PowerShell Logo Small

Get-ADGroupMember



This is the built-in help made by Microsoft for the command 'Get-ADGroupMember', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Gets the members of an Active Directory group.

SYNTAX


Get-ADGroupMember [-Identity] <ADGroup> [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-Partition <String>] [-Recursive] [-Server <String>]
[<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Get-ADGroupMember cmdlet gets the members of an Active Directory group. Members can be users, groups, and computers.


The Identity parameter specifies the Active Directory group to access. You can identify a group by its distinguished name (DN), GUID, security identifier (SID), or Security
Accounts Manager (SAM) account name. You can also specify the group by passing a group object through the pipeline. For example, you can use the Get-ADGroup cmdlet to
retrieve a group object and then pass the object through the pipeline to the Get-ADGroupMember cmdlet.


If the Recursive parameter is specified, the cmdlet gets all members in the hierarchy of the group that do not contain child objects. For example, if the group
SaraDavisReports contains the user KarenToh and the group JohnSmithReports, and JohnSmithReports contains the user JoshPollock, then the cmdlet returns KarenToh and
JoshPollock.


For AD LDS environments, the Partition parameter must be specified except in the following two conditions:

-- The cmdlet is run from an Active Directory provider drive.
-- A default naming context or partition is defined for the AD LDS environment. To specify a default naming context for an AD LDS environment, set the
msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/p/?linkid=291033
Add-ADGroupMember
Add-ADPrincipalGroupMembership
Get-ADGroup
Get-ADPrincipalGroupMembership
Remove-ADGroupMember
Remove-ADPrincipalGroupMembership

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

PS C:\>Get-ADGroupMember
cmdlet Get-ADGroupMember at command pipeline position 1
Supply values for the following parameters: (Type !? for Help.)
Identity: Administrators

distinguishedName : CN=Domain Admins,CN=Users,DC=Fabrikam,DC=com
name : Domain Admins
objectClass : group
objectGUID : 5ccc6037-c2c9-42be-8e92-c8f98afd0011
SamAccountName : Domain Admins
SID : S-1-5-21-41432690-3719764436-1984117282-512

distinguishedName : CN=Enterprise Admins,CN=Users,DC=Fabrikam,DC=com
name : Enterprise Admins
objectClass : group
objectGUID : 0215b0a5-aea1-40da-b598-720efe930ddf
SamAccountName : Enterprise Admins
SID : S-1-5-21-41432690-3719764436-1984117282-519

distinguishedName : CN=LabAdmin,CN=Users,DC=Fabrikam,DC=com
name : LabAdmin
objectClass : user
objectGUID : ab7c269d-aec5-4fcc-aebe-6cd1a2e6cd53
SamAccountName : LabAdmin
SID : S-1-5-21-41432690-3719764436-1984117282-1000

distinguishedName : CN=Administrator,CN=Users,DC=Fabrikam,DC=com
name : Administrator
objectClass : user
objectGUID : 994f46e6-c62c-483f-a6cf-124197b6a959
SamAccountName : Administrator
SID : S-1-5-21-41432690-3719764436-1984117282-500



This command gets all the members of the administrators groups using the default behavior.




-------------------------- EXAMPLE 2 --------------------------

PS C:\>Get-ADGroup -Server localhost:60000 -Filter {GroupScope -eq "DomainLocal"} -SearchBase "DC=AppNC" | Get-ADGroupMember -partition "DC=AppNC"
distinguishedName : CN=SanjayPatel,OU=AccountDeptOU,DC=AppNC
name : SanjayPatel
objectClass : user
objectGUID : d671de28-6e40-42a7-b32c-63d336de296d
SamAccountName :
SID : S-1-510474493-936115905-2231798853-1260534229-4171027843-767619944



This command gets the groups members of all domain local groups in the AD LDS instance.




-------------------------- EXAMPLE 3 --------------------------

PS C:\>get-adgroupmember -Identity administrators
distinguishedName : CN=Domain Admins,CN=Users,DC=Fabrikam,DC=com
name : Domain Admins
objectClass : group
objectGUID : 5ccc6037-c2c9-42be-8e92-c8f98afd0011
SamAccountName : Domain Admins
SID : S-1-5-21-41432690-3719764436-1984117282-512

distinguishedName : CN=Enterprise Admins,CN=Users,DC=Fabrikam,DC=com
name : Enterprise Admins
objectClass : group
objectGUID : 0215b0a5-aea1-40da-b598-720efe930ddf
SamAccountName : Enterprise Admins
SID : S-1-5-21-41432690-3719764436-1984117282-519

distinguishedName : CN=LabAdmin,CN=Users,DC=Fabrikam,DC=com
name : LabAdmin
objectClass : user
objectGUID : ab7c269d-aec5-4fcc-aebe-6cd1a2e6cd53
SamAccountName : LabAdmin
SID : S-1-5-21-41432690-3719764436-1984117282-1000

distinguishedName : CN=Administrator,CN=Users,DC=Fabrikam,DC=com
name : Administrator
objectClass : user
objectGUID : 994f46e6-c62c-483f-a6cf-124197b6a959
SamAccountName : Administrator
SID : S-1-5-21-41432690-3719764436-1984117282-500



This command gets all the group members of the administrators group.




-------------------------- EXAMPLE 4 --------------------------

PS C:\>Get-ADGroupMember -Identity "Enterprise Admins" -Recursive
distinguishedName : CN=Administrator,CN=Users,DC=Fabrikam,DC=com
name : Administrator
objectClass : user
objectGUID : 994f46e6-c62c-483f-a6cf-124197b6a959
SamAccountName : Administrator
SID : S-1-5-21-41432690-3719764436-1984117282-500

distinguishedName : CN=Sagiv Hadaya,CN=Users,DC=Fabrikam,DC=com
name : Sagiv Hadaya
objectClass : user
objectGUID : 64706230-f179-4fe4-b8c9-f0d334e66ab1
SamAccountName : SHadaya
SID : S-1-5-21-41432690-3719764436-1984117282-1158



This command gets all the members of the Enterprise Admins group including the members of any child groups.