Help with retrieving user list of a group in active directory

Hi everyone,
I am new to this forum and a beginner at powershell. In activedirectory, I am trying to retrieve the list of users for a group name starting with say “abc” and would like to only see users with country “India” for a group

I have tried this command so far but country isnt working

My first thought process was to use get-adgroup and filter names with abc and then use get-adgroupmember to get the list of users within that group but i cant filter country which is an ldapfilter in activedirectory

get-adgroup -filter "Name -like '*abc*'" | get-adgroupmember | select name, country

then i thought i should filter in the get-adgroup itself like this. no luck

get-adgroup -ldapfilter "Name -like '*abc*' -and Country -like '*India*'" | get-adgroupmember 

also tried

get-adgroup -filter "Name -like '*abc*'" | get-adgroupmember | get-aduser -filter "Country -like '*India*'"

got this error on this one:
get-aduser : The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties
do not match any of the parameters that take pipeline input.

can someone direct me the thought process here? I really want to learn. Thank you!

Welcome to the forum. :wave:t4:

What do you actually expect as result of your query? With the first part of the pipeline you get the desired groups and with the second part you get the groupmembers of all these groups. But you loose the info about the group. And since the groupmember does not have a property country you cannot select it. :wink:

I assume you want to have the information about the groupmembers including the information about what group they are member of. Therefor you will need a nested loop.

First you query the desired groups. In the outer loop you iterate over all found groups and query the members of each group. And in the inner loop you query each individual group member for its AD account where you can filter for the ones with the country “India”. There (in the inner loop) you combine everything in a PSCustomObject and you’re done. :+1:t4: :wink:

1 Like

Hi Olaf,

Thank you for your input.

I havent used nested loop before. Parden my expertise on powershell. still learning.

I am trying to get a list of all users from a group. There are multiple groups with the same name in it. Example - ‘Companyabc’, ‘Company2abc’ etc. Within these groups we have users. We have a mix of users from different countries. I only would like users from India within those groups.

I was rethinking using get-aduser

Get-adgroup -filter {Name -like '*abc*} | get-adgroupmember | get-aduser -filter {Country -eq 'India'} | where $_.enabled -eq $true

my outer condition is im trying to get all the groups with search criteria “abc” and getting all members and then filtering country attribute.

This does not work as im getting the error
the command "get-aduser -filter {…}does not take pipeline input

I have not learned how to use foreach loop yet if that is what you were referring to. I didn’t think this pull would be so timeconsuming

I cannot test at the moment. But - assumed there is a property with the Name country - something like this should work:

Get-ADGroup -Filter "Name -like '*abc*'" |
    Get-ADGroupMember |
        ForEach-Object {
            Get-ADUser -Identity $_.DistinguishedName -Properties Country |
                Where-Object -Property Country -eq -Value India

Thank you so much, Olaf! You helped tremendously. I am definitely understanding it much better. Still rusty but I can get it!