Solved

Retrieve Nested Group Members (Cross Domain) from a List of Groups

Posted on 2016-08-05
4
100 Views
Last Modified: 2016-08-10
Hello powershell gurus,

I am trying to retrieve group members (members are spread across multiple domains) and to retrieve it recursively (because there are nested groups within) from a list of groups (txt file) then and to enumerate the user members with their respective attributes (DN, parent group they are a memberof, objectclass, samaccountname and useraccountcontrol). I have the code below but for some reason when the member of the group or the nested member of the group is in another domain, it fails stating it can't be resolved. Can someone please shed some light?

Thank you!

$groups = Get-Content c:\temp\domain1grouplist.txt

$results = foreach ($group in $groups) {
Get-ADGroupMember -identity $group -recursive -server domain1.company.com | %{get-ADUser -Identity $_.distinguishedName -properties -useraccountcontrol | Select @{n='Groupame';e={$group}}. DistinguishedName, Name, ObjectClass, SAMAccountName, UserAccountControl}
}
$results
$results | Export-CSV C:\temp\group_members.txt -notypeinformation
0
Comment
Question by:IT_Admin XXXX
  • 3
4 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 41745456
Trusted domain?
Perhaps you need to alter the -server variable, depending on the domain you're working with for that object.
0
 
LVL 67

Accepted Solution

by:
sirbounty earned 500 total points
ID: 41745469
I think you'll need to target the correct domain.
Consider this route:

$domains = (get-adforest).domains
$groups = Get-Content c:\temp\domain1grouplist.txt


foreach ($group in $groups) {
    foreach ($domain in $domains) {
        try {
            Get-ADGroupMember -identity $group -recursive -server $domain | %{get-ADUser -Identity $_.distinguishedName -properties -useraccountcontrol | Select @{n='Groupame';e={$group}}. DistinguishedName, Name, ObjectClass, SAMAccountName, UserAccountControl} 
        } catch {}   
    }
}

$results | Export-CSV C:\temp\group_members.txt -notypeinformation

Open in new window

0
 
LVL 37

Expert Comment

by:Jian An Lim
ID: 41745942
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 41750767
Happy to have helped - thanx for the grade! :^)
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Create and license users in Office 365 in bulk based on a CSV file. A step-by-step guide with PowerShell script examples.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question