Get AD Group Members - exclude computers

71 Views Asked by Nelson Figueroa At 12 April 2025 at 21:00

I have security groups with users and computers. I want to list ONLY the users within the security groups. I am getting the list of users but also getting an error for each computer in the security group:

Get-ADUser : Cannot find an object with identity: 'CN="*

The script I am using is below:

$GroupName = Read-Host -Prompt 'Enter the Group Name'
Get-ADGroupMember -Identity $GroupName -Recursive | 
Get-ADUser  -Properties Name,Mail,Title,Department | Sort-Object Department,Title,Name | Format-Table Name,Mail,Title,Department -AutoSize

Original Q&A

There are 1 best solutions below

Santiago Squarzon On 22 December 2023 at 13:23 BEST ANSWER

Instead of using Get-ADGroupMember use Get-ADUser with a filter to find, recursively, all members of the group:

$GroupName = Read-Host -Prompt 'Enter the Group Name'
$groupDn = (Get-ADGroup -Identity $GroupName).DistinguishedName
$getADUserSplat = @{
    LDAPFilter = "(memberOf:1.2.840.113556.1.4.1941:=$groupDn)"
    Properties = 'Name', 'Mail', 'Title', 'Department'
}

Get-ADUser @getADUserSplat |
    Sort-Object Department, Title, Name |
    Format-Table Name, Mail, Title, Department -AutoSize

See also Active Directory: LDAP Syntax Filters for details on LDAP_MATCHING_RULE_IN_CHAIN (1.2.840.113556.1.4.1941).

Get AD Group Members - exclude computers

There are 1 best solutions below

Related Questions in POWERSHELL

Related Questions in ACTIVE-DIRECTORY

Related Questions in GET-ADUSER

Trending Questions

Popular # Hahtags

Popular Questions