Author Posts

January 1, 2012 at 12:00 am

by sabeltiger81 at 2013-02-14 03:21:07

How can I list 5 security groups + members of the groups and the members of the nested group

I know I can use this: Get-ADGroupMember "CN=OU,DC=Domain,DC=COm" | Select-Object name
or I can put on the -recursive switch after the DN path.

But what if I wouls like to list 5 groups from the same DN path with Headline from the scanned SEC group + the nested group and the members of the nested group.?

It would be nice if it could be in an output format like .txt I know how to do that though, it's the other stuff I need help with.

EX:
"SEC-Group 1 I want to find the members in"
MEMBERS:
"Nested SEC-Group: | Piped Members of the nested SEC-group."

"SEC-Group 2 I want to find the members in"
MEMBERS:
"Nested SEC-Group: | Piped Members of the nested SEC-group."
Etc.

by coderaven at 2013-02-14 06:37:08

You have a few options here.

1. You can still use dsget and dsquery dos commands and in your dsget group use the -expand switch
2. In the past, the Quest AD cmdlets were best for this because they would get the nested members
3. NOW I would recommend that you use the updated ActiveDirectory module in the RSAT that comes with WIndows 8 and the Get-ADGroup includes the -Recursive switch

Does that answer your question?

by sabeltiger81 at 2013-02-14 07:05:37

I have tried this, which works great and I'm thinking about making a loop so it takes the groups and memberships one at a time, because the groupnames are static and won't change. Anyways When using the code I post here it shows the full DN path which looks ugly. How can I make it a clean output?
Import-Module ActiveDirectory
dsget group "CN=SEC-Group,OU=Sharepoint,OU=Groups,OU=FIRM,DC=FIRM,DC=COM" -members -expand
dsget group "CN=SEC-Group2,OU=Sharepoint,OU=Groups,OU=FIRM,DC=FIRM,DC=COM" -members -expand

I'll appreciate the help but I am kind of not so good at powershell.