Google Reviews
If you find this content or our services useful, please leave us a review.

Other Posts in this Series:

This post includes an example of how we can use ADSI to list nested members of an AD group.  In other words, if the group contains nested groups, it will iteratively search all the members of those nested groups too.

$global:found = 0;

function Find-Enabled-Members
{
    Param
    (
       [string]$DN
    )

    if (!([adsi]::Exists("LDAP://$DN"))) {
        write-host "$DN does not exist"
        return     
    }

    $group = [adsi]("LDAP://$DN")

    ($group).member | ForEach-Object {

        $groupObject = [adsisearcher]"(&(distinguishedname=$($_)))"  
        $groupObjectProps = $groupObject.FindOne().Properties
             
        if ($groupObjectProps.objectcategory -like "CN=group*") { 
            #search nested group
            Find-Enabled-Members "$_"
        } else {
            $userenabled = ($groupObjectProps.useraccountcontrol[0] -band 2) -ne 2

            #which properties to choose from (these are case-sensitive!)
            #write-host $groupObject.FindOne().Properties.PropertyNames
            if ($userenabled) {
                write-host "Found $($groupObjectProps.samaccountname) in $($group.Name)"
                $global:found += 1
            }              
        }

    }
}

Find-Enabled-Members "CN=GroupToSearch,OU=Applications,DC=alkanesolutions,DC=co,DC=uk"
write-host "Total members incl nested members is $($global:found)"
write-host "Total direct members is $($group.member.count)"

 

 

Use ADSI to List Nested Members of an AD Group
Comments have now been disabled. If you have a question to ask about this post please ask the community!