Tag Archives: Active Directory

Listing AD Group Members Recursively with Powershell

The Quest Active Directory Cmdlets are very useful in getting AD group members. The only thing I was missing, was a -Recursive parameter. So I created this script.

You feed it AD Group Names as a parameter, and it will return a nice tree view of all members and subgroups and their members and so on. Finally, it returns a list of allunique members and their email addresses. You can easily modify the script to include other properties and export the ouput to a csv file.

I hope you like it.


Get-MyGroupMembersRecursive (Rename to .ps1)

Handy little function: Translate-SID

Ever come across something like this: S-1-5-21-9378569023-29138639125-19468 and wonder what it is? Try feeding it to this handy little function:

function Translate-SID
 $objSID = New-Object System.Security.Principal.SecurityIdentifier($SID)
 $objUser = $objSID.Translate([System.Security.Principal.NTAccount])
 Return $objUser.Value

Of course, you might feel the need to reverse this process and turn something perfectly fine like DOMAINUser into the illegible garbage that is known as a SID. Well, have it your way:

function Translate-ToSID
 $objID = New-Object System.Security.Principal.NTAccount($ID)
 $objSID = $objID.Translate([System.Security.Principal.SecurityIdentifier])
 Return $objSID.Value

Have a good one.

Powershell Oneliner #5

Why I love Powershell:

Yesterday I needed to create an overview of people, their department name and office location. I wanted to have this list in Excel. But all I had was a textfile with their names. A tedious task to fill in all this information, one might think. Luckily, I know Powershell:

Get-Content "D:scriptspeople.txt" | % { Get-QADUser -Name $_ } | Select-Object Name, Department, Office | Export-Csv -Path "D:scriptsoverview.csv" -NoTypeInformation

This simple oneliner generated the entire overview for me in the blink of an eye! My colleagues were flabbergasted :)

Gotta love it.


Quest can’t keep a secret?

Quest Software provides PowerShell users with the possibility to manage Active Directory quickly and easily through their free Active Directory cmdlets. I love using PowerShell to get the exact information I need, using a single line of code. The following oneliner for instance returns the description of a server:


(Get-QADComputer -Name TESTSERVER -Credential $(Get-Credential TESTDOMAIN\TESTUSER)).Description


Isn’t that way cooler then opening Active Directory Users and Computers, searching for the server and opening the properties dialog? It might not be faster of less work, but it does exactly what I want. I think it’s pretty elegant.


I found a strange flaw in the way the Quest cmdlets handle my credentials though.


The native PowerShell Get-Credential command allows you to supply network credentials, when connecting to remote computers for example. As a security precaution, your password is stored in a secure manner. Check this out:


PS D:\> $cred = Get-Credential TESTDOMAIN\TESTUSER (a dialog box pops up and asks me to supply my password)

PS D:\> $cred.password



As you can see, PowerShell does not allow me to read the contents of the password property.

The stored credentials allow me to authenticate against a remote server. So while this WMI query fails:


PS D:\> Get-WmiObject Win32_OperatingSystem -ComputerName TESTSERVER

Get-WmiObject : Access is denied. (Exception from HRESULT: 0×80070005 (E_ACCESSDENIED))

At line:1 char:14

+ Get-WmiObject  <<<< Win32_OperatingSystem -ComputerName TESTSERVER


This works like a charm:


PS D:\> Get-WmiObject Win32_OperatingSystem -ComputerName TESTSERVER -Credential $cred

SystemDirectory : C:\WINNT\system32

Organization    : TESTORG

BuildNumber     : 3790

RegisteredUser  : TESTORG

SerialNumber    : 12345-123-1234567-12345

Version         : 5.2.3790


The Quest Active Directory cmdlets also allow me to use these stored credentials to connect to Active Directory:


PS D:\> $computer = Get-QADComputer -Name testcomputer -Credential $cred

PS D:\>$computer

Name                      Type                    DN

—-                            —-                      



That’s just great! But I found out recently that the object returned by this command has a property called NetworkCredential:


PS D:\> $computer | Format-List -Property NetworkCredential

NetworkCredential : System.Net.NetworkCredential


Now let’s take a look at the value of this property:


PS D:\> $computer.NetworkCredential | Format-List -Property *


Password : SecretPassword!



Hey, what the hell!? That’s my password! I thought it was secret!