Getting AD users in a group with PowerShell
PowerShell rocks, but a part of the rockiness comes from the great third party additions. For example, enumerating the users in an Active Directory Group is somewhat painful with the basic PowerShell… but throw in Quest Software’s excellent free ActiveRoles Management Shell extensions, and things get a lot smoother.
The goodness can be downloaded from http://www.quest.com/powershell/activeroles-server.aspx.
I needed to get email addresses of users in a group and its subgroups. Well, I power up the ActiveRoles Management Shell and type in:
Get-QADGroupMember MYDOMAIN\Finance -indirect |
where { $_.Type -eq 'user' } |
foreach { $_.Email }
And then, I just have what I need. Of course, had I needed something else, I would have had quite a great object structure available for navigation.
Thanks, Quest guys!
June 11, 2010
· 
Jouni Heikniemi · 
One Comment
Tags: Active Directory, PowerShell · Posted in: Windows IT
One Response
Jaba - June 11, 2010
Just for comparison, getting the similar list in LDIF format from OpenLDAP by using the command line tools:
ldapsearch -LLL -x -b "ou=Finance,dc=mydomain,dc=com" "(user=*)" email
Getting only the list of email addresses without additional output is a bit more awkward (unless there's a way I have missed…):
ldapsearch -x -b "ou=Finance,dc=mydomain,dc=com" "(user=*)" email | grep email: | cut -d ':' -f2
Leave a Reply