users and computers. I want to list ONLY the users within the security groups. I am getting the list of users but also getting an error for each computer in the security group:
Get-ADUser : Cannot find an object with identity: 'CN="*
The script I am using is below:
$GroupName = Read-Host -Prompt 'Enter the Group Name'
Get-ADGroupMember -Identity $GroupName -Recursive |
Get-ADUser -Properties Name,Mail,Title,Department | Sort-Object Department,Title,Name | Format-Table Name,Mail,Title,Department -AutoSize
Upvotes: 1
Views: 141
Answers (1)
Santiago Squarzon
Reputation: 60060
Instead of using Get-ADGroupMember use Get-ADUser with a filter to find, recursively, all members of the group:
$GroupName = Read-Host -Prompt 'Enter the Group Name'
$groupDn = (Get-ADGroup -Identity $GroupName).DistinguishedName
$getADUserSplat = @{
LDAPFilter = "(memberOf:1.2.840.113556.1.4.1941:=$groupDn)"
Properties = 'Name', 'Mail', 'Title', 'Department'
}
Get-ADUser @getADUserSplat |
Sort-Object Department, Title, Name |
Format-Table Name, Mail, Title, Department -AutoSize
See also Active Directory: LDAP Syntax Filters for details on LDAP_MATCHING_RULE_IN_CHAIN (1.2.840.113556.1.4.1941).
Upvotes: 1
Related Questions
- ADD-ADGroupMember at Random in 4 Groups from list of computers, with no repeats/duplicates between 4 groups
- Listing members from multiple AD groups with Get-ADGroupMember
- Add OU of users / computers to a security group
- Get-adgroupmember and Displaying nested group name and its members in and exported to CSV file
- Script to add users of particular AD OU to another AD group
- PowerShell: Nested powershell command to add users to group
- set ad user title to group name
- Server 2012 Powershell Check Members of a Group
- Powershell function to add users to AD group from CSV