Get AD Group Members Recursively V2

/ April 29, 2021

I am releasing version 2 of the AD group members recursive function after requests from some of my followers and colleagues.

This version has added functionality to show groups if you use parameter -ShowGroups $true (its optional parameter).

If you are using this in your existing scripts those will continue to work as functionality has been added via optional parameter.

Function has been updated in newer version of vsadmin module.

##################Function Code##############################
Function Get-ADGroupMembersRecursive{
  Param(
    [Parameter(Mandatory = $true,ValueFromPipeline=$true)]
    [ValidateNotNullOrEmpty()]
    [String[]]$Groups,
    [ValidateNotNullOrEmpty()]
    [String[]]$Properties,
    [ValidateSet($true,$false)]
    [string]$ShowGroups
  )
    Begin{
        $Results = @()
        [String[]]$defaultproperties = "distinguishedName","name","objectClass","objectGUID","SamAccountName","SID"
        $Properties+=$defaultproperties
        $Properties = $Properties | Sort-Object -Unique
    }
    Process{
        ForEach($adobj in $Groups){
            $getgroupdn =  (Get-ADGroup -identity $adobj).DistinguishedName
            $findallgroups = Get-ADGroup -identity $getgroupdn -Properties members| Select-Object -ExpandProperty members | get-adobject | Where-Object{$_.objectClass -eq "Group"} |Select DistinguishedName
            $Results+=$getgroupdn
            ForEach($Object in $findallgroups){
                if($ShowGroups -eq $true){
                  Get-ADGroupMembersRecursive $Object.DistinguishedName -Properties $Properties -ShowGroups $true
                 }
                 else{
                  Get-ADGroupMembersRecursive $Object.DistinguishedName -Properties $Properties
                 }
            }
        }
    }
    End{
        $Results = $Results | Select-Object -Unique
        foreach($item in $Results){
          $arrgroupmembers =@()
          if($ShowGroups -eq $true){
            Get-ADGroup -id $item -Properties $Properties | Select-Object $Properties
          }
          $arrgroupmembers = Get-ADGroup -id $item -Properties members | Select-Object -ExpandProperty members |get-adobject | Where-Object{$_.objectClass -eq "user"} | Get-ADUser -properties $Properties | Select-Object $Properties
          $arrgroupmembers
        }
    }
} #Get-ADGroupMembersRecursive

##################################################################

Let us revisit Function usage:

Get-ADGroupMembersRecursive -Groups “Test Nested Group” # It will recurse thru it and extract the members

 

Get-ADGroupMembersRecursive -Groups “Test Nested Group” -Properties Employeed # Include extra properties

 

Get-ADGroupMembersRecursive -Groups “Test Nested Group1″ ,”Test Nested Group2” # extract members from multiple groups

Get-ADGroupMembersRecursive -Groups “Test Nested Group1″ -ShowGroups $true # This will first show the group and then its members

 

Thanks for reading and downloading..

Tech Wizard

https://techwizard.cloud

https://syscloudpro.com/

 

 

Advertisement

Related posts

One thought on “Get AD Group Members Recursively V2

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s