Change from Get-ADGroupMember to [adsisearcher]

This topic contains 2 replies, has 3 voices, and was last updated by Profile photo of Max Kozlov Max Kozlov 1 year, 9 months ago.

  • Author
    Posts
  • #29057
    Profile photo of Arestas
    Arestas
    Participant

    Hello there,

    Does anyone know how can i get the equivalent to this

    Get-ADGroupMember -identity "$group" -Recursive |Where-Object ObjectClass -EQ user| select SamAccountname -ExpandProperty SamAccountname

    But using [adsisearcher] ?

  • #29067
    Profile photo of Richard Siddaway
    Richard Siddaway
    Moderator

    I don't think you can do that directly. You'd have to get all of the top group members then write a recursive function to test if any of them are groups and get their members.

    Its possible but messy

    Is there a reason you can't use Get-ADGroupMember

    I covered this way back in PowerShell in Practice but the code looks something like this

    ## PowerShell in Practice
    ## by Richard Siddaway
    ##################################
    
    ## get group membership
    ##################################
    $group = [ADSI]"LDAP://cn=UKPMs,ou=All Groups,dc=manticore,dc=org"
    $group.member | Sort-Object
    
    
    ## Listing 5.25
    ## Get nested group membership
    #################################
    function resolve-group{
    param ($group)
    	foreach ($member in $group.member){
    		$obj = [ADSI]("LDAP://" + $member)
    		$global:members += $obj.distinguishedname
    		if ($obj.objectclass[1] -eq 'group'){resolve-group $obj}
    	}
    }
    
    $global:members = @()
    $group = [ADSI]"LDAP://cn=International,ou=All Groups,dc=manticore,dc=org"
    resolve-group $group
    $global:members | Sort-Object -Unique
    
  • #29148
    Profile photo of Max Kozlov
    Max Kozlov
    Participant

    It's possible

    #Find all (include indirect) members of TestGroup1
    $ds = New-Object System.DirectoryServices.DirectorySearcher
    $gdn='CN=TestGroup1,OU=TEST,OU=ROOTOU,DC=corp,DC=domain,DC=com'
    $ds.Filter = "(memberOf:1.2.840.113556.1.4.1941:=$gdn)"
    $ds.FindAll()
    

You must be logged in to reply to this topic.