Get-adgroupmember For Nested Groups and Members in different forests

Zohreh2021 1 Reputation point
2021-10-03T16:02:26.177+00:00

I am looking for a Powershell script that lists all the group members. These groups have nested groups but some members are in different forests. All other domains in the different forests trust this domain. There is a one-way trust.

My script/commands work as long as the group does not have any member that is in a different forest or does not have nested groups that have members in different domains.

Part of my script. I already defined the $path variable

Import-CSV $inputfile | ForEach-Object {

$group = $_.Groups

$Role = $_.Role

$outputfile = "\location\$group.csv"
New-Item -ItemType File $outputFile -Force

Get-ADGroupMember -identity $group -Recursive | Select-object Name | Export-csv -path $outputfile -NoTypeInformation
}

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,455 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Rich Matheisen 45,831 Reputation points
    2021-10-03T18:51:48.74+00:00

    I suspect that the problem may be the one-way trust. See this discussion for information and some possible ways around this: 616

    You might try using a Global Catalog server (as suggested in some other threads). Something like this:

    $outputfile = "\location\$group.csv"
    
    Import-Csv $inputfile | 
        ForEach-Object {
            Get-ADGroupMember -identity $_.group -Recursive -Server GCServerName:3268 | 
                Select-Object Name
    } | Export-Csv -path $outputfile -NoTypeInformation
    
    0 comments No comments

  2. Limitless Technology 39,501 Reputation points
    2021-10-04T19:25:35.963+00:00

    Hello @Zohreh2021

    I would try this way, adding a $domain variable:

    $Members = @()  
      
    $domains = (Get-ADForest).domains  
      
    foreach ($domain in $domains) {  
      
    $Groups = Get-ADGroup -Filter { Name -like "*partialname" } -Server $domain | Get-ADGroupMember -Server $domain  
           
      
    $Members += $Groups   
                                   }  
      
    $Members | Out-Gridview  
    

    Hope this helps with your query,

    --------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments