Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Retrieve Nested Group Members (Cross Domain) from a List of Groups

Posted on 2016-08-05
4
Medium Priority
?
293 Views
Last Modified: 2016-08-10
Hello powershell gurus,

I am trying to retrieve group members (members are spread across multiple domains) and to retrieve it recursively (because there are nested groups within) from a list of groups (txt file) then and to enumerate the user members with their respective attributes (DN, parent group they are a memberof, objectclass, samaccountname and useraccountcontrol). I have the code below but for some reason when the member of the group or the nested member of the group is in another domain, it fails stating it can't be resolved. Can someone please shed some light?

Thank you!

$groups = Get-Content c:\temp\domain1grouplist.txt

$results = foreach ($group in $groups) {
Get-ADGroupMember -identity $group -recursive -server domain1.company.com | %{get-ADUser -Identity $_.distinguishedName -properties -useraccountcontrol | Select @{n='Groupame';e={$group}}. DistinguishedName, Name, ObjectClass, SAMAccountName, UserAccountControl}
}
$results
$results | Export-CSV C:\temp\group_members.txt -notypeinformation
0
Comment
Question by:IT_Admin XXXX
  • 3
4 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 41745456
Trusted domain?
Perhaps you need to alter the -server variable, depending on the domain you're working with for that object.
0
 
LVL 67

Accepted Solution

by:
sirbounty earned 2000 total points
ID: 41745469
I think you'll need to target the correct domain.
Consider this route:

$domains = (get-adforest).domains
$groups = Get-Content c:\temp\domain1grouplist.txt


foreach ($group in $groups) {
    foreach ($domain in $domains) {
        try {
            Get-ADGroupMember -identity $group -recursive -server $domain | %{get-ADUser -Identity $_.distinguishedName -properties -useraccountcontrol | Select @{n='Groupame';e={$group}}. DistinguishedName, Name, ObjectClass, SAMAccountName, UserAccountControl} 
        } catch {}   
    }
}

$results | Export-CSV C:\temp\group_members.txt -notypeinformation

Open in new window

0
 
LVL 37

Expert Comment

by:Jian An Lim
ID: 41745942
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 41750767
Happy to have helped - thanx for the grade! :^)
0

Featured Post

WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Loops Section Overview

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question