Listing Members of an AD Group


Sometimes you just want things to be simple. Take today…a random lync message asked me to get a list of user accounts in an AD Group. Mind you, I’m the SCOM guy not the AD guy. Anyway, I thought this would be a pretty straightforward answer and here it was.

Get-ADGroupMember -Identity “MY AD GROUP” -Recursive

The recursive switch at the end would just allow enumeration of nested group members.

Sadly the request came back with this error:

Get-ADGroupMember : Unable to find a default server with Active Directory Web Services running.

 

Since I am not in control of these domain controllers I needed to find another way. Thankfully this code worked 🙂

# $recurse will allow the enumeration of nested group members. Set this to false to search only the targeted group
$Recurse = $true
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$context = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$adgroup=[System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($context,’MY AD GROUP’)
$adgroup.GetMembers($Recurse) | select DisplayName | sort DisplayName

# If you want to find out which accounts are disabled, you could use this line instead of the one above
# $adgroup.GetMembers($Recurse) | ? {$_.Enabled -eq $False} | select DisplayName | sort DisplayName

 

I hope it helps you too!

 

 


Leave a Reply

Your email address will not be published.