Exporting Nested Group with individual group names & membership


First, I hope everyone who is reading this is healthy and being able to cope with this as best as possible.

This is my first post and I wanted to thank in advance for all your help!

I am really trying to figure this out and have tried multiple different scripts and variations, yet I am sure that I am missing something simple.

Basically, I would like to get the membership of a nested group and all its nested group membership but I would like to have the groups to which the user belongs to.

so report should include group name, group samaccountname, user display name, user samaccountname, user email.

I found the script below but it throws an “identity” error.


$date = Get-Date -UFormat '%Y%m%d'
$groups = Import-Csv c:\temp\groups.csv
$results = ForEach ($group in $groups) {
$users = Get-ADGroupMember $groups | Select-Object -ExpandProperty SamAccountName
ForEach ($user in $users){
New-Object -TypeName PSObject -Property @{
$results | Sort-Object 'Group' | Export-Csv -NoTypeInformation -Path c:\temp\testone-$date.csv

The error is the following:

Get-ADGroupMember : Cannot convert 'System.Object[]' to the type 'Microsoft.ActiveDirectory.Management.ADGroup' required by parameter 'Identity'. Specified method is not supported.


Any help would be greatly appreciated, I am just really surprised I have not found something like this or that I would easily be able to modify. I just keep running into errors and the last time I worked on PowerShell it was when the Quest CMDlets were out :frowning:

Thank you in advance!


That has been written many times. A search “Powershell nested group recursion” has many blogs, scripts, etc. such as:

You should start with (re-)reading the instructions/help in the very first post on top of the list of this forum: Read Me Before Posting! You’ll be Glad You Did!
Then you should go back and fix your post by formatting your code as code using the code tags “PRE”. When you post error messages or console output or sample data you should format this as code as well, please.
Now you can change this line of code:

$users = Get-ADGroupMember $groups | Select-Object -ExpandProperty SamAccountName

to this:

$users = Get-ADGroupMember $group | Select-Object -ExpandProperty SamAccountName

… and your code should run without error. :wink:

Thank you for the advice to both of you, I will make sure to edit as necessary.

@olaf I tried the suggestion above earlier and I still get the identity error.