How to get group members of Active Directory (Powershell script)

January 6, 2015 by Leave a Comment

This powershell script allow administrator to get group members of Active Directory. It allow to show all members that is user and computers in group.

Function Get-GroupMembers
{
 <#            
	.DESCRIPTION
		Return the members of an an AD group.
	.PARAMETER GroupDN
		The distinguished name of the group to get membership from.
	.EXAMPLE
		Get-GroupMembers -GroupDN "CN=Managers,OU=Groups,DC=fr,DC=contoso,DC=com" | Format-Table -Property cn, objectSID, distinguishedName
 #>
 Param
	(
 $GroupDN = "CN=Managers,OU=Groups,DC=fr,DC=contoso,DC=com"
	)
 Begin
	{
		$Group = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$($GroupDN)")
		$UserAccounts = @()
	}
 Process
	{
		$Members = $Group.member
		
		If ($Members -ne $Null)
		{
			foreach ($User in $Members)
			{
				$UserObject = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$($User)")
				If ($UserObject.objectCategory.Value.Contains("Group"))
				{
				}
				Else
				{
					$CurrentUser = New-Object -TypeName PSObject -Property @{
						name = $UserObject.name
						cn = $UserObject.cn
						distinguishedName = $UserObject.distinguishedName
						nTSecurityDescriptor = $UserObject.nTSecurityDescriptor
						objectSID = $UserObject.objectSID
					}
				}
			$UserAccounts += $CurrentUser
			}
		}
	}
 End
	{
		Return $UserAccounts
	}
}
Filed Under: Powershell Tagged With: , ,