Getting AD Group Membership ADSI using PowerShell

powershell adsi
Travis M picture Travis M · Jul 27, 2017 · Viewed 14k times · Source

I currently have ADSI code to get the groups a user is a part of:

$searcher = [adsisearcher]"(samaccountname=$env:USERNAME)"
$searcher.FindOne().Properties.memberof
$adgroups = $User -Replace '^cn=([^,]+).+$', '$1'

However, i am wanting to be able to choose a group and see its members. I currently have this code to get their DN and path.

$Group = [ADSI]"LDAP://cn=Test,cn=Test,dc=some,dc=domain,dc=net"
$Members = $Group.Member | ForEach-Object {[ADSI]"LDAP://$_"}

I am wanting to get other attributes if possible (name, etc.). Any help would be appreciated as i have been trying for a bit.

Answer

BenH picture BenH · Jul 27, 2017

You already have both pieces, the first piece is finding the users in the group, the second piece is using the searcher to get properties for the users. Just use distinguishedname as the [adsisearcher] filter.

$Group = [ADSI]"LDAP://cn=Test,cn=Test,dc=some,dc=domain,dc=net"
$Group.Member | ForEach-Object {
    $Searcher = [adsisearcher]"(distinguishedname=$_)"
    $searcher.FindOne().Properties
}

Related questions

Get All local members and groups displayed together

So far I have the below script that works like a charm but that only list the members of the group "Administrators". As my servers might be german, french ... I have no guarantee that such group will exist with the …

Read More
Create local user with PowerShell (Windows Vista)

I've installed PowerShell recently and one of the first things I started looking for was how to create a new user. After looking for some time I still haven't found this. I have a little experience in bash on linux …

Read More
Setting "Log on as a service" and "Allow logon locally" with ADSI

I am trying to create a powershell script to automate user creation which is working great using ADSI. However I need to set the following properties and I am not sure how (or if ADSI can even do this): Log …

Read More