In my previous blog entry “Getting Started” I went over downloading and installing the Quest AD Management shell, registering the snapins and running some basic commands using the Get-QADUser CmdLet.
Today I will be looking at the Get-QADGroup CmdLet.
This allows easy access to Active Directory “Group” objects.
As before open a PowerShell Shell window and add in your snapins.
add-pssnapin Quest.ActiveRoles.ADManagementGetting the number of members in a group.
(Get-QADGroup "GroupName").members.count
Export out the members of a group to a formatted table including the name,displayname,mail(SMTP) and office for each member.
Function Get-MemberName() { Process { ForEach($Member In $_) { Get-QADUser –ObjectAttributes @{distinguishedName=$Member} } } } (Get-QADGroup "GroupName").members | Get-MemberName | Format-Table name,displayname,mail,office
I often have to clean up groups by looking for disabled users.
To do this you can just add the “accountisdisabled” property to the script above.
E.g.
(Get-QADGroup "GroupName").members | Get-MemberName | Format-Table name,displayname,mail,office,accountisdisabled
Export out the members of a group to a CSV file with all properties.
Function Get-MemberName() { Process { ForEach($Member In $_) { Get-QADUser –ObjectAttributes @{distinguishedName=$Member} } } } (Get-QADGroup "GroupName").members | Get-MemberName | Export-Csv "C:\GroupMembers.csv"
Above are some useful examples of using Quest AD CmdLets to enumerate Active Directory Group objects.
Hope this helps.
All information is provided on an AS-IS basis, with no warranties and confers no rights.
Tags: AD, AD CmdLets, attributes, Get-QADGroup, PowerShell, Quest
