取得 AD 群組成員的指令 Group Members List

Updated: 2017.02.17 Add Powershell Script

Updated: 2020.12.08 Add User OU Filter Pattern

基本: 取得群組成員的 (只能取得 Users, 不能取得 Groups)

• net group /domain [Group Name]

進階: 取得巢狀群組所有成員 (包含 Users 與 Groups)

• dsget group "CN=GroupName,DC=domain,DC=name,DC=com" -members -expand

或是使用以下 Powershell:

#-------------------------------------------------------

$OUFileter = 0

$UserOU = "OU=Users,DC=Contoso,DC=com"

$Groups = @()

$Groups += "Users_Group"

#-------------------------------------------------------

$Global:MemberGroups = @()

$Global:MemberUsers = @()

Function Get-NestedGroupMember($Groups) { 

$Groups | foreach {

if ($_ -ne "") {

Get-ADGroupMember -Identity $_ | select Name,ObjectClass -uniq | foreach {

if ($_.ObjectClass -eq "Group") {

$Global:MemberGroups += ($_.Name)

Get-NestedGroupMember($_.Name)

} else {

if ($OUFilter -eq 1) {

$RightOU = Get-ADUser -Identity $_.Name -Properties * | Select DistinguishedName | Select-String -Pattern $UserOU

} else {

$RightOU = $_.Name

}

if ($RightOU) {

$Global:MemberUsers += ($_.Name)

}

}

}

}

}

}

Get-NestedGroupMember($Groups)

$Global:MemberUsers = $Global:MemberUsers | select -uniq

$Global:MemberGroups = $Global:MemberGroups | select -uniq

$Return = ""

$Return += "=== Groups : $($Global:MemberGroups.Count) ===`r`n"

$Global:MemberGroups | forEach {

$Return +=  "$($_)`r`n"

}

$Return +=  "`r`n"

$Return += "=== Users : $($Global:MemberUsers.Count) ===`r`n"

$Global:MemberUsers | forEach {

$Return +=  "$($_)`r`n"

}

Write-Host $Return

$FileName = "GetMultiNestedGroupMembers.txt"

$Return | Out-File $FileName

exit

#-------------------------------------------------------