Mark Minasi's Tech Forum
Sign up Calendar Latest Topics
 
 
 


Reply
  Author   Comment   Page 2 of 2      Prev   1   2
meloao

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 98
Reply with quote  #16 
I do have a habit of using Get-ADUser quite a bit.  I will work on using the dotted notation for code efficiency.   Thanks for both tips!
0
meloao

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 98
Reply with quote  #17 
Is this the best way to get a list of members in Domain Admins?  I want to do a check to verify that no one the users are not in Domain Admins.


# Get Domain Admins Users membership

$groupDomainAdmins = "Domain Admins"
$grp = Get-ADGroup $groupDomainAdmins -Properties members
$listDomainAdmins = $grp.Members | Get-ADUser | Select-Object -ExpandProperty samaccountname | Sort-Object

0
cj_berlin

Avatar / Picture

Senior Member
Registered:
Posts: 380
Reply with quote  #18 
Hi,

no, it's not the best way. The Members attribute will not show you the members where the group in question is set as primary.

Get-ADGroupMembers, on the other hand, will return both regular members and those with primary group attribute. Besides, you can do a recursion and e.g. find only the actual users but those both in the Admins group and in nested groups:


Get-ADGroup "Domain Admins" | Get-ADGroupMember -Recursive | Where-Object objectClass -eq "user" | Select-Object -ExpandProperty sAMAccountName



__________________
Evgenij Smirnov

My personal blog (German): http://www.it-pro-berlin.de/
My stuff on PSGallery: https://www.powershellgallery.com/profiles/it-pro-berlin.de/
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.