Solved

how to list members of active directory distribution list or the security list

Posted on 2014-10-20
19
226 Views
Last Modified: 2014-11-04
Hi there,
I am going to list all members of a distribution/security list. I have been searching for a script to do this task but I am so confused.
Could you please give me some hint how to retrieve this query?
Thanks
0
Comment
Question by:dongocdung
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
  • 2
  • +1
19 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40392845
For security groups this will work
import-module ac*
get-adgroupmember -Identity <groupname> | select name | Export-Csv c:\file.csv -NTI

Open in new window

0
 
LVL 7

Accepted Solution

by:
Thomas Wheeler earned 84 total points
ID: 40392972
And if the Group is in a separate OU you may want to use the Distinguished Name

 -Identity "CN=<groupname>,OU=europe,CN=users,DC=corp,DC=contoso,DC=com"

Open in new window


Here is a link to the docs http://technet.microsoft.com/en-us/library/ee617193.aspx
0
 

Author Comment

by:dongocdung
ID: 40394307
I have tried to do but it failed. I believe the the command i used is not correct.
a
d
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 3

Assisted Solution

by:Phil Bossman
Phil Bossman earned 167 total points
ID: 40396113
The error you see is related to the two sets of quotes.   To make it easier to see and read, move the group name out of the get.  This will also allow you to reuse the command



$GroupName = "_TeamAdamConsultants"
Get-ADComputer -Identity "CN=$($GroupName),OU=mail enabled groups,OU=groups,DC=NAME-dc02,DC=DOMAIN,DC=net" | Select Name | Export-Csv C:\File.csv -NoTypeInformation

Open in new window

0
 
LVL 7

Expert Comment

by:Thomas Wheeler
ID: 40396115
Ya should be "cn=_teamadamconsultants"
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 249 total points
ID: 40396129
I would just suggest doing a get-adgroup to get the group name and maybe use wildcard matching which just makes the process so much less painful :)

import-module ac*
$Groups = Get-ADGroup -Filter {Name -like "*partialgroupname*"} | select -expa name | % {
$gname = $_
get-adgroupmember -Identity $_ | select name | Export-Csv c:\$gname.csv -NTI
}

Open in new window

0
 

Author Comment

by:dongocdung
ID: 40397650
Phil,
I applied your command but I still got the error. my server name is name-dc02.namead.net

fg
bcraig,
I applied your command and I did not get any errors but I did not see any output files

Thanks,
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 249 total points
ID: 40397662
Can you run this and tell me if you get anything:
Get-ADGroup -Filter {Name -like "*TeamAdamConsultants*"} | select -expa name 

Open in new window

0
 
LVL 3

Assisted Solution

by:Phil Bossman
Phil Bossman earned 167 total points
ID: 40397739
The command you typed was incorrect.  You combined becraig's and my answer.

Get-ADComputer and Get-ADGroupMember are two different cmdlets.   The error messages will help.

$GroupName = "_TeamAdamConsultants"
Get-ADComputer -Identity "CN=$($GroupName),OU=mail enabled groups,OU=groups,DC=name-dc02,DC=namead,DC=net" | Select Name | Export-Csv C:\File.csv -NoTypeInformation

Open in new window

0
 
LVL 29

Expert Comment

by:becraig
ID: 40397748
Full script with correct name:

import-module ac*
$Groups = Get-ADGroup -Filter {Name -like "*_TeamAdamConsultants*"} | select -expa name | % {
$gname = $_
get-adgroupmember -Identity $gname | select name | Export-Csv c:\$gname.csv -NTI
}
            

Open in new window

0
 

Author Comment

by:dongocdung
ID: 40397766
i don't see any output file in C drive. Thanks,
0
 
LVL 29

Expert Comment

by:becraig
ID: 40397772
Let's try writing info to screen to be sure:
import-module ac*
$Groups = Get-ADGroup -Filter {Name -like "*_TeamAdamConsultants*"} | select -expa name | % {
$gname = $_
get-adgroupmember -Identity $gname | select name  | % {write-host $_ }
}

Open in new window

           

This should let us know if we are getting output.
0
 

Author Comment

by:dongocdung
ID: 40397788
What is this for? I run it but nothing happens.
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 249 total points
ID: 40397794
So this would let us know if any results were actually returned from the query:

import-module ac*
$Groups = Get-ADGroup -Filter {Name -like "*_TeamAdamConsultants*"} | select -expa name | % {
$gname = $_
write-host "Group Found $gname"
get-adgroupmember -Identity $gname | % {write-host $_ }
}
      

Open in new window

                                   

This will let us know if we both find the group and if we get any members and any values.
0
 

Author Comment

by:dongocdung
ID: 40397798
i don't see any results were returned from the query

hj
0
 
LVL 29

Expert Comment

by:becraig
ID: 40397820
Can you please save this as a ps1 script and run it.

Or just run:
Get-ADGroup -Identity _TeamAdamConsultants | select -expa name
get-adgroupmember -Identity _TeamAdamConsultants | % {write-host $_ }

Open in new window

0
 

Author Comment

by:dongocdung
ID: 40397834
i run the ps1 script and got this error

PS C:\> .\group.ps1
Get-ADGroup : Cannot find an object with identity: '_TeamAdamConsultants' under
: 'DC=NCMECAD,DC=NET'.
At C:\Group.ps1:1 char:12
+ Get-ADGroup <<<<  -Identity _TeamAdamConsultants | select -expa name
    + CategoryInfo          : ObjectNotFound: (_TeamAdamConsultants:ADGroup) [
   Get-ADGroup], ADIdentityNotFoundException
    + FullyQualifiedErrorId : Cannot find an object with identity: '_TeamAdamC
   onsultants' under: 'DC=NCMECAD,DC=NET'.,Microsoft.ActiveDirectory.Manageme
  nt.Commands.GetADGroup

Get-ADGroupMember : Cannot find an object with identity: '_TeamAdamConsultants'
 under: 'DC=NCMECAD,DC=NET'.
At C:\Group.ps1:2 char:18
+ get-adgroupmember <<<<  -Identity _TeamAdamConsultants | % {write-host $_ }
    + CategoryInfo          : ObjectNotFound: (_TeamAdamConsultants:ADGroup) [
   Get-ADGroupMember], ADIdentityNotFoundException
    + FullyQualifiedErrorId : Cannot find an object with identity: '_TeamAdamC
   onsultants' under: 'DC=NCMECAD,DC=NET'.,Microsoft.ActiveDirectory.Manageme
  nt.Commands.GetADGroupMember

I am leaving now. I will check it back tomorrow morning. Thanks,
0
 
LVL 29

Expert Comment

by:becraig
ID: 40397876
Actually taking a look this is just a mail distribution group correct ?

If so (egg on my face)
Get-DistributionGroup -Identity _TeamAdamConsultants  | Get-DistributionGroupMember | ft name, primarysmtpaddress >> c:\report.csv

Open in new window

0
 

Author Comment

by:dongocdung
ID: 40399161
I got error again

[PS] C:\ex2010sp3\scripts>Get-DistributionGroup -Identity _TeamAdamConsultants  | Get-DistributionGroupMember | ft name,
 primarysmtpaddress >> c:\report.csv
The operation couldn't be performed because object '_TeamAdamConsultants' couldn't be found on 'Name-DC02.nameAD.NET'
.
    + CategoryInfo          : NotSpecified: (:) [Get-DistributionGroup], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : 21A5DED5,Microsoft.Exchange.Management.RecipientTasks.GetDistributionGroup
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In previous parts of this Nano Server deployment series, we learned how to create, deploy and configure Nano Server as a Hyper-V host. In this part, we will look for a clustering option. We will create a Hyper-V cluster of 3 Nano Server host nodes w…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question