Solved

Retrieve Nested Group Members (Cross Domain) from a List of Groups

Posted on 2016-08-05
4
112 Views
Last Modified: 2016-08-10
Hello powershell gurus,

I am trying to retrieve group members (members are spread across multiple domains) and to retrieve it recursively (because there are nested groups within) from a list of groups (txt file) then and to enumerate the user members with their respective attributes (DN, parent group they are a memberof, objectclass, samaccountname and useraccountcontrol). I have the code below but for some reason when the member of the group or the nested member of the group is in another domain, it fails stating it can't be resolved. Can someone please shed some light?

Thank you!

$groups = Get-Content c:\temp\domain1grouplist.txt

$results = foreach ($group in $groups) {
Get-ADGroupMember -identity $group -recursive -server domain1.company.com | %{get-ADUser -Identity $_.distinguishedName -properties -useraccountcontrol | Select @{n='Groupame';e={$group}}. DistinguishedName, Name, ObjectClass, SAMAccountName, UserAccountControl}
}
$results
$results | Export-CSV C:\temp\group_members.txt -notypeinformation
0
Comment
Question by:IT_Admin XXXX
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 41745456
Trusted domain?
Perhaps you need to alter the -server variable, depending on the domain you're working with for that object.
0
 
LVL 67

Accepted Solution

by:
sirbounty earned 500 total points
ID: 41745469
I think you'll need to target the correct domain.
Consider this route:

$domains = (get-adforest).domains
$groups = Get-Content c:\temp\domain1grouplist.txt


foreach ($group in $groups) {
    foreach ($domain in $domains) {
        try {
            Get-ADGroupMember -identity $group -recursive -server $domain | %{get-ADUser -Identity $_.distinguishedName -properties -useraccountcontrol | Select @{n='Groupame';e={$group}}. DistinguishedName, Name, ObjectClass, SAMAccountName, UserAccountControl} 
        } catch {}   
    }
}

$results | Export-CSV C:\temp\group_members.txt -notypeinformation

Open in new window

0
 
LVL 37

Expert Comment

by:Jian An Lim
ID: 41745942
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 41750767
Happy to have helped - thanx for the grade! :^)
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to prepare an HTML email signature template file containing dynamic placeholders for users' Azure AD data. Furthermore, it explains how to use this file to remotely set up a department-wide email signature policy in Office …
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question