I needed a list of users in a group and GET-ADGROUPMEMBER was failing hard due to some foreign security principals. This is what I came up with:
$LOCAL=@()
$FOREIGN=@()
$group="sec_group"
$alluser=(Get-ADGroup $group -properties member).member
foreach ($user in $alluser){
if ($user -like "*ForeignSecurityPrincipals*"){
$object = New-Object System.Security.Principal.SecurityIdentifier (($user.trimstart("CN=")).trimend(",CN=ForeignSecurityPrincipals,DC=ad,DC=orthoclinical,DC=com"))
$result = $object.Translate([System.Security.Principal.NTAccount])
$FOREIGN+=($result.Value).substring(($result.Value).IndexOf('\')+1)
}
else{$$LOCAL+=(Get-ADUser -identity $user).name}
}
Write-Host "---------"
Write-Host "GROUP:$group"
Write-Host "---------"
Write-Host "$LOCAL USERS"
Write-Host "---------"
$LOCAL
Write-Host "---------"
Write-Host "FOREIGN USERS"
Write-Host "---------"
$FOREIGN
It's not the prettiest script on the net, but it gets the job done.
No comments:
Post a Comment