Blog Post

Find Members of AD Group - PowerShell Script

,

This is one of the powershell script I have been using quite regularly from the day I developed. Most of SQL Server logins have AD groups as logins and for any security issues we would need to back track the user and group he is associated with, this script will recursively loop all sub group of the specified AD group and list all the sub group and its members too. Hope its useful.

# Script to Find AD Group Members
# Created by - Vinoth N Manoharan
# Version 1.1
# Date - 05/10/2011
# Script Help :-
#---------------
# Please Enter $usr variable some valid AD Group you want to Search
$usr = "AD Group Name"
function Findusers($objparam)
{
foreach($ent in $objparam)
{
$objuser1 = New-Object System.DirectoryServices.DirectoryEntry("LDAP://"+$ent)
#$objuser1
$usrtype = $objuser1.sAMAccountType
#$usrtype
#if %sAMAccountType% EQU 268435456 set desc=SAM_GROUP_OBJECT
#if %sAMAccountType% EQU 268435457 set desc=SAM_NON_SECURITY_GROUP_OBJECT
#if %sAMAccountType% EQU 536870912 set desc=SAM_ALIAS_OBJECT
#if %sAMAccountType% EQU 536870913 set desc=SAM_NON_SECURITY_ALIAS_OBJECT
#if %sAMAccountType% EQU 805306368 set desc=SAM_NORMAL_USER_ACCOUNT
#if %sAMAccountType% EQU 805306369 set desc=SAM_MACHINE_ACCOUNT
#if %sAMAccountType% EQU 805306370 set desc=SAM_TRUST_ACCOUNT
#if %sAMAccountType% EQU 1073741824 set desc=SAM_APP_BASIC_GROUP
#if %sAMAccountType% EQU 1073741825 set desc=SAM_APP_QUERY_GROUP
#if %sAMAccountType% EQU 2147483647 set desc=SAM_ACCOUNT_TYPE_MAX
if($usrtype -eq 268435456 -or $usrtype -eq 268435457)
{
"`n`t" + $objuser1.name + "`n"
$objmem_inner = $objuser1.member
#$ent.member
Findusers($objmem_inner)
}
else
{
"`t`t"+$objuser1.cn+" -- "+$objuser1.Displayname
}
}
}
Clear-Host
#$usr = ""
$str = $usr + ":-"
$str
Echo "---------------------------------------------"
$objItem = @()
$strFilter = "(&(objectCategory=Group)(name=$usr))"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
#$objDomain |Get-Member
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
#$objSearcher | Get-Member
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "Subtree"
#$colProplist = "name"
#foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}
$colResults = $objSearcher.FindAll()
#$colResults|Get-Member
foreach ($objResult in $colResults)
{
$objItem = $objResult.GetDirectoryEntry()
#$objItem
#$objItem.sAMAccountName
$objmem = $objItem.member
#$objmem
Findusers($objmem)
}

Rate

You rated this post out of 5. Change rating

Share

Share

Rate

You rated this post out of 5. Change rating

Related content

Technical Article

Database Mirroring FAQ: Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup?

Question: Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup? This question was sent to me via email. My reply follows. Can a 2008 SQL instance be used as the witness for a 2005 database mirroring setup? Databases to be mirrored are currently running on 2005 SQL instances but will be upgraded to 2008 SQL in the near future.

You rated this post out of 5. Change rating

2009-02-23

1,567 reads

Technical Article

Networking - Part 4

You may want to read Part 1 , Part 2 , and Part 3 before continuing. This time around I'd like to talk about social networking. We'll start with social networking. Facebook, MySpace, and Twitter are all good examples of using technology to let...

You rated this post out of 5. Change rating

2009-02-17

1,530 reads

Technical Article

Speaking at Community Events - More Thoughts

Last week I posted Speaking at Community Events - Time to Raise the Bar?, a first cut at talking about to what degree we should require experience for speakers at events like SQLSaturday as well as when it might be appropriate to add additional focus/limitations on the presentations that are accepted. I've got a few more thoughts on the topic this week, and I look forward to your comments.

You rated this post out of 5. Change rating

2009-02-13

360 reads