You are quite confused about what is actually happening here. Take some simpler steps to see what is going on. Run just this
Get-ADGroup -Server $dc -Identity $group -Properties member | Select-Object -ExpandProperty member
You will only see a list of Distinguished Names for the members of the group. There is no other data about those users contained here. You will have to query AD for the users details. I’ll touch on this more later on. Now run
Get-ADGroup -Server $dc -Identity $group -Properties member | Select-Object -ExpandProperty member | Get-Member
It will tell you the object is a string. It’s simply a string representation of the distinguished name. Now run this
Get-ADGroup -Server $dc -Identity $group -Properties member | Select-Object -ExpandProperty member | Select *
This will show you a length. Which is all powershell can do because you passed a string as an object. The object was destroyed when you used -ExpandProperty, because that property was a string.
Now combine it with -Property Name
Get-ADGroup -Server $dc -Identity $group -Properties member | Select-Object -ExpandProperty member -Property Name
You will still only see the DistinguishedName. The name is output to the pipeline but not to the screen. Confirm this by running
$ouptut = Get-ADGroup -Server $dc -Identity $group -Properties member | Select-Object -Property Name -ExpandProperty member
$output.name
You should see the group names. However, Get-Member will still only show this as a string.
You can add properties to a string but it will always just show it’s string representation. So running
$output
Will show the Distinguished names of the members. Now wrapping it all up, when you do Select *, you are collecting the name property and the string which powershell says “a string, return the length”
You can confirm this by checking the distinguished names against the length, it will be the exact number.
$output | Foreach-Object {
Write-Host "The group name is $($_.Name)"
Write-Host "The distinguished name is $_"
Write-Host "The distinguished name is $($_.Length) characters long"
}
Now to better handle your goal, I would recommend
First, make a hashtable of all the users in AD, so you don’t have to keep querying AD for potentially the same users again and again. The key for the hashtable will be the distinguished name, making lookups very simple later.
$aduserlist = Get-Aduser -Filter * -Properties Desired, Properties, Here
$usertable = $aduserlist | Group-Object -Property DistinguishedName -AsHashTable
Now while you’re processing the groups, you can pull all the member details from the table
Get-ADGroup -Server $dc -Identity $group -Properties members | ForEach-Object {
Write-Host "The AD Group is $($_.Name)"
Write-Host "There are $($_.Members.Count) members in this group"
foreach($member in $_.members){
$currentmember = $usertable[$member]
Write-Host "Member: $($currentmember.Name) Login: $($currentmember.samaccountname) -ForegroundColor Cyan
}
}
Hopefully this illustrates the issue you’re seeing and why, as well as give you some direction for acheiving your desired output. (which you never really said.)
One last note, this does not account for other groups or devices, which may be members of the groups as well.