List group members

We have seen how to add a user to a group but what about finding out who is in the group

## lists the members of a group            
$groupdn = "CN=GroupGblSecA,OU=TestGroups,DC=Manticore,DC=org"            
$groupname = "GroupGblSecA"            
Get-ADGroupMember -Identity $groupname |            
Format-Table name, distinguishedname             
"`nAD provider"            
Get-ItemProperty ad:\$groupdn -Name member |            
select -ExpandProperty member |            
Get-QADGroupMember -Identity $groupname |            
Format-Table Name, DN            
$root = [ADSI]""            
$search = [adsisearcher]$root            
$search.Filter = "(&(objectclass=group)(cn=$groupname))"            
$search.SizeLimit = 3000            
$search.FindOne() |            
foreach {            
 $_.GetDirectoryEntry()  |            
  select -ExpandProperty member            

The Microsoft and Quest cmdlets work in a similar manner except that Quest rename distinguishedname to DN

The provider is a get-itemproperty on the group’s member attribute and then use –ExpandProperty to display the members.

The script searches for the group and then gets a directory entry so the member property can be displayed. An alternative script would be

[adsi]"LDAP://$groupdn" |
select -ExpandProperty member

where we go straight to the directory entry for the group and expand the member property

Leave a Reply