Retrieve the members of a group in Active Directory.

      Get-QADGroupMember [-Identity] IdentityParameter [-Indirect]
        [-Type String] [-SizeLimit Int32] [-LdapFilter String]
           ADProperties [-IncludeAllProperties] DateTimeOptions
              Advanced_Options [-SerializeValues]


   -identity    The Distinguished Name (DN), Canonical Name, GUID or, where applicable,
                the Domain\Name, UPN or SID of the object you wish to find. 

   -Type        The type of directory objects to find ('objectClass' attribute).

   ADProperties Retrieve objects that match one or more of the properties below:
                [-Description String] [-Name String] [-DisplayName String]
                [-Anr String]  (ambiguous name resolution)

                Only return items matching a date range:
                [-CreatedOn DateTime] [-CreatedAfter DateTime] [-CreatedBefore DateTime]
                [-LastChangedOn DateTime] [-LastChangedAfter DateTime] [-LastChangedBefore DateTime]

   -SizeLimit   Maximum number of items to be returned (default=1000) 

   -LdapFilter  A case-sensitive LDAP search filter.
If an Identity value is supplied this parameter will be ignored. -IncludeAllProperties Retrieve all attributes of the computer object -SerializeValues Output the object properties as a string (serialized) this makes it easy to export attribute values to a text file. When used with -IncludeAllProperties,
an entire object can be exported from AD into a text file. Advanced_Options: [-PageSize Int32] [-WildcardMode WildcardMode] [-ObjectAttributes Object] [-DontConvertValuesToFriendlyRepresentation] [-ReturnPropertyNamesOnly] [-UseDefaultExcludedProperties] [-DontUseDefaultIncludedProperties] [-UseDefaultExcludedPropertiesExcept String []] [-ExcludedProperties String[]] [-IncludedProperties String[]] [-UseGlobalCatalog] [-Proxy] [-Service String] [-ConnectionAccount String] [-ConnectionPassword SecureString] [-Credential PSCredential] [-Connection ArsConnection]

By default Get-QADGroupMember will connect to any available domain controller with the credentials of the locally logged on user, to connect to a specific domain controller using a specific account, either use the advanced options (-Proxy/-Service/-ConnectionAccount) or use the Connect-QADService cmdlet to make the connection.


Display a list of members of the group:

PS C:> Get-QADGroupMember 'ss64Dom\Administrators'

Retrieve users that belong to a particular group (directly or because of group nesting):

PS C:> Get-QADGroupMember 'ss64Dom\Workstation_Admins_group' -Type 'user' -Indirect

“There are basically two types of people. People who accomplish things, and people who claim to have accomplished things. The first group is less crowded” - Mark Twain


Get-QADGroup - Retrieve groups that match specific conditions
Quest cmdlets
Q243330 - Well-known security identifiers (sids) in Windows operating systems

Copyright © 1999-2017
Some rights reserved