The function Get-QADGroupMember is very handy to quickly find it's members and nested members!

Get-QADGroupMember groupname -Indirect

This will display users even Indirectly like Get-QADGroupMember Administrators -Indirect will display all your admins!
If you only want to see the users directly or in-directly type
Get-QADGroupMember 'domainName\groupName' -Type 'user' -Indirect

To find a group of e.g. sales you would type:
Get-QADGroup -LDAPFilter "(cn=*Sales*)"

To get its members type:
Get-QADGroup -LDAPFilter "(cn=*Sales*)" | Get-QADGroupMember

above line indicates that there was only one group with the name sales otherwise you should specify it with the cn= parameter

To get e.g a list of groups with it's member you would do:

get-qadgroup -Identity GROUPNAME* | foreach-object {
"`nGroup: $($"
get-qadgroupmember ($_)

Pretty Cool Huh!

What about looking a specific user and/or users, and show only the groups that are equal or greater than LS_GROUP*

get-qadUser -Identity USERNAME | foreach-object {
    "User: $($"
        get-qadmemberOf ($_) | Where {$_.Name -ge "LS_GROUP*"} | select Name

Now lets asume you have a text file with several different security groupname in it like named groupRW.txt and groupRO.txt

Then you want to see who is a member of those security groups and start with the securitygroupname
Get-content groupRW.txt | Foreach-Object { get-qadgroup -Identity $_ | foreach-object {
"`nGroup: $($"
get-qadgroupmember ($_)
Get-content groupRO.txt | Foreach-Object { get-qadgroup -Identity $_ | foreach-object {
"`nGroup: $($"
get-qadgroupmember ($_)

How do you make User B the same as User A?
(Get-QADUser userA).MemberOf | Add-QADGroupMember -Member domain\userB

How do you add a user from one domain a member of 80 groups in another domain?
Get-Content .\groups80.txt | Foreach {Add-QADGroupMember -identity $_ -member 'FOREIGNDOMAIN\username' }

Quest Software

On Me

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License