Solved

I need to find groups which have been nested within groups.

Posted on 2014-10-03
4
153 Views
Last Modified: 2014-10-06
Hi,

Been trawling the web and I've managed to find many useful scripts but not one to find what I need.

I need a script to be able to specify a domain and then export all the groups it finds that have been nested within other groups, not users. Just the groups.

Is there a simple solution to be able to achieve this?

Cheers.
0
Comment
Question by:tegenius
  • 2
  • 2
4 Comments
 
LVL 39

Expert Comment

by:footech
ID: 40359864
For just the local domain, you can use this:
Get-ADGroup -filter * | Get-ADGroupMember | Where {$_.ObjectClass -eq "group"}

Open in new window

If you want to query a different server in another domain, you would likely have to add the -server parameter to the AD commands.  If you needed to use different credentials as well, I'd probably create a new PSDrive with the appropriate parameters, then change location into that (shown below) and then run the above code.
New-PSDrive -Name "trust" -PSProvider ActiveDirectory -Root "" -Credential (Get-Credential) -Server "dc01.temptrust.com"
cd trust:

Open in new window

0
 

Author Comment

by:tegenius
ID: 40361564
Thanks for replying :) This just displays all the groups in the domain.

What I need is something that displays a tree of groups that have been added as members of other groups... i.e. below we can see group 3 is nested in group 1 and group 1 is nested in group 4.

Group 1
> Group 3
Group 2
Group 3
Group 4
> Group 1

Cheers.
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 40361601
No, it doesn't show all groups in the domain.  You didn't specify that you need some special format.  Rather than a tree, here's another way of looking at it.
Get-ADGroup -filter * | % { $parent = $_.name; Get-ADGroupMember $_ | Where {$_.ObjectClass -eq "group"} | Select @{n="Parent";e={$parent}},Name }

Open in new window

0
 

Author Closing Comment

by:tegenius
ID: 40363386
Perfect :) Just what I needed.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now