Previously I wrote a script that would find all members of a security group via Powershell but something I didn’t discuss is dealing with nested groups.
This script was written with the idea in mind to find ALL members of a group, computers and users as well as the nested members. That being said it’s still not quite perfect as it doesn’t address finding details about users, groups or computers that are in trusted domains. We can at least see that those objects exist we just can’t collect details about them.
To simply download the script and read through the notes click here:
When I look at active directory groups the first thing I wonder is how deep the rabbit hole goes. This script is designed towards finding who/what is a member of a specific access group.
First thing we create an array for each type of object we could find in a group.
$MemberList = {$AllMembers}.invoke() #Create the array used for the List of all Users
$GroupsList = {$AllGroups}.invoke() #Create the array used for the List of all Groups
$ComputerList = {$AllComputers}.invoke() #Create the array used for the list of all Computers
Then we import active directory so we can use the AD based cmdlets:
Import-Module ActiveDirectory
OK now the hard part we have to actually DO something, so we create a custom function:
This creates a variable to be passed into the “Get-Members” function. We then set a variable $Members and perform the built in AD powershell command of “Get-ADGroupMember $VAR” which will get the ad group membership for all members of the passed variable. Now I know I COULD have used params here but I wrote this a while ago and haven’t updated it and for something this simple using a single enclosed function it seemed a waste.
Once we have all the members of the group we start a ForEach loop on every item in $Members.
This item is the first IF statement in the FOREACH loop. This evaluates if the item has a class type of “User” and if it does then retrieves some information about that user and adds that information to the table. Then just in case the user is not a member of the domain there is a catch component to add the user and state the failure reason in the table.
We then do this same process for the other possible types of item in the list like so for computers:
And then just in case there is a nested group.
The major difference here is if the object type is a group, it then calls the function back on itself until it finds all members of the nested group.
This last little section is what makes the script actually start and ask for a group. It’s also what prints the results to the screen and with a little nudge you could also send that data to a CSV or TXT file with the location of your choosing.