Hi,
here are the code snippets to list all members of an Active Directory Group.
Some constants
# Define LDAP search root, the Global catalog of the domain $sLDAPSearchRoot="LDAP://yourDomain.com:3268" # The Groupname to looking for $sGroupName="USR_GRP_IN_AD"
The LDAP query
# The query string $sSearchStr ="(&(objectCategory=group)(name="+$sGroupName+"))" # Get the search object $oSearch=New-Object directoryservices.DirectorySearcher($oADRoot,$sSearchStr) # Looking for the group $oFindResult=$oSearch.FindAll()
On success, get a DirectoryEntry object for the group
$oGroup=New-Object System.DirectoryServices.DirectoryEntry($oFindResult.Path)
And list all members
$oGroup.Member|%{ $oMember=New-Object System.DirectoryServices.DirectoryEntry($sLDAPSearchRoot+"/"+$_) }
Attached is the ready to use script ListADGroup which supports two parameters. The Groupname which is mandatory and optional the domain. The default domain can be set in the script in the param section. Usage
PS D:\> ListADGroup.ps1 -g Groupname [-do yourDomain.com]
Michael