Solved

how to list members of active directory distribution list or the security list

Posted on 2014-10-20
19
227 Views
Last Modified: 2014-11-04
Hi there,
I am going to list all members of a distribution/security list. I have been searching for a script to do this task but I am so confused.
Could you please give me some hint how to retrieve this query?
Thanks
0
Comment
Question by:dongocdung
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
  • 2
  • +1
19 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40392845
For security groups this will work
import-module ac*
get-adgroupmember -Identity <groupname> | select name | Export-Csv c:\file.csv -NTI

Open in new window

0
 
LVL 7

Accepted Solution

by:
Thomas Wheeler earned 84 total points
ID: 40392972
And if the Group is in a separate OU you may want to use the Distinguished Name

 -Identity "CN=<groupname>,OU=europe,CN=users,DC=corp,DC=contoso,DC=com"

Open in new window


Here is a link to the docs http://technet.microsoft.com/en-us/library/ee617193.aspx
0
 

Author Comment

by:dongocdung
ID: 40394307
I have tried to do but it failed. I believe the the command i used is not correct.
a
d
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 3

Assisted Solution

by:Phil Bossman
Phil Bossman earned 167 total points
ID: 40396113
The error you see is related to the two sets of quotes.   To make it easier to see and read, move the group name out of the get.  This will also allow you to reuse the command



$GroupName = "_TeamAdamConsultants"
Get-ADComputer -Identity "CN=$($GroupName),OU=mail enabled groups,OU=groups,DC=NAME-dc02,DC=DOMAIN,DC=net" | Select Name | Export-Csv C:\File.csv -NoTypeInformation

Open in new window

0
 
LVL 7

Expert Comment

by:Thomas Wheeler
ID: 40396115
Ya should be "cn=_teamadamconsultants"
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 249 total points
ID: 40396129
I would just suggest doing a get-adgroup to get the group name and maybe use wildcard matching which just makes the process so much less painful :)

import-module ac*
$Groups = Get-ADGroup -Filter {Name -like "*partialgroupname*"} | select -expa name | % {
$gname = $_
get-adgroupmember -Identity $_ | select name | Export-Csv c:\$gname.csv -NTI
}

Open in new window

0
 

Author Comment

by:dongocdung
ID: 40397650
Phil,
I applied your command but I still got the error. my server name is name-dc02.namead.net

fg
bcraig,
I applied your command and I did not get any errors but I did not see any output files

Thanks,
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 249 total points
ID: 40397662
Can you run this and tell me if you get anything:
Get-ADGroup -Filter {Name -like "*TeamAdamConsultants*"} | select -expa name 

Open in new window

0
 
LVL 3

Assisted Solution

by:Phil Bossman
Phil Bossman earned 167 total points
ID: 40397739
The command you typed was incorrect.  You combined becraig's and my answer.

Get-ADComputer and Get-ADGroupMember are two different cmdlets.   The error messages will help.

$GroupName = "_TeamAdamConsultants"
Get-ADComputer -Identity "CN=$($GroupName),OU=mail enabled groups,OU=groups,DC=name-dc02,DC=namead,DC=net" | Select Name | Export-Csv C:\File.csv -NoTypeInformation

Open in new window

0
 
LVL 29

Expert Comment

by:becraig
ID: 40397748
Full script with correct name:

import-module ac*
$Groups = Get-ADGroup -Filter {Name -like "*_TeamAdamConsultants*"} | select -expa name | % {
$gname = $_
get-adgroupmember -Identity $gname | select name | Export-Csv c:\$gname.csv -NTI
}
            

Open in new window

0
 

Author Comment

by:dongocdung
ID: 40397766
i don't see any output file in C drive. Thanks,
0
 
LVL 29

Expert Comment

by:becraig
ID: 40397772
Let's try writing info to screen to be sure:
import-module ac*
$Groups = Get-ADGroup -Filter {Name -like "*_TeamAdamConsultants*"} | select -expa name | % {
$gname = $_
get-adgroupmember -Identity $gname | select name  | % {write-host $_ }
}

Open in new window

           

This should let us know if we are getting output.
0
 

Author Comment

by:dongocdung
ID: 40397788
What is this for? I run it but nothing happens.
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 249 total points
ID: 40397794
So this would let us know if any results were actually returned from the query:

import-module ac*
$Groups = Get-ADGroup -Filter {Name -like "*_TeamAdamConsultants*"} | select -expa name | % {
$gname = $_
write-host "Group Found $gname"
get-adgroupmember -Identity $gname | % {write-host $_ }
}
      

Open in new window

                                   

This will let us know if we both find the group and if we get any members and any values.
0
 

Author Comment

by:dongocdung
ID: 40397798
i don't see any results were returned from the query

hj
0
 
LVL 29

Expert Comment

by:becraig
ID: 40397820
Can you please save this as a ps1 script and run it.

Or just run:
Get-ADGroup -Identity _TeamAdamConsultants | select -expa name
get-adgroupmember -Identity _TeamAdamConsultants | % {write-host $_ }

Open in new window

0
 

Author Comment

by:dongocdung
ID: 40397834
i run the ps1 script and got this error

PS C:\> .\group.ps1
Get-ADGroup : Cannot find an object with identity: '_TeamAdamConsultants' under
: 'DC=NCMECAD,DC=NET'.
At C:\Group.ps1:1 char:12
+ Get-ADGroup <<<<  -Identity _TeamAdamConsultants | select -expa name
    + CategoryInfo          : ObjectNotFound: (_TeamAdamConsultants:ADGroup) [
   Get-ADGroup], ADIdentityNotFoundException
    + FullyQualifiedErrorId : Cannot find an object with identity: '_TeamAdamC
   onsultants' under: 'DC=NCMECAD,DC=NET'.,Microsoft.ActiveDirectory.Manageme
  nt.Commands.GetADGroup

Get-ADGroupMember : Cannot find an object with identity: '_TeamAdamConsultants'
 under: 'DC=NCMECAD,DC=NET'.
At C:\Group.ps1:2 char:18
+ get-adgroupmember <<<<  -Identity _TeamAdamConsultants | % {write-host $_ }
    + CategoryInfo          : ObjectNotFound: (_TeamAdamConsultants:ADGroup) [
   Get-ADGroupMember], ADIdentityNotFoundException
    + FullyQualifiedErrorId : Cannot find an object with identity: '_TeamAdamC
   onsultants' under: 'DC=NCMECAD,DC=NET'.,Microsoft.ActiveDirectory.Manageme
  nt.Commands.GetADGroupMember

I am leaving now. I will check it back tomorrow morning. Thanks,
0
 
LVL 29

Expert Comment

by:becraig
ID: 40397876
Actually taking a look this is just a mail distribution group correct ?

If so (egg on my face)
Get-DistributionGroup -Identity _TeamAdamConsultants  | Get-DistributionGroupMember | ft name, primarysmtpaddress >> c:\report.csv

Open in new window

0
 

Author Comment

by:dongocdung
ID: 40399161
I got error again

[PS] C:\ex2010sp3\scripts>Get-DistributionGroup -Identity _TeamAdamConsultants  | Get-DistributionGroupMember | ft name,
 primarysmtpaddress >> c:\report.csv
The operation couldn't be performed because object '_TeamAdamConsultants' couldn't be found on 'Name-DC02.nameAD.NET'
.
    + CategoryInfo          : NotSpecified: (:) [Get-DistributionGroup], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : 21A5DED5,Microsoft.Exchange.Management.RecipientTasks.GetDistributionGroup
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Here's a look at newsworthy articles and community happenings during the last month.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question