/\/\o\/\/ PowerShelled

This blog has moved to http://ThePowerShellGuy.com Greetings /\/\o\/\/
$AtomFeed = ("Atom.xml")
$PreviousItems = (" Powershell and hey Scripting guy ! "," PowerShell Orphan share remover Tool (Update) "," PowerShell and Active Directory Part 8 (ACL's) "," Signing PowerShell Scripts "," PowerShell and Active Directory Part 7 "," PowerShell and Active Directory Part 6 "," Windows PowerShell Video: Next Generation Command ... "," PowerShell and Active Directory Part 5 "," PowerShell and Active Directory Part 4 (TypeData) "," PowerShell and MOM2005 part 2 : Updating Settings "," ")

Monday, August 28, 2006

 

PowerShell and Active Directory Part 9 (nested groups)

In this entry I will show how you can use a recursive script to get the all members of a group, including the members that are in nested groups.

Note that the script will not handle groups with more as 1000 (W2K) or 1500 (W2K3) users,
as this is the maximum the Members property will enumerate.
If you have groups that are bigger you need to adapt the script to do a paged search for examples how to do this see :Large AD queries in Monad

The script looks like this :

# Function get-NestedMembers
# List the members of a group including all nested members of subgroups
# /\/\o\/\/ 2006

function get-NestedMembers ($group){ 
  if ($group.objectclass[1] -eq 'group') { 
        write-verbose "Group $($group.cn)" 
    $Group.member |% { 
      $de = new-object directoryservices.directoryentry("LDAP://$_"
      if ($de.objectclass[1] -eq 'group') { 
        get-NestedMembers $de 
      } 
      Else { 
        $de.sAMAccountName 
      } 
    } 
  }
  Else {
    Throw "$group is not a group"
  } 


Note that I did add the groupname as a Write-Verbose, so it will only show in verbose mode and in verbose mode will only be displayed not passed on to the pipeline , also it will show users that are member of more groups as often as they get found, as show in the examples below you can use group or sort -unique to get a list of them or to only show the users / computers found in more groups once.

# get-NestedMembers usage examples :
 
# get a group

$group = new-object directoryservices.directoryentry("LDAP://cn=MainGroup,OU=Groups,DC=mow,DC=Local")

# Get all nested members

get-NestedMembers $group

User1
User2
User2
User3

# Show current verbose mode :

MowPS>$VerbosePreference
SilentlyContinue

# Enable Verbose Mode :

$VerbosePreference = 'continue'

get-NestedMembers $group

VERBOSE: Group MainGroup
User1
User2
VERBOSE: Group SubGroup
User2
User3

# Disable Verbose Mode again :

$VerbosePreference = 'SilentlyContinue'

# Group the output to get the doubles
 
get-NestedMembers $group | group

Count Name                      Group
----- ----                      -----
    1 User1                  {User1}
    2 User2                  {User2, User2}
    1 User3                  {User3}

# Use sort -Unique to get every user only once

get-NestedMembers $group | sort -Unique

User1
User2
User3



Enjoy,

Greetings, /\/\o\/\/
Tags :

posted by /\/\o\/\/
Comments: Post a Comment



<< Home

Archives

October 2005   November 2005   December 2005   January 2006   February 2006   March 2006   April 2006   May 2006   June 2006   July 2006   August 2006   September 2006   October 2006   November 2006   December 2006  

Links

$Links = ("PowerShell RC1 Docs"," PowerShell RC1 X86"," PowerShell RC1 X64"," Monad GettingStarted guide"," Monad Progamming Guide"," Monad SDK"," Monad videos on Channel 9"," MSH Community Workspace"," scripts.readify.net "," MonadSource"," www.reskit.net"," PowerShell Blog"," Under The Stairs"," computerperformance powershell Home"," proudlyserving"," MSH on wikipedia"," MSHWiki Channel 9"," Keith Hill's Blog"," Precision Computing"," PowerShell for fun"," MSH Memo (Japanese)"," monadblog")

find-blog -about "PowerShell","Monad" | out-Technorati.
find-blog -contains "","" | out-Technorati.
Google
 
Web mow001.blogspot.com

This page is powered by Blogger. Isn't yours?