Hello there,
Does anyone know how can i get the equivalent to this
Get-ADGroupMember -identity “$group” -Recursive |Where-Object ObjectClass -EQ user| select SamAccountname -ExpandProperty SamAccountname
But using [adsisearcher] ?
I don’t think you can do that directly. You’d have to get all of the top group members then write a recursive function to test if any of them are groups and get their members.
Its possible but messy
Is there a reason you can’t use Get-ADGroupMember
I covered this way back in PowerShell in Practice but the code looks something like this
## PowerShell in Practice
## by Richard Siddaway
##################################
## get group membership
##################################
$group = [ADSI]"LDAP://cn=UKPMs,ou=All Groups,dc=manticore,dc=org"
$group.member | Sort-Object
## Listing 5.25
## Get nested group membership
#################################
function resolve-group{
param ($group)
foreach ($member in $group.member){
$obj = [ADSI]("LDAP://" + $member)
$global:members += $obj.distinguishedname
if ($obj.objectclass[1] -eq 'group'){resolve-group $obj}
}
}
$global:members = @()
$group = [ADSI]"LDAP://cn=International,ou=All Groups,dc=manticore,dc=org"
resolve-group $group
$global:members | Sort-Object -Unique
It’s possible
#Find all (include indirect) members of TestGroup1 $ds = New-Object System.DirectoryServices.DirectorySearcher $gdn='CN=TestGroup1,OU=TEST,OU=ROOTOU,DC=corp,DC=domain,DC=com' $ds.Filter = "(memberOf:1.2.840.113556.1.4.1941:=$gdn)" $ds.FindAll()