Get-ADUser selected properties for get-ADGroupMember

This topic contains 6 replies, has 3 voices, and was last updated by Profile photo of Jeff Taylor Jeff Taylor 9 months, 2 weeks ago.

  • Author
    Posts
  • #35715
    Profile photo of Jeff Taylor
    Jeff Taylor
    Participant

    I have this working:

    get-adgroupmember -identity "mySecGroup" -server company.com -credential get-credential | ft samAccountName,GivenName,SN,DisplayName,objectGuid,Mail -wrap -autosize

    ...but it's not returning ALLthe attribs from the members (they may also be in multiple domains). Only a few.

    How do I get my specified properties?

    How about:

    get-adgroupmember -identity "mySecGroup" -server company.com -credential get-credential | Get-ADUser -Server company.com:3268 -Properties samAccountName,GivenName,SN,DisplayName,objectGuid,Mail | Export-Csv -Path C:\results.csv

  • #35716
    Profile photo of Wei-Yen Tan
    Wei-Yen Tan
    Participant

    You are close to the idea but you are missing a step. This should work.

    get-adgroupmember -identity "mySecGroup" -server company.com -credential get-credential |Select -ExpandProperty samaccountname | Get-Aduser  | Select samAccountName,GivenName,SN,DisplayName,objectGuid,Mail | Export-Csv -Path C:\results.csv
    

    Powershell doesn';t know how to interpret passing get-groupmember to Get-Aduser.
    Using Select -expandproperty samaccountname allows you to do that. It is what you need to add which will allow it to pass through to Get-Aduser. Basically it is extracting the samaccountnames from Get-Adgroupmember, turning them into text so you can push them to get-aduser.

    Hope that helps 🙂

  • #35727
    Profile photo of Aapeli Hietikko
    Aapeli Hietikko
    Participant

    You probably have your credentials in already and if you are ok to execute the task against current domain controller then you can shorten your script a bit

    get-adgroupmember -identity "mySecGroup" | Get-Aduser -properties displayname,emailaddress | Select samAccountName,GivenName,Surname,DisplayName,objectGuid,Emailaddress| Export-Csv -Path C:\results.csv
    

    or if you want to specify them, then go with the options you had (I didn't test them out)

    get-adgroupmember -identity "mySecGroup" -server company.com -credential get-credential | Get-Aduser -properties displayname,emailaddress | Select samAccountName,GivenName,Surname,DisplayName,objectGuid,Emailaddress| Export-Csv -Path C:\results.csv
    

    and if you have nested groups then you which you want to go through also then do a recursive search

    get-adgroupmember -identity "mySecGroup" -Recursive | Get-Aduser -properties displayname,emailaddress | Select samAccountName,GivenName,Surname,DisplayName,objectGuid,Emailaddress| Export-Csv -Path C:\results.csv
    
  • #35759
    Profile photo of Jeff Taylor
    Jeff Taylor
    Participant

    thanks Wei-Yen Tan

    ah yes expandProperty! I just went through that in the MVA course pointing out this very same point. Piping/extracting to a string..

    it works for the domain I....I have cross domain members so need to utilize a bit more logic and my global catalog query isn't working right now

  • #35779
    Profile photo of Jeff Taylor
    Jeff Taylor
    Participant

    The suggestions are working for users who are in the same domain as the domain queried via the -server parameter. I attempted same using the Global Catalog thus:

    -server company.com:3268

    ...but get this error: get-adgroupmember : The operation is not supported on Global Catalog port

    If get-adgroupmember is limited this way, how do I get my request for group members who are in cross child domains?

  • #35780
    Profile photo of Wei-Yen Tan
    Wei-Yen Tan
    Participant

    I did a bit of googling on the web . Technet had an discussion about this error and thanks to Dave Wyatt has provided and answer.'

    Hope it helps.

    https://social.technet.microsoft.com/Forums/office/en-US/fcdff102-e6a6-4bd6-928a-23f5bad50d60/getadgroupmember-limitations?forum=winserverpowershell

  • #35786
    Profile photo of Jeff Taylor
    Jeff Taylor
    Participant

    thanks again Wei-Yen Tan... Hope that get addressed in PS 5.

    This works best for cross domain members (hallelujah):

    get-adgroupmember -identity "MySecGroup" -server company.com | Get-ADUser -Server company.com:3268 -Properties samAccountName,GivenName,SN,DisplayName,objectGuid,Mail

You must be logged in to reply to this topic.