Get-ADGroupMemberRecursive.ps1
|
<#PSScriptInfo .VERSION 1.0.0 .GUID d79645d6-b49c-47d7-a433-1fb2044d2b91 .AUTHOR saw-friendship .COMPANYNAME .COPYRIGHT .TAGS ActiveDirectory ADGroupMemberRecursive ADGroup Member ADUser Search .LICENSEURI .PROJECTURI .ICONURI .EXTERNALMODULEDEPENDENCIES .REQUIREDSCRIPTS .EXTERNALSCRIPTDEPENDENCIES .RELEASENOTES #> <# .DESCRIPTION Recursive search all users in contains group .EXAMPLE Get-ADGroup 'Domain Admins' | Get-ADGroupMemberRecursive .EXAMPLE Get-ADGroupMemberRecursive (Get-ADGroup 'Domain Admins') .EXAMPLE Get-ADGroupMemberRecursive 'CN=Domain Admins,OU=Groups,DC=contoso,DC=com' #> param ( [Parameter(Mandatory=$true,ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)] [string[]]$DistinguishedName, [switch]$Unique ) Begin { if ($Unique) {$SelectParam = @{'Unique' = $true}} if (! $UniqueGroupSid.Count) {[array]$UniqueGroupSid = @()} } Process { $DistinguishedName | % { $ADObject = Get-ADObject -Identity $_ if ($ADObject.ObjectClass -eq 'group') { $ADGroup = Get-ADGroup -Identity $_ -Properties Member if (!$UniqueGroupSid.Contains($ADGroup.SID.Value)) { $UniqueGroupSid += $ADGroup.SID.Value Get-ADGroupMemberRecursive -DistinguishedName @($ADGroup.Member.ForEach({Get-ADObject -Identity $_})) } else { Write-Warning $('Loop Detected: ' + (@($ADGroup.SID.Value,$UniqueGroupSid[-1]) -join ' -> ')) } } elseif ($ADObject.ObjectClass -eq 'user') { @(Get-ADUser -Identity $ADObject.DistinguishedName) } else {} } | Select-Object @SelectParam } End {} |