Recursive Search for AD Group Members

Scenario: You need to perform a search for membership of AD Groups, including nested membership, for specific AD Groups

Function:

Function Get-GroupMembers {
   param(
          [string]$GroupName
   )

    #Var
    $objects = @()
    $members = @()
If($Layer -eq $Null){$layer = 1}else{$layer = $layer + 1}


    get-ADGroup $GroupName  -Properties *|select -ExpandProperty members | %{$Members += Get-ADObject -Filter {Distinguishedname -eq $_} | Select Name, ObjectClass, DistinguishedName}
    If($OriginalGroup -eq $Null){$OriginalGroup = $groupname}



   foreach ($member in $members) {

          if ($member.objectClass -eq "group") {
                 $objects += Get-GroupMembers -GroupName $member.distinguishedname
          }


            $obj = new-object psObject
            $obj | Add-Member -membertype noteproperty -Name Group -Value $OriginalGroup
            $obj | Add-Member -MemberType noteproperty -Name Layer -Value $layer
            $obj | Add-Member -membertype noteproperty -Name ObjectClass -Value $member.objectclass
            $obj | Add-Member -MemberType noteproperty -Name Name -Value $member.name
            $obj | Add-Member -membertype noteproperty -Name NameDN -Value $groupname

            $objects = $objects += $obj




   } # foreach

   return $objects
}#

Results: Run the following in Powershell after copying the function from above: Get-groupmembers -groupname “EmailAdmins”


Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: