locked
Read Members of a specific group in a specific OU with PowerShell RRS feed

  • Question

  • Hello guys,

    I would like to write a Script in PowerShell where I can select a specific OU and get the membership of the persons who are in a OU in a specific group.

    How can I do this?

    Best regards and thanks in advance!

    Matthias

    Wednesday, October 15, 2014 9:53 AM

Answers

  • You should probably ask in the Windows PowerShell forum:

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverpowershell


    Richard Mueller - MVP Directory Services

    • Marked as answer by JasonGuo Monday, November 3, 2014 11:35 AM
    Wednesday, October 15, 2014 10:08 AM
  • I see your question was answered in the PowerShell forum. I was going to suggest a similar solution:

    Get-ADGroupMember -Identity "Your Group" | Where {$_.distinguishedName -Like "*,ou=Sales,ou=West,dc=*" | Select Name

    -----


    Unfortunately, the distinguishedName attribute is the only one that indicates the parent OU/Container where the object resides in AD, and you can only filter on an exact match in AD. You cannot use wildcards to filter DN syntax attributes. So you must retrieve all members of the group and use a Where clause to parse distinguished name (with the -Like operator). The other solution suggested retrieves all users in the specified OU (using Get-ADUser) and filters on those where the memberOf attribute includes the distinguished name of the group. That also works.


    Richard Mueller - MVP Directory Services

    • Marked as answer by JasonGuo Monday, November 3, 2014 11:35 AM
    Wednesday, October 15, 2014 2:14 PM

All replies

  • You should probably ask in the Windows PowerShell forum:

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverpowershell


    Richard Mueller - MVP Directory Services

    • Marked as answer by JasonGuo Monday, November 3, 2014 11:35 AM
    Wednesday, October 15, 2014 10:08 AM
  • I see your question was answered in the PowerShell forum. I was going to suggest a similar solution:

    Get-ADGroupMember -Identity "Your Group" | Where {$_.distinguishedName -Like "*,ou=Sales,ou=West,dc=*" | Select Name

    -----


    Unfortunately, the distinguishedName attribute is the only one that indicates the parent OU/Container where the object resides in AD, and you can only filter on an exact match in AD. You cannot use wildcards to filter DN syntax attributes. So you must retrieve all members of the group and use a Where clause to parse distinguished name (with the -Like operator). The other solution suggested retrieves all users in the specified OU (using Get-ADUser) and filters on those where the memberOf attribute includes the distinguished name of the group. That also works.


    Richard Mueller - MVP Directory Services

    • Marked as answer by JasonGuo Monday, November 3, 2014 11:35 AM
    Wednesday, October 15, 2014 2:14 PM