Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Retrieve Nested Group Members (Cross Domain) from a List of Groups

Posted on 2016-08-05
4
Medium Priority
?
223 Views
Last Modified: 2016-08-10
Hello powershell gurus,

I am trying to retrieve group members (members are spread across multiple domains) and to retrieve it recursively (because there are nested groups within) from a list of groups (txt file) then and to enumerate the user members with their respective attributes (DN, parent group they are a memberof, objectclass, samaccountname and useraccountcontrol). I have the code below but for some reason when the member of the group or the nested member of the group is in another domain, it fails stating it can't be resolved. Can someone please shed some light?

Thank you!

$groups = Get-Content c:\temp\domain1grouplist.txt

$results = foreach ($group in $groups) {
Get-ADGroupMember -identity $group -recursive -server domain1.company.com | %{get-ADUser -Identity $_.distinguishedName -properties -useraccountcontrol | Select @{n='Groupame';e={$group}}. DistinguishedName, Name, ObjectClass, SAMAccountName, UserAccountControl}
}
$results
$results | Export-CSV C:\temp\group_members.txt -notypeinformation
0
Comment
Question by:IT_Admin XXXX
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 41745456
Trusted domain?
Perhaps you need to alter the -server variable, depending on the domain you're working with for that object.
0
 
LVL 67

Accepted Solution

by:
sirbounty earned 2000 total points
ID: 41745469
I think you'll need to target the correct domain.
Consider this route:

$domains = (get-adforest).domains
$groups = Get-Content c:\temp\domain1grouplist.txt


foreach ($group in $groups) {
    foreach ($domain in $domains) {
        try {
            Get-ADGroupMember -identity $group -recursive -server $domain | %{get-ADUser -Identity $_.distinguishedName -properties -useraccountcontrol | Select @{n='Groupame';e={$group}}. DistinguishedName, Name, ObjectClass, SAMAccountName, UserAccountControl} 
        } catch {}   
    }
}

$results | Export-CSV C:\temp\group_members.txt -notypeinformation

Open in new window

0
 
LVL 37

Expert Comment

by:Jian An Lim
ID: 41745942
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 41750767
Happy to have helped - thanx for the grade! :^)
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
This article will help you understand what HashTables are and how to use them in PowerShell.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question