Get-ADGroup <groupname -Properties Members

PowerShell Help
1

Hello
we have a lot of AD groups which have members from 2 different domains within our forest.
To get the member of a group I usually would use the command

Get-ADGroupMember

But if a group contains members from different domains you can not use this command, because you get a exeption error.

That’s why I deceided to use the command

Get-ADGroup <groupname> -Properties Members | select members

But using the command the output is not only the members of the group, but together with the OU, like

{CN=ynl,OU=Benutzer,OU=Users,DC=ixx,DC=max,DC=de, CN=suupo,OU=Benutzer,OU=Users....

How can I filter the output, that I just get the names of the members ( get only the CN)

thanks
Andreas

2

Actually it is the Distinguished Name you get. If you want to get the Common Name (CN) you may query the according AD for this attribute or you use string acrobatics. :wink:

Given your example output it could look like this:

$DN = 'CN=ynl,OU=Benutzer,OU=Users,DC=ixx,DC=max,DC=de'
(($DN -split ',OU')[0] -split '=')[1]
3

I do not want the Distinguished Name itself as the result, but I want all members within the group.
Means the output in my excample should be

ynl,suupo
4

I know. You have to do this step for each individual member of a group … so you have to use a loop. :wink:

5

OK, but how I get the CNs from that $DN string?

If I run your commands, I get as result the name of the group itself , OU.
In the output there is none of the members included.

6 
$MemberList = 
    Get-ADGroup '<groupname>' -Properties Members | 
        Select-Object -ExpandProperty members
foreach ($Member in $MemberList) {
    (($Member -split ',OU')[0] -split '=')[1]
}
7

Thank you, that works fine… :slightly_smiling_face: