List group members

We have seen how to add a user to a group but what about finding out who is in the group

## lists the members of a group            
$groupdn = "CN=GroupGblSecA,OU=TestGroups,DC=Manticore,DC=org"            
$groupname = "GroupGblSecA"            
            
"`nMicrosoft"            
Get-ADGroupMember -Identity $groupname |            
Format-Table name, distinguishedname             
            
"`nAD provider"            
Get-ItemProperty ad:\$groupdn -Name member |            
select -ExpandProperty member |            
Format-Table            
            
"`nQuest"            
Get-QADGroupMember -Identity $groupname |            
Format-Table Name, DN            
            
            
"`nScript"            
$root = [ADSI]""            
$search = [adsisearcher]$root            
$search.Filter = "(&(objectclass=group)(cn=$groupname))"            
$search.SizeLimit = 3000            
$search.FindOne() |            
foreach {            
 $_.GetDirectoryEntry()  |            
  select -ExpandProperty member            
}


The Microsoft and Quest cmdlets work in a similar manner except that Quest rename distinguishedname to DN



The provider is a get-itemproperty on the group’s member attribute and then use –ExpandProperty to display the members.



The script searches for the group and then gets a directory entry so the member property can be displayed. An alternative script would be



[adsi]"LDAP://$groupdn" |
select -ExpandProperty member



where we go straight to the directory entry for the group and expand the member property

Leave a Reply