Powershell: Grab all users in an AD group who is a member of a certain group or groups

16 Oct

Today, I was requested to look at all users in an AD group and list out those users who belong to a certain group only. Below is the one-liner I used to form a tab delimited output  (ok ok, I know ps gurus can do it even better):

get-adgroupmember ADGroupName -recursive | _
% {if ($_.objectclass -eq "user") { _ 
get-aduser $_.samaccountname -properties memberof | _
% { foreach ($m in $_.memberof) { _
if ($m -match "GroupABC") {$ "`t" + $m}}}}} | _
 out-file c:\temp\outfile.log -append

“get-adgroupmember ADGroupName -recursive” simply grabs all members of the group “ADGroupName” recursively. This is pipe to the next command.

“if ($_.objectclass -eq “user”)” is important to filter only user if not the commnad using get-aduser will break if it encounters computer or group.

For get-user, you need to add properties MemberOf because by default this will not be added to the object, hence “get-aduser $_.samaccountname -properties memberof” is used

Leave a comment

Posted by on October 16, 2012 in powershell, Scripts, Windows


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: