Solved

Retrieve Nested Group Members (Cross Domain) from a List of Groups

Posted on 2016-08-05
4
163 Views
Last Modified: 2016-08-10
Hello powershell gurus,

I am trying to retrieve group members (members are spread across multiple domains) and to retrieve it recursively (because there are nested groups within) from a list of groups (txt file) then and to enumerate the user members with their respective attributes (DN, parent group they are a memberof, objectclass, samaccountname and useraccountcontrol). I have the code below but for some reason when the member of the group or the nested member of the group is in another domain, it fails stating it can't be resolved. Can someone please shed some light?

Thank you!

$groups = Get-Content c:\temp\domain1grouplist.txt

$results = foreach ($group in $groups) {
Get-ADGroupMember -identity $group -recursive -server domain1.company.com | %{get-ADUser -Identity $_.distinguishedName -properties -useraccountcontrol | Select @{n='Groupame';e={$group}}. DistinguishedName, Name, ObjectClass, SAMAccountName, UserAccountControl}
}
$results
$results | Export-CSV C:\temp\group_members.txt -notypeinformation
0
Comment
Question by:IT_Admin XXXX
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 41745456
Trusted domain?
Perhaps you need to alter the -server variable, depending on the domain you're working with for that object.
0
 
LVL 67

Accepted Solution

by:
sirbounty earned 500 total points
ID: 41745469
I think you'll need to target the correct domain.
Consider this route:

$domains = (get-adforest).domains
$groups = Get-Content c:\temp\domain1grouplist.txt


foreach ($group in $groups) {
    foreach ($domain in $domains) {
        try {
            Get-ADGroupMember -identity $group -recursive -server $domain | %{get-ADUser -Identity $_.distinguishedName -properties -useraccountcontrol | Select @{n='Groupame';e={$group}}. DistinguishedName, Name, ObjectClass, SAMAccountName, UserAccountControl} 
        } catch {}   
    }
}

$results | Export-CSV C:\temp\group_members.txt -notypeinformation

Open in new window

0
 
LVL 37

Expert Comment

by:Jian An Lim
ID: 41745942
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 41750767
Happy to have helped - thanx for the grade! :^)
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question