Active Directory, Automation, Powershell, Scripts, Windows 2008, Windows 2012

AD Group Membership (Member(s) and Member of)

by Murali

AD Group Membership (Member(s) and Member of)

  • #powershell script to pull AD Group Membership using traditional ADSI method
  • Will collect both Members and Member of
  • Run the script in this format:
    • .\ListGroupMembers.ps1 -DomainName mydomain.com -GroupName “Domain admins”
<#
.Synopsis
   List/Export Group Members of a Given Group From Domain
.EXAMPLE
   .\ListGroupMembers.ps1 -DomainName mydomain.com -GroupName "Domain admins"
.Author
   Murali M Palla
.Contact
    [email protected]
.Version
    v1 - March-12,2015
    v2 - March-31,2015 - Added getting Member of list 
#>
[CmdletBinding()]
param(
  [parameter(Mandatory=$TRUE,Position=0,ValueFromPipeline=$False)]
    [String] $DomainName,
  [parameter(Mandatory=$TRUE,Position=1,ValueFromPipeline=$False)]
    [String] $GroupName
)
clear
function DN2CN([__ComObject] $object,[String] $method, $parameters) 
{
  $object.GetType().InvokeMember($method,"InvokeMethod", $NULL, $object, $parameters)
}
$ScriptStart = Get-Date -Format dd-MMM-yyyy-hh-mm-ss
$Report = "$($GroupName)_$ScriptStart.csv"
$error.Clear()
$ADS_NAME_INITTYPE_GC = 3
$ADS_NAME_TYPE_NT4 = 3
$ADS_NAME_TYPE_1779 = 1
$ADS_NAME_TYPE_Display = 4
$GetLDAPDN = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$DomainName") -ErrorAction SilentlyContinue
$Domain = $GetLDAPDN.distinguishedName
if ($Domain)
{
    write-host "Domain Name: $Domain"
    $searcher = New-Object System.DirectoryServices.DirectorySearcher($GetLDAPDN)
    $searcher.Filter = "(&(objectCategory=Group)(name=$($GroupName)))"
    [System.DirectoryServices.SearchResult]$result = $searcher.FindOne()
    if($result)
    {
        $MemberCount = ($result.Properties.member).count
        $MemberOfCount = ($result.Properties.memberof).count
        Write-Host "$GroupName has $MemberCount members, and is part of $MemberOfCount Groups"
        $GroupCollection = @()
        foreach ($member in $result.Properties.member)
        {
            $dn = $member       
            $TranslateOBJ = New-Object -ComObject "NameTranslate"
            DN2CN $TranslateOBJ "Init" ($ADS_NAME_INITTYPE_GC, "")
            DN2CN $TranslateOBJ "Set" ($ADS_NAME_TYPE_1779,$DN)            
            $loginName = DN2CN $TranslateOBJ "Get" ($ADS_NAME_TYPE_NT4)
            try {$error.Clear();$displayName = DN2CN $TranslateOBJ "Get" ($ADS_NAME_TYPE_Display)}
            catch {if($error.Count){};$displayName=""}
            $GroupObject = New-Object -TypeName psobject
            Add-Member -InputObject $GroupObject -MemberType NoteProperty -Name Domain -Value "$DomainName"
            Add-Member -InputObject $GroupObject -MemberType NoteProperty -Name GroupName -Value "$GroupName"
            Add-Member -InputObject $GroupObject -MemberType NoteProperty -Name Member -Value "$loginName"
            Add-Member -InputObject $GroupObject -MemberType NoteProperty -Name MemberOf -Value ""
            Add-Member -InputObject $GroupObject -MemberType NoteProperty -Name DisplayName -Value "$displayName"
            Add-Member -InputObject $GroupObject -MemberType NoteProperty -Name Location -Value "$member"
            $GroupCollection += $GroupObject
        }
        foreach ($member in $result.Properties.memberof)
        {
            $dn = $member       
            $TranslateOBJ = New-Object -ComObject "NameTranslate"
            DN2CN $TranslateOBJ "Init" ($ADS_NAME_INITTYPE_GC, "")
            DN2CN $TranslateOBJ "Set" ($ADS_NAME_TYPE_1779,$DN)            
            $loginName = DN2CN $TranslateOBJ "Get" ($ADS_NAME_TYPE_NT4)
            try {$error.Clear();$displayName = DN2CN $TranslateOBJ "Get" ($ADS_NAME_TYPE_Display)}
            catch {if($error.Count){};$displayName=""}
            $GroupObject = New-Object -TypeName psobject
            Add-Member -InputObject $GroupObject -MemberType NoteProperty -Name Domain -Value "$DomainName"
            Add-Member -InputObject $GroupObject -MemberType NoteProperty -Name GroupName -Value "$GroupName"
            Add-Member -InputObject $GroupObject -MemberType NoteProperty -Name Member -Value ""
            Add-Member -InputObject $GroupObject -MemberType NoteProperty -Name MemberOf -Value "$loginName"
            Add-Member -InputObject $GroupObject -MemberType NoteProperty -Name DisplayName -Value "$displayName"
            Add-Member -InputObject $GroupObject -MemberType NoteProperty -Name Location -Value "$member"
            $GroupCollection += $GroupObject
        }
    }
    else {Write-Host "$GroupName not found" -ForegroundColor Red }
}

else {Write-Host "Unable to Query $DomainName, if you are sure that the Name is Correct, Please try in a different fromat" -ForegroundColor Red }
$GroupCollection | Export-Csv -Path $Report -NoTypeInformation

Loading