Retrieve all groups in a domain or container that match the specified conditions.
Syntax
Get-QADGroup [[-Identity] IdentityParameter] [-GroupType GroupType]
[-GroupScope GroupScope] [-Tombstone] [-Dynamic] [-Empty]
ADProperties DateTimeOptions Membership Advanced_Options
[-SizeLimit Int32] [-LdapFilter String]
[-IncludeAllProperties] [-SerializeValues]
Key
-identity The Distinguished Name (DN), Canonical Name, GUID or, where applicable,
the Domain\Name, UPN or SID of the object you wish to find.
-GroupType 'Security' or 'Distribution'
-GroupScope 'Global' 'Universal' or 'DomainLocal'
-Empty Only retrieve groups that have no members.
ADProperties Retrieve objects that match one or more of the properties below:
[-Description String] [-Name String] [-DisplayName String]
[-SamAccountName String]
[-Anr String] (ambiguous name resolution)
DateTimeOptions
Only return items matching a date range:
[-CreatedOn DateTime] [-CreatedAfter DateTime] [-CreatedBefore DateTime]
[-LastChangedOn DateTime] [-LastChangedAfter DateTime] [-LastChangedBefore DateTime]
Membership
Only return items that belong (or don't belong) to given groups:
[-MemberOf IdentityParameter[]] [-IndirectMemberOf IdentityParameter[]]
[-NotMemberOf IdentityParameter[]] [-NotIndirectMemberOf IdentityParameter[]]
[-ContainsMember IdentityParameter[]] [-ContainsIndirectMember IdentityParameter[]]
[-NotContainsMember IdentityParameter[]] [-NotContainsIndirectMember IdentityParameter[]]
-SizeLimit Maximum number of items to be returned (default=1000)
-LdapFilter A case-sensitive LDAP search filter.
If an Identity value is supplied this parameter will be ignored.
-IncludeAllProperties
Retrieve all attributes of the computer object
-SerializeValues
Output the object properties as a string (serialized) this makes it easy to
export attribute values to a text file. When used with -IncludeAllProperties,
an entire object can be exported from AD into a text file.
-Tombstone Search for deleted objects. (see Restore-QADDeletedObject)
Advanced_Options:
[-LastKnownParent IdentityParameter] [-SecurityMask SecurityMasks]
[-SearchRoot IdentityParameter] [-SearchScope SearchScope]
[-AttributeScopeQuery String] [-PageSize Int32]
[-WildcardMode WildcardMode] [-ObjectAttributes Object] [-Anr String]
[-DontConvertValuesToFriendlyRepresentation] [-ReturnPropertyNamesOnly]
[-UseDefaultExcludedProperties] [-DontUseDefaultIncludedProperties]
[-UseDefaultExcludedPropertiesExcept String []] [-ExcludedProperties String[]]
[-IncludedProperties String[]] [-UseGlobalCatalog]
[-Proxy] [-Service String]
[-ConnectionAccount String] [-ConnectionPassword SecureString]
[-Credential PSCredential] [-Connection ArsConnection]
Notes:
By default Get-QADGroup will connect to any available domain controller with the credentials of the locally logged on user, to connect to a specific domain controller using a specific account, either use the advanced options (-Proxy/-Service/-ConnectionAccount) or use the Connect-QADService cmdlet to make the connection.
Examples
Display the description of the 'SuperAdmins' group in domain ss64Dom
PS C:>(get-QADGroup 'ss64Dom\SuperAdmins').DirectoryEntry.description
Using an LDAP search filter, display all the groups whose description starts with an 's'
PS C:> get-QADGroup -SearchRoot 'ss64.com/sampleOU' -LdapFilter '(description=s*)'
List all distribution groups in a specific OU container:
PS C:> get-QADGroup -SearchRoot 'ss64.com/sampleOU' -GroupType 'Distribution'
Retrieve groups from a particular container that have the user usr1021 as a direct or indirect member:
PS C:> get-QADGroup -SearchRoot '<DN of container>' -ContainsIndirectMember 'ss64Dom\usr1021'
“Three groups spend other people's money: children, thieves, politicians. All three need supervision” - Dick Armey
Related:
Quest cmdlets
Set-QADGroup - Modify attributes of group(s)
Q243330 - Well-known security identifiers (sids) in Windows operating systems
© Copyright SS64.com 1999-2013
Some rights reserved