Sup’ PSHomies,
Did you ever had the need to “know” just who are members of a specific group and more importantly, if they were users or groups… Maybe I can assist… 😉
To distinguish between a user or group use Get-ADUser / Get-ADGroup. Get-ADUser will process None or Microsoft.ActiveDirectory.Management.ADUser only objects. The same goes for Get-ADGroup. Either None or Microsoft.ActiveDirectory.Management.ADGroup only objects will be processed.
With this info we can now process the AD Group to get just who is a member and what is their object class.
#region Get AD Group stats | |
#Specify ADGroup(s) using like | |
$groupName = 'DAT_ICT*' | |
$adGroup = Get-ADGroup -Filter { Name -like $groupName} | | |
Foreach-Object { | |
[PSCustomObject]@{ | |
Group = $_ | |
GroupMembers = Get-ADGroup -Filter { memberOf -eq $_.DistinguishedName } | |
UserMembers = Get-ADUser -Filter { memberOf -eq $_.DistinguishedName } | |
UserMembersRecursive = Get-ADGroup -Filter { memberOf -eq $_.DistinguishedName } | | |
ForEach-Object{ | |
Get-ADGroupMember -Identity $_ -Recursive | |
} | |
GroupMemberOf = Get-ADGroup -Filter { members -eq $_.DistinguishedName } | |
} | |
} | |
#Get Count of the ADGroup(s) | |
$adGroupMembersCount = $adGroup | | |
ForEach-Object{ | |
[PSCustomObject]@{ | |
Group = $_.Group.Name | |
countGroupMembers = @($_.GroupMembers).Count | |
countUserMembers = @($_.UserMembers).Count | |
countUserMembersRecursiveUnique = @($_.UserMembersRecursive | Select-Object -Unique ).Count | |
countGroupMembersOf = @($_.GroupMemberOf).Count | |
} | |
} | |
#endregion |
I opted for a specific AD Group name pattern. Feel free to refactor to your needs! Depending on your AD size it may take a while if you decide to retrieve all AD Groups…
Hope it’s worth something to you,
Ttyl,
Urv