PowerShell has a native module called “ActiveDirectory” using which we can query active directory. The advantage of using this is, you no need to depend on external installers like Quest PowerShell tools to query active directory. The only pre-requisites for using the cmdlets in ActiveDirectory module is you should run these from either vista or windows 7 computer and you environment should have atleast one Windows 2008 R2 DC(or should have ADWS installed on windows 2003 DCs).
So, here is the code to query active directory group for its members.
Import-Module ActiveDirectory Get-ADGroupMember -Identity Group1 | select Name, ObjectClass
In the above code I am first importing ActiveDirectory module and the using Get-ADGroupMember cmdlet to query the group named Group1
If the Group1 has some more groups inside it, you can query the group recursively using the -recurse parameter.
ActiveDirectory some other useful cmdlets which you can use to manage group membership of Groups. For example, Add-ADGroupMember cmdlet helps us in adding a object to a group in AD. Similarly using Remove-ADGroupMeber we can remove objects from a group.
Get-QADGroupMember is not native, it’s a Quest thing.
This command is not recognized on a 2008R2 DC in a 2008 Domain.
That is correct. Get-QADGroupMember belongs to Quest AD Powershell Snapin. But what I have used here in this post is, a native cmdlet(Get-ADGroupMember) that comes along with activedirectory module which is available in windows 2008 and windows 7. Just wondering why you referred that.
Hello I am newbie to powershell. How do i get List of AD group users and last password change in Quest AD snapin ? HOw do i export the same in a CSV file?
If i have a list of users in a CSV file how do i get thier last password change in Quest or Native power shell?
Recently I started using powershell and your scripts for a few tasks in my environment. Can you please let me know how I can get a list of users within the local admin groups on each server in my domain. I am using 2 of your sctipts, one to get the list of local admin groups on each server and the other to get list of users in each of these groups. I need to merge these 2. I need a list of local admins in each server via the AD group they are member of.