?
Solved

how to list members of active directory distribution list or the security list

Posted on 2014-10-20
19
Medium Priority
?
229 Views
Last Modified: 2014-11-04
Hi there,
I am going to list all members of a distribution/security list. I have been searching for a script to do this task but I am so confused.
Could you please give me some hint how to retrieve this query?
Thanks
0
Comment
Question by:dongocdung
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
  • 2
  • +1
19 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40392845
For security groups this will work
import-module ac*
get-adgroupmember -Identity <groupname> | select name | Export-Csv c:\file.csv -NTI

Open in new window

0
 
LVL 7

Accepted Solution

by:
Thomas Wheeler earned 252 total points
ID: 40392972
And if the Group is in a separate OU you may want to use the Distinguished Name

 -Identity "CN=<groupname>,OU=europe,CN=users,DC=corp,DC=contoso,DC=com"

Open in new window


Here is a link to the docs http://technet.microsoft.com/en-us/library/ee617193.aspx
0
 

Author Comment

by:dongocdung
ID: 40394307
I have tried to do but it failed. I believe the the command i used is not correct.
a
d
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 3

Assisted Solution

by:Phil Bossman
Phil Bossman earned 501 total points
ID: 40396113
The error you see is related to the two sets of quotes.   To make it easier to see and read, move the group name out of the get.  This will also allow you to reuse the command



$GroupName = "_TeamAdamConsultants"
Get-ADComputer -Identity "CN=$($GroupName),OU=mail enabled groups,OU=groups,DC=NAME-dc02,DC=DOMAIN,DC=net" | Select Name | Export-Csv C:\File.csv -NoTypeInformation

Open in new window

0
 
LVL 7

Expert Comment

by:Thomas Wheeler
ID: 40396115
Ya should be "cn=_teamadamconsultants"
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 747 total points
ID: 40396129
I would just suggest doing a get-adgroup to get the group name and maybe use wildcard matching which just makes the process so much less painful :)

import-module ac*
$Groups = Get-ADGroup -Filter {Name -like "*partialgroupname*"} | select -expa name | % {
$gname = $_
get-adgroupmember -Identity $_ | select name | Export-Csv c:\$gname.csv -NTI
}

Open in new window

0
 

Author Comment

by:dongocdung
ID: 40397650
Phil,
I applied your command but I still got the error. my server name is name-dc02.namead.net

fg
bcraig,
I applied your command and I did not get any errors but I did not see any output files

Thanks,
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 747 total points
ID: 40397662
Can you run this and tell me if you get anything:
Get-ADGroup -Filter {Name -like "*TeamAdamConsultants*"} | select -expa name 

Open in new window

0
 
LVL 3

Assisted Solution

by:Phil Bossman
Phil Bossman earned 501 total points
ID: 40397739
The command you typed was incorrect.  You combined becraig's and my answer.

Get-ADComputer and Get-ADGroupMember are two different cmdlets.   The error messages will help.

$GroupName = "_TeamAdamConsultants"
Get-ADComputer -Identity "CN=$($GroupName),OU=mail enabled groups,OU=groups,DC=name-dc02,DC=namead,DC=net" | Select Name | Export-Csv C:\File.csv -NoTypeInformation

Open in new window

0
 
LVL 29

Expert Comment

by:becraig
ID: 40397748
Full script with correct name:

import-module ac*
$Groups = Get-ADGroup -Filter {Name -like "*_TeamAdamConsultants*"} | select -expa name | % {
$gname = $_
get-adgroupmember -Identity $gname | select name | Export-Csv c:\$gname.csv -NTI
}
            

Open in new window

0
 

Author Comment

by:dongocdung
ID: 40397766
i don't see any output file in C drive. Thanks,
0
 
LVL 29

Expert Comment

by:becraig
ID: 40397772
Let's try writing info to screen to be sure:
import-module ac*
$Groups = Get-ADGroup -Filter {Name -like "*_TeamAdamConsultants*"} | select -expa name | % {
$gname = $_
get-adgroupmember -Identity $gname | select name  | % {write-host $_ }
}

Open in new window

           

This should let us know if we are getting output.
0
 

Author Comment

by:dongocdung
ID: 40397788
What is this for? I run it but nothing happens.
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 747 total points
ID: 40397794
So this would let us know if any results were actually returned from the query:

import-module ac*
$Groups = Get-ADGroup -Filter {Name -like "*_TeamAdamConsultants*"} | select -expa name | % {
$gname = $_
write-host "Group Found $gname"
get-adgroupmember -Identity $gname | % {write-host $_ }
}
      

Open in new window

                                   

This will let us know if we both find the group and if we get any members and any values.
0
 

Author Comment

by:dongocdung
ID: 40397798
i don't see any results were returned from the query

hj
0
 
LVL 29

Expert Comment

by:becraig
ID: 40397820
Can you please save this as a ps1 script and run it.

Or just run:
Get-ADGroup -Identity _TeamAdamConsultants | select -expa name
get-adgroupmember -Identity _TeamAdamConsultants | % {write-host $_ }

Open in new window

0
 

Author Comment

by:dongocdung
ID: 40397834
i run the ps1 script and got this error

PS C:\> .\group.ps1
Get-ADGroup : Cannot find an object with identity: '_TeamAdamConsultants' under
: 'DC=NCMECAD,DC=NET'.
At C:\Group.ps1:1 char:12
+ Get-ADGroup <<<<  -Identity _TeamAdamConsultants | select -expa name
    + CategoryInfo          : ObjectNotFound: (_TeamAdamConsultants:ADGroup) [
   Get-ADGroup], ADIdentityNotFoundException
    + FullyQualifiedErrorId : Cannot find an object with identity: '_TeamAdamC
   onsultants' under: 'DC=NCMECAD,DC=NET'.,Microsoft.ActiveDirectory.Manageme
  nt.Commands.GetADGroup

Get-ADGroupMember : Cannot find an object with identity: '_TeamAdamConsultants'
 under: 'DC=NCMECAD,DC=NET'.
At C:\Group.ps1:2 char:18
+ get-adgroupmember <<<<  -Identity _TeamAdamConsultants | % {write-host $_ }
    + CategoryInfo          : ObjectNotFound: (_TeamAdamConsultants:ADGroup) [
   Get-ADGroupMember], ADIdentityNotFoundException
    + FullyQualifiedErrorId : Cannot find an object with identity: '_TeamAdamC
   onsultants' under: 'DC=NCMECAD,DC=NET'.,Microsoft.ActiveDirectory.Manageme
  nt.Commands.GetADGroupMember

I am leaving now. I will check it back tomorrow morning. Thanks,
0
 
LVL 29

Expert Comment

by:becraig
ID: 40397876
Actually taking a look this is just a mail distribution group correct ?

If so (egg on my face)
Get-DistributionGroup -Identity _TeamAdamConsultants  | Get-DistributionGroupMember | ft name, primarysmtpaddress >> c:\report.csv

Open in new window

0
 

Author Comment

by:dongocdung
ID: 40399161
I got error again

[PS] C:\ex2010sp3\scripts>Get-DistributionGroup -Identity _TeamAdamConsultants  | Get-DistributionGroupMember | ft name,
 primarysmtpaddress >> c:\report.csv
The operation couldn't be performed because object '_TeamAdamConsultants' couldn't be found on 'Name-DC02.nameAD.NET'
.
    + CategoryInfo          : NotSpecified: (:) [Get-DistributionGroup], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : 21A5DED5,Microsoft.Exchange.Management.RecipientTasks.GetDistributionGroup
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question