The Powershell AD-Modules have certain restrictions when it comes to querying large objects, this can be bypassed by ADSI Query.
Here an example how to read them and how to iterate on users of a group:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
#by J.Kühnis 13.03.2019 #example ADSI Query Powershell $BigGroup = "someADGroupName" $ADGroup1 = "someADGroup1" $ADGroup2 = "someADGroup2" $groupname = $BigGroup $groupdsn = (Get-ADGroup $groupname).DistinguishedName $group =[adsi]”LDAP://$groupdsn” $groupmemebrs = $group.psbase.invoke("Members") | % {$_.GetType().InvokeMember("SamAccountName",'GetProperty',$null,$_,$null)} $groupmemebrs | foreach { $usradgroups = GET-ADUser -Identity $_ –Properties MemberOf | Select-Object -ExpandProperty MemberOf | Get-ADGroup -Properties name | Select-Object name IF ($usradgroups.name -notContains $ADGroup1 -and $usradgroups.name -notContains $ADGroup2) { #User is not a Member of ADGroup1 & ADGroup2 } Else{ #User is MemberOf ADGroup1 & ADGroup2 } } |
Here also an example using a Class to just specify the object the way you like:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
#by J.Kühnis 09.10.2019 #Set variables $ADGROUP = "sgAplMWPXALXA65" # Load AD-Module IF (!(Get-Module -Name ActiveDirectory)) { Import-Module -Name ActiveDirectory IF (!(Get-Module -Name ActiveDirectory)) { start-sleep 10 Write-Warning "No AD-Module Found" Exit } } $groupname = $ADGROUP $groupdsn = (Get-ADGroup $groupname).DistinguishedName $group =[adsi]”LDAP://$groupdsn” $groupmemebrs = $group.psbase.invoke("Members") | % {$_.GetType().InvokeMember("SamAccountName",'GetProperty',$null,$_,$null)} class User{ [string]$Name [string]$SamAccountName [string]$UserPrincipalName [string]$Mail [string]$extensionAttribute7 [string]$extensionAttribute9 } $Userlist = @() $groupmemebrs | ForEach-Object { $usrATTR = GET-ADUser -Identity $_ –Properties Name,SamAccountName,UserPrincipalName,mail,extensionAttribute9, extensionAttribute7 $User = [User]::new() $User.Name = $usrATTR.Name $User.SamAccountName = $usrATTR.SamAccountName $User.UserPrincipalName = $usrATTR.UserPrincipalName $User.Mail = $usrATTR.Mail $User.extensionAttribute1 = $usrATTR.extensionAttribute1 $User.extensionAttribute2 = $usrATTR.extensionAttribute2 $Userlist += $User } $Userlist | format-table |
0