PsCustomObject

PsCustomObject

I’m a Systems Engineer with a passion for automation, turning complex tasks into streamlined processes both for work and fun.

Some might call it DevOps; I call it doing what I love. Fluent in PowerShell, C#, Python, and Go(lang), I also have a nostalgic appreciation for C.

Nowadays, Go is my go-to for high-performance needs. I pride myself on hand-crafting every line of code—no AI shortcuts here!

Join me in my journey, where clean, readable code is the norm, and automation is an art form.

PowerShell - Get all members of a group recursively

1 minute read

In my other article Get-ADGroupMember : The operation returned because the timeout limit was exceeded a user commented

Nice n fast, as long as you don’t want recursive members? How to make this include recursive members?

This is a rather common requirement in every environment as getting members of a group is rather straightforward but discovering indirect membership is not that obvious. Funnily enough answer lies in something I posted couple of days ago when explaining how to get all users reporting to a specific manager OID 1.2.840.113556.1.4.1941.

Let’s see this in action

# Define LDAP Filter to use
[string]$ldapFilter = '(memberOf:1.2.840.113556.1.4.1941:=CN=TestGroup,OU=Groups,DC=automation,DC=lab)'

# Get all members of the group recursively
Get-ADUser -LDAPFilter $filter -Properties mail

# Output
DistinguishedName : CN=user1,OU=Users,OU=Test,DC=automation,DC=lab
mail              : user1@automation.lab
Name              : user1
ObjectClass       : user
ObjectGUID        : 75c199bf-4a20-4e2a-82b8-80796f7f39cf

DistinguishedName : CN=user2,OU=Users,OU=Test,DC=automation,DC=lab
Name              : user2
ObjectClass       : user
ObjectGUID        : e3153344-be4d-409f-afba-4569b36c9922

# <snip>

If you also want to return groups members of the specified group simply use the Get-AdObject cmdlet

# Define LDAP Filter to use
[string]$ldapFilter = '(memberOf:1.2.840.113556.1.4.1941:=CN=TestGroup,OU=Groups,DC=automation,DC=lab)'

# Get all members of the group recursively
Get-ADObject -LDAPFilter $filter -Properties mail

# Output
DistinguishedName : CN=user1,OU=Users,OU=Test,DC=automation,DC=lab
mail              : user1@automation.lab
Name              : user1
ObjectClass       : user
ObjectGUID        : 75c199bf-4a20-4e2a-82b8-80796f7f39cf

DistinguishedName : CN=user2,OU=Users,OU=Test,DC=automation,DC=lab
Name              : user2
ObjectClass       : user
ObjectGUID        : e3153344-be4d-409f-afba-4569b36c9922

DistinguishedName : CN=TestGroup,OU=Distribution Groups,DC=automation,DC=lab
mail              : GRoup1@automation.lab
Name              : Group1
ObjectClass       : group
ObjectGUID        : e715c1c2-d596-4fc4-975c-7e30ed9c2c8b

Again this approach is lightning fast and can return thousand of results in couple of seconds making it a suitable candidate for larger deployments.

As I did with Get-ReportChain I will wrap this up as a function and make it available in my IT-ToolBox module

Leave a comment

You may also enjoy

SSH Connection Manager in Command Line

1 minute read

Managing multiple SSH connections and hosts can sometimes be problematic. In this post, I will show how you can easily save multiple connections directly in ...

PowerShell - Generate Unique UPN

4 minute read

In this short post I will share two new cmdlets I have developed to generate forest wide unique UPN handling the different edge cases.

PowerShell - Get day of weekday

less than 1 minute read

In this short post we will see how we can use PowerShell to get an integer representing the number associated with the day of the week for the current date.