0

How to get AD-group users list from LDAP using PowerShell without username and password.

Get-ADGroup -LDAPFilter (&(objectCategory=group)((cn=Testgrp"))))

I am trying this way but not fixing can anyone please help me out?

Right now I'm able to get the AD-Group info by using the below PowerShell scripts.

Get the group Info:

Get- ADGroupMember -Identify TEST_GRP_NM | select distinguishName | ft

Get-AdUser -filter{Name -like "GROUP_NM"} -Properties *

Get the user info:

Get-AdUser -Server "DOMAIN" -Identify "NTID" -Properties MemberOf

Note: Need to achieve the list of users from the LDAP group without using LDAP username and password

Improve this question
1
  • 1
    It's redundant to use objectCategory=group when searching for a group using Get-ADGroup. You also have to extra closing parenthesis with a random single double-quote inside your cn=..". The whole filter should be wrapped with quotes as well. Get-ADGroup -LDAPFilter '(cn=Testgrp)' should work. Commented Sep 13, 2022 at 13:48

1 Answer 1

Reset to default
0

I personnally use this script to crawl through the AD (from another StackOverFlow question) In case it becomes somehow a broken link:


# Your filter
$Filter = "(&(objectCategory=group)((cn=Testgrp))))"

# The path you want to scan
$RootOU = "OU=AnotherOU,OU=AnOU,DC=etc,DC=Something"

# The scope Base, One-level or Subtree
# The name is explicit enough
$Scope = "subtree"

# Instanciation and configuration of the directory searcher
$Searcher = New-Object System.DirectoryServices.DirectorySearcher
$Searcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$($RootOU)")
$Searcher.Filter = $Filter
$Searcher.SearchScope = $Scope

# Getting results from the AD
# A first pipe to get the member property returning a list of member
# A second pipe to display each member of the list in a line
$Searcher.FindAll() | Foreach-Object {$($_.Properties["member"])} | Foreach-Object {"$($_)`n"}

Hope it helps !

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks LeauHic. I'm getting below error. Do I need to install any dependencies in powerShell? Exception calling "FindAll" with "0" argument(s): "There is no such object on the server. " At line:20 char:1 + $Searcher.FindAll() | Foreach-Object {$($_.Properties["member"])} | F ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : DirectoryServicesCOMException
There is no dependenies to install, this error mesage can come from a wrong AD path root. If you can have access to a distinguished name of a group (which will be something like "CN=GroupName, OU=..., OU=..., DC=...") you can compare the two paths

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.