Monday, September 15, 2014

Enumerate AD Group User Object Membership

Lots of scripts out there to do this type of work but I could not find exactly what we needed so wrote one.  I started playing with .NET so the compiled EXE and the source for Visual Studio are attached.

Issue

I have a group in AD that has all IT in it. There is a collection that points to it for deployments and its used as a DL for communications. I wanted to export all user objects that are in it. This group has other groups as members who in turn have other groups as members. Lots of nesting here.

Resolution

This script will export all user objects to a CSV and enumerate the SamAccount, Primary Email, and UPN attributes. It will keep digging into any nested member groups to obtain all the user objects. The output file will be created as group you give it with stripped spaces. For syntax, there really isn't any. Just run it and it prompts.

 C:\Users\me\TempStuff>GetADGroupMembership.exe  
 Please enter the AD group you want to get membership for:  
 My Companies IT Master Group  
 File will be generated where this program is run.  


Download

This script is provided as-is, no warranty is provided or implied.The author is NOT responsible for any damages or data loss that may occur through the use of this script.  Always test, test, test before rolling anything into a production environment.

Get it here.

-Kevin