Home > Software engineering >  How to get-adgroup members by their Name or SamAccountName
How to get-adgroup members by their Name or SamAccountName

Time:02-10

i would like to extract members from an AD Group that contains Members and security group.

Example, Group_A:
User1
User2
User3
Group_B

When I run my script, it shows:

CN=User1,OU=Users,DC=Contoso,DC=com CN=User2,OU=Users,DC=Contoso,DC=com CN=User3,OU=Users,DC=Contoso,DC=com CN=Group_B,OU=Users,DC=Contoso,DC=com

Is there another way to show their Name and/or SamAccountname?

$Groups = 
@"
GroupNames;
Group_A
"@ | ConvertFrom-Csv -Delimiter ';'



$ADGroups = 
Foreach ($Group in $Groups){ 
Get-ADGroup $Group.GroupNames -Server contoso.com -Properties Members }

$ADGroups.Members

CodePudding user response:

As the other helpful answers show, if you want to play safe, you can use Get-ADGroupMember to get the group membership, this would also be useful because you would be able to distinguish the ObjectClass of each member.

You could also do string manipulation over the elements (distinguishedName) of the member attribute of the AD Group by following this Q&A.

If the members of the group are on different Domains, this should work however it would be quite slow most likely.

foreach($group in $groups) {
    $membership = Get-ADGroup $Group -Properties Member
    $membership.Member | Group-Object { ($_ -split '(?=DC=)',2)[1] } |
    ForEach-Object {
        [adsi]$ldap = 'LDAP://{0}' -f $_.Name
        [string]$domain = $ldap.Name

        foreach($member in $_.Group) {
            $obj = Get-ADObject $member -Server $domain
            [pscustomobject]@{
                MemberOf       = $membership.Name
                Domain         = $domain
                SamAccountName = $obj.SamAccountName
                ObjectClass    = $obj.ObjectClass
            }
        }
    }
}

CodePudding user response:

Get-ADGroupMember has two parameters you can use for that. samaccountname, and name.

Simply do the following:

Get-ADGroupMember -identity $ADGroup | select-object SamAccountName, Name

Or in your code snippet:

Foreach ($group in $groups) {
Get-AdGroup -identity $group | select-object Samaccountname, Name }

Of course you could add:

Get-AdGroup -identity $group | select-object Samaccountname, Name | export-csv C:\mypath\report.csv

CodePudding user response:

You could run a query against the returned values using Get-ADObject since it accepts DistinguishedNames as a value and isn't limited by object class:

foreach ($Group in $Groups)
{ 
    (Get-ADGroup $Group.GroupNames -Server contoso.com -Properties Members).Members | 
        ForEach-Object -Process {
            Get-ADObject -Identity $_ -Properties DisplayName | Select-Object -Property DisplayName
        }     
}

...or, you can split the results at the desired entry:

foreach ($Group in $Groups)
{ 
    (Get-ADGroup $Group.GroupNames -Server contoso.com -Properties Members).Members | 
        ForEach-Object -Process {
            $_.Split(',',2).Split("=")[1]
        }     
}

Disclaimer: I don't have the AD Module installed on my system so I can't confirm if this is all that is needed.

CodePudding user response:

The easiest way would be to expand the members property and in Get-ADGroup and then pipe it to Get-ADUser

$adUsers = Foreach ($Group in $Groups) {
    Get-ADGroup $Group.GroupNames -Server contoso.com -Properties Members | Select-Object -ExpandProperty Members | Get-aduser
}

Page link:https//www.codepudding.com/Softwareengineering/295282.html

Prev:How do I add 1 to a variable each time it replaces a specific string
Next:Powershell- how to get a one-line command to find a string and replace it by adding 2 new lines
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding