Get all members of a group including nested group membership – Powershell

Previously I wrote a script that would find all members of a security group via Powershell but something I didn’t discuss is dealing with nested groups.

This script was written with the idea in mind to find ALL members of a group, computers and users as well as the nested members. That being said it’s still not quite perfect as it doesn’t address finding details about users, groups or computers that are in trusted domains. We can at least see that those objects exist we just can’t collect details about them.

To simply download the script and read through the notes click here:

When I look at active directory groups the first thing I wonder is how deep the rabbit hole goes. This script is designed towards finding who/what is a member of a specific access group.

First thing we create an array for each type of object we could find in a group.

$MemberList = {$AllMembers}.invoke() #Create the array used for the List of all Users
$GroupsList = {$AllGroups}.invoke() #Create the array used for the List of all Groups
$ComputerList = {$AllComputers}.invoke() #Create the array used for the list of all Computers


Then we import active directory so we can use the AD based cmdlets:

Import-Module ActiveDirectory

OK  now the hard part we have to actually DO something, so we create a custom function:

Start of the function Get-Members

This creates a variable to be passed into the “Get-Members” function. We then set a variable $Members and perform the built in AD powershell command of “Get-ADGroupMember $VAR” which will get the ad group membership for all members of the passed variable.  Now I know I COULD have used params here but I wrote this a while ago and haven’t updated it and for something this simple using a single enclosed function it seemed a waste.

Once we have all the members of the group we start a ForEach loop on every item in $Members.


This item is the first IF statement in the FOREACH loop. This evaluates if the item has a class type of “User” and if it does then retrieves some information about that user and adds that information to the table. Then just in case the user is not a member of the domain there is a catch component to add the user and state the failure reason in the table.

We then do this same process for the other possible types of item in the list like so for computers:



And then just in case there is a nested group.



The major difference here is if the object type is a group, it then calls the function back on itself until it finds all members of the nested group.

This last little section  is what makes the script actually start and ask for a group. It’s also what prints the results to the screen and with a little nudge you could also send that data to a CSV or TXT file with the location of your choosing.




Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: