I want to know if the Quest Get-ADGroupMember has the option to use wild
cards for the groups you want data returned on. Example, I need to return all
the members of 20 different groups and know all the group end in “_admin�
Does the ADGroupMember cmdlet allow for wildcards so I can return members for
all _admin group in the domain? Any help would be appreciated.

PC4N6 wrote:

> I want to know if the Quest Get-ADGroupMember has the option to use wild
> cards for the groups you want data returned on. Example, I need to return all
> the members of 20 different groups and know all the group end in “_admin�
> Does the ADGroupMember cmdlet allow for wildcards so I can return members for
> all _admin group in the domain? Any help would be appreciated.

You can try something like this:
get-qadgroup|where-object{$_.name -match "_admin$"}|get-qadgroupmember

--
Microsoft MVP - Windows PowerShell
http://www.microsoft.com/mvp

PowerGadgets MVP
http://www.powergadgets.com/mvp

Blog:
http://marcoshaw.blogspot.com

I would be careful with this approach as you have to get all the Group objects
in the domain. That could be quite a bit.

I cannot say this authoratively (which is why I didnt post) but I am fairly
certain you can pass a wild card. The problem is that I think it wildcards
on sAMAccountName which isn't always the same as the CN.

Brandon Shell
---------------
Blog: http://www.bsonposh.com/
PSH Scripts Project: www.codeplex.com/psobject

M> PC4N6 wrote:
M>

>> I want to know if the Quest Get-ADGroupMember has the option to use
>> wild cards for the groups you want data returned on. Example, I need
>> to return all the members of 20 different groups and know all the
>> group end in "_admin" Does the ADGroupMember cmdlet allow for
>> wildcards so I can return members for all _admin group in the domain?
>> Any help would be appreciated.
>>

M> You can try something like this:
M> get-qadgroup|where-object{$_.name -match
M> "_admin$"}|get-qadgroupmember
M> PowerGadgets MVP
M> http://www.powergadgets.com/mvp
M> Blog:
M> http://marcoshaw.blogspot.com

I think there's bug:

# this works fine and returns all groups starting with e
PS > Get-QADGroup e*

Name Type
---- ----
Enterprise Admins group
Exchange Domain... group
(...)

# this fails
PS > Get-QADGroup *e
Get-QADGroup : Cannot resolve DN for the given identity: '*e'
At line:1 char:13
+ Get-QADGroup <<<< *e


What surprises me is the fact that when I run:

PS > Get-QADGroup | Get-QADGroupMember

which seems very straightforward, I get an error:


Name Type DN
---- ---- --
Administrator user CN=Administrator...
Get-QADGroupMember : Invalid type of identity. Type of specified identity:
group. This cmdlet allows only: user.
At line:1 char:34
+ Get-QADGroup | Get-QADGroupMember <<<<



can anyone confirm this behavior?



-----
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com

> I want to know if the Quest Get-ADGroupMember has the option to use
> wild cards for the groups you want data returned on. Example, I need
> to return all the members of 20 different groups and know all the
> group end in “_admin” Does the ADGroupMember cmdlet allow for
> wildcards so I can return members for all _admin group in the domain?
> Any help would be appreciated.
>

Thanks this worked but I had to set the SizeLimit because of the number of
objects in the group.

"Marco Shaw [MVP]" wrote:

> PC4N6 wrote:

> > I want to know if the Quest Get-ADGroupMember has the option to use wild
> > cards for the groups you want data returned on. Example, I need to return all
> > the members of 20 different groups and know all the group end in “_admin�
> > Does the ADGroupMember cmdlet allow for wildcards so I can return members for
> > all _admin group in the domain? Any help would be appreciated.

>
> You can try something like this:
> get-qadgroup|where-object{$_.name -match "_admin$"}|get-qadgroupmember
>
> --
> Microsoft MVP - Windows PowerShell
> http://www.microsoft.com/mvp
>
> PowerGadgets MVP
> http://www.powergadgets.com/mvp
>
> Blog:
> http://marcoshaw.blogspot.com
>

I got the same results when trying the wild card, thanks for the help

"Shay Levi" wrote:

>
>
> I think there's bug:
>
> # this works fine and returns all groups starting with e
> PS > Get-QADGroup e*
>
> Name Type
> ---- ----
> Enterprise Admins group
> Exchange Domain... group
> (...)
>
> # this fails
> PS > Get-QADGroup *e
> Get-QADGroup : Cannot resolve DN for the given identity: '*e'
> At line:1 char:13
> + Get-QADGroup <<<< *e
>
>
> What surprises me is the fact that when I run:
>
> PS > Get-QADGroup | Get-QADGroupMember
>
> which seems very straightforward, I get an error:
>
>
> Name Type DN
> ---- ---- --
> Administrator user CN=Administrator...
> Get-QADGroupMember : Invalid type of identity. Type of specified identity:
> group. This cmdlet allows only: user.
> At line:1 char:34
> + Get-QADGroup | Get-QADGroupMember <<<<
>
>
>
> can anyone confirm this behavior?
>
>
>
> -----
> Shay Levi
> $cript Fanatic
> http://scriptolog.blogspot.com
>

> > I want to know if the Quest Get-ADGroupMember has the option to use
> > wild cards for the groups you want data returned on. Example, I need
> > to return all the members of 20 different groups and know all the
> > group end in “_admin� Does the ADGroupMember cmdlet allow for
> > wildcards so I can return members for all _admin group in the domain?
> > Any help would be appreciated.
> >

>
>
>

I logged the issue with Get-QADGroupMember not taking pipelined groups
correctly on the PowerGUI.org site a little while ago, and according to the
QAD team it will be fixed in an upcoming release. It's unfortunate that
this isn't working as we expect it should today, but at least it will be
fixed.

In the meantime you can work around it by doing this:

Get-QADGroup | ForEach-Object { Get-QADGroupMember $_.DN }

Regarding the wildcard issue, that is surprising. I'll communicate that
finding on the PowerGUI.org community site as well and see what I find out.

--
Kirk Munro [MVP]
Poshoholic
http://www.poshoholic.com

"Shay Levi" <no@xxxxxx> wrote in message
news:8766a9441c78e8ca318f460de0d8@xxxxxx

>
>
> I think there's bug:
> # this works fine and returns all groups starting with e
> PS > Get-QADGroup e*
>
> Name Type
> ---- ----
> Enterprise Admins group
> Exchange Domain... group
> (...)
>
> # this fails
> PS > Get-QADGroup *e
> Get-QADGroup : Cannot resolve DN for the given identity: '*e'
> At line:1 char:13
> + Get-QADGroup <<<< *e
>
>
> What surprises me is the fact that when I run:
>
> PS > Get-QADGroup | Get-QADGroupMember
>
> which seems very straightforward, I get an error:
>
>
> Name Type DN
> ---- ---- --
> Administrator user CN=Administrator...
> Get-QADGroupMember : Invalid type of identity. Type of specified identity:
> group. This cmdlet allows only: user.
> At line:1 char:34
> + Get-QADGroup | Get-QADGroupMember <<<<
>
>
>
> can anyone confirm this behavior?
>
>
>
> -----
> Shay Levi
> $cript Fanatic
> http://scriptolog.blogspot.com
>

>> I want to know if the Quest Get-ADGroupMember has the option to use
>> wild cards for the groups you want data returned on. Example, I need
>> to return all the members of 20 different groups and know all the
>> group end in “_admin” Does the ADGroupMember cmdlet allow for
>> wildcards so I can return members for all _admin group in the domain?
>> Any help would be appreciated.
>>

>
>

On Jan 30, 7:54 pm, "Kirk Munro [MVP]" <so...@xxxxxx> wrote:

> I logged the issue with Get-QADGroupMember not taking pipelined groups
> correctly on the PowerGUI.org site a little while ago, and according to the
> QAD team it will be fixed in an upcoming release. It's unfortunate that
> this isn't working as we expect it should today, but at least it will be
> fixed.
>
> In the meantime you can work around it by doing this:
>
> Get-QADGroup | ForEach-Object { Get-QADGroupMember $_.DN }
>
> Regarding the wildcard issue, that is surprising. I'll communicate that
> finding on the PowerGUI.org community site as well and see what I find out.
>
> --
> Kirk Munro [MVP]
> Poshoholichttp://www.poshoholic.com

> >> I want to know if the Quest Get-ADGroupMember has the option to use
> >> wild cards for the groups you want data returned on. Example, I need
> >> to return all the members of 20 different groups and know all the
> >> group end in "_admin" Does the ADGroupMember cmdlet allow for
> >> wildcards so I can return members for all _admin group in the domain?
> >> Any help would be appreciated.

The workaround doesn't work. :-(

Get-QADGroupMember : Invalid type of identity. Type of specified
identity: group. This cmdlet allows only: user.
At line:1 char:51
+ Get-QADGroup | ForEach-Object { Get-QADGroupMember <<<< $_.DN }

Regarding the wildcard issue, that is not surprising. ;-)
Default wildcard mode is 'LDAP', and LDAP doesn't like *_admin. To get
all the groups that ends with _admin you should change wildcard mode
to 'PowerShell'.

get-qadgroup -wildcardmode 'powershell' -name *_admin

-aleksandar
http://powershellers.blogspot.com

It shouldn't be

IMO, get-qadgroup should have 'powershell' as the default, just like all
other cmdlets (powershell, exchange).
System admins are using wildcards on a *command to command* basis, its a
part of the 'consistency' notion in powershell.

BTW, Kirk's command worked fine on my machine, try to replace $_.DN with
$_.Name

-----
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com

> On Jan 30, 7:54 pm, "Kirk Munro [MVP]" <so...@xxxxxx> wrote:
>

>> I logged the issue with Get-QADGroupMember not taking pipelined
>> groups correctly on the PowerGUI.org site a little while ago, and
>> according to the QAD team it will be fixed in an upcoming release.
>> It's unfortunate that this isn't working as we expect it should
>> today, but at least it will be fixed.
>>
>> In the meantime you can work around it by doing this:
>>
>> Get-QADGroup | ForEach-Object { Get-QADGroupMember $_.DN }
>>
>> Regarding the wildcard issue, that is surprising. I'll communicate
>> that finding on the PowerGUI.org community site as well and see what
>> I find out.
>>
>> --
>> Kirk Munro [MVP]
>> Poshoholichttp://www.poshoholic.com

>>>> I want to know if the Quest Get-ADGroupMember has the option to use
>>>> wild cards for the groups you want data returned on. Example, I
>>>> need to return all the members of 20 different groups and know all
>>>> the group end in "_admin" Does the ADGroupMember cmdlet allow for
>>>> wildcards so I can return members for all _admin group in the
>>>> domain? Any help would be appreciated.
>>>>

> The workaround doesn't work. :-(
>
> Get-QADGroupMember : Invalid type of identity. Type of specified
> identity: group. This cmdlet allows only: user.
> At line:1 char:51
> + Get-QADGroup | ForEach-Object { Get-QADGroupMember <<<< $_.DN }
> Regarding the wildcard issue, that is not surprising. ;-)
> Default wildcard mode is 'LDAP', and LDAP doesn't like *_admin. To get
> all the groups that ends with _admin you should change wildcard mode
> to 'PowerShell'.
> get-qadgroup -wildcardmode 'powershell' -name *_admin
>
> -aleksandar
> http://powershellers.blogspot.com

On Jan 30, 9:13 pm, Shay Levi <n...@xxxxxx> wrote:

> It shouldn't be
>
> IMO, get-qadgroup should have 'powershell' as the default, just like all
> other cmdlets (powershell, exchange).
> System admins are using wildcards on a *command to command* basis, its a
> part of the 'consistency' notion in powershell.
>
> BTW, Kirk's command worked fine on my machine, try to replace $_.DN with
> $_.Name
>
> -----
> Shay Levi
> $cript Fanatichttp://scriptolog.blogspot.com
>

> > On Jan 30, 7:54 pm, "Kirk Munro [MVP]" <so...@xxxxxx> wrote:

>

> >> I logged the issue with Get-QADGroupMember not taking pipelined
> >> groups correctly on the PowerGUI.org site a little while ago, and
> >> according to the QAD team it will be fixed in an upcoming release.
> >> It's unfortunate that this isn't working as we expect it should
> >> today, but at least it will be fixed.

>

> >> In the meantime you can work around it by doing this:

>

> >> Get-QADGroup | ForEach-Object { Get-QADGroupMember $_.DN }

>

> >> Regarding the wildcard issue, that is surprising. I'll communicate
> >> that finding on the PowerGUI.org community site as well and see what
> >> I find out.

>

> >> --
> >> Kirk Munro [MVP]
> >> Poshoholichttp://www.poshoholic.com
> >>>> I want to know if the Quest Get-ADGroupMember has the option to use
> >>>> wild cards for the groups you want data returned on. Example, I
> >>>> need to return all the members of 20 different groups and know all
> >>>> the group end in "_admin" Does the ADGroupMember cmdlet allow for
> >>>> wildcards so I can return members for all _admin group in the
> >>>> domain? Any help would be appreciated.

>

> > The workaround doesn't work. :-(

>

> > Get-QADGroupMember : Invalid type of identity. Type of specified
> > identity: group. This cmdlet allows only: user.
> > At line:1 char:51
> > + Get-QADGroup | ForEach-Object { Get-QADGroupMember <<<< $_.DN }
> > Regarding the wildcard issue, that is not surprising. ;-)
> > Default wildcard mode is 'LDAP', and LDAP doesn't like *_admin. To get
> > all the groups that ends with _admin you should change wildcard mode
> > to 'PowerShell'.
> > get-qadgroup -wildcardmode 'powershell' -name *_admin

>

> > -aleksandar
> >http://powershellers.blogspot.com

Get-QADGroup | ForEach-Object { Get-QADGroupMember $_.Name } doesn't
work for me. It breaks at the same two groups as when I use $_.DN. One
of the problematic groups contains another group which contains one
disabled user, and the second group contains one computer object.
Strange.

On the other hand, it works great for a group that contains multiple
computer objects. (So, it looks like the error message "Get-
QADGroupMember : Invalid type of identity. Type of specified identity:
group. This cmdlet allows only: user." is not appropriate, because the
command works fine when the group contains the computer objects.

-aleksandar
http://powershellers.blogspot.com