The Quest Active Directory Cmdlets are very useful in getting AD group members. The only thing I was missing, was a -Recursive parameter. So I created this script.
You feed it AD Group Names as a parameter, and it will return a nice tree view of all members and subgroups and their members and so on. Finally, it returns a list of allunique members and their email addresses. You can easily modify the script to include other properties and export the ouput to a csv file.
I hope you like it.
Hugo
Get-MyGroupMembersRecursive (Rename to .ps1)
No related posts.
Is there any way to feed it an OU, and have it get all groups and members from withing that OU?
Hi Hugo,
I tried your script on a large DL but it didn’t include contacts. Is there a way to include contacts and mail-enabled users as well? How about users, mail-enabled users and contacts in other domains as well?
Thanks. I work for a non-profit that helps kids in poor neighborhoods get to and through college and we really appreciate your making this script available.
Robert
Hi
Get-QADGroup : Cannot validate argument on parameter ‘Name’. The argument is null or empty.
Error i got when running script?
/T
Hi,
I’ve just downloaded the script and when I run it, some ‘group Name’ are not reported in the result. Is there difference between Local Group, Domain Group and Universal Group ?
I tryed to put all groups in first one, no effects.
Thanks.
Hi,
Do you have a new version of this script because, I can’see in result all Group ‘Name’. I think, the script made difference between universal, global an local group.
I used it in 2003 AD sever.
Thanks
I have changed 31 line to display Subgroups
highlight=” Write-Host (“{0}{1}” -f $Indent,$Object) -ForegroundColor “green” “
I have changed 31 line to display Subgroups
Write-Host (“{0}{1}” -f $Indent,$Object) -ForegroundColor “green”
Pavel,
I need to Audit Shared folders for their permissions. However, I need to be able to see ALL of the child folders AND enumerate the active directory users within each group that has permission to a particular share. I would like to incorporate Get-MyGroupMembersRecursive.ps1 with the script on http://poshcode.org/1721 named Audit NTFS on Shares by DigitalAsylum. However, I am at a loss about how to feed the user group through the script. Would you be able to assist?
Kindest regards,
Maria
I am not good in powershell as you want. I solved similar problem by this small script. It has been working quite long. Result in .txt file I opened by hand in excel.
# START
dir \\FileServer\Sharing\ -recurse | Where-Object { $_.PSIsContainer } |
ForEach-Object {Get-Acl $_.FullName} |
ForEach-Object { $_.Access `
| Add-Member -Name PSPath -MemberType NoteProperty -Value $_.PSPath -PassThru `
| Add-Member -Force -Name ToString -MemberType ScriptMethod -Value {“$($this
.IdentityReference), $($this.AccessControlType), $($this.FileSystemRights)”} -PassThru
} |
Where-Object { $_.IsInherited -like “*False*” } |
Format-Table -AutoSize | Out-File D:\Result.txt -encoding unicode
# END
The result include only non inherited permittions. You have to change name of server, sharing and path to result file.
Best regards
Pavel
»crosslinked«