Quest AD group member

I want to know if the Quest Get-ADGroupMember has the option to use wild
cards for the groups you want data returned on. Example, I need to return all
the members of 20 different groups and know all the group end in “_admin�
Does the ADGroupMember cmdlet allow for wildcards so I can return members for
all _admin group in the domain? Any help would be appreciated.

PC4N6 wrote: You can try something like this:
get-qadgroup|where-object{$_.name -match "_admin$"}|get-qadgroupmember

--
Microsoft MVP - Windows PowerShell
http://www.microsoft.com/mvp

PowerGadgets MVP
http://www.powergadgets.com/mvp

Blog:
http://marcoshaw.blogspot.com

I would be careful with this approach as you have to get all the Group objects
in the domain. That could be quite a bit.

I cannot say this authoratively (which is why I didnt post) but I am fairly
certain you can pass a wild card. The problem is that I think it wildcards
on sAMAccountName which isn't always the same as the CN.

Brandon Shell
---------------
Blog: http://www.bsonposh.com/
PSH Scripts Project: www.codeplex.com/psobject

M> PC4N6 wrote:
M> M> You can try something like this:
M> get-qadgroup|where-object{$_.name -match
M> "_admin$"}|get-qadgroupmember
M> PowerGadgets MVP
M> http://www.powergadgets.com/mvp
M> Blog:
M> http://marcoshaw.blogspot.com

I think there's bug:

# this works fine and returns all groups starting with e
PS > Get-QADGroup e*

Name Type
---- ----
Enterprise Admins group
Exchange Domain... group
(...)

# this fails
PS > Get-QADGroup *e
Get-QADGroup : Cannot resolve DN for the given identity: '*e'
At line:1 char:13
+ Get-QADGroup <<<< *e


What surprises me is the fact that when I run:

PS > Get-QADGroup | Get-QADGroupMember

which seems very straightforward, I get an error:


Name Type DN
---- ---- --
Administrator user CN=Administrator...
Get-QADGroupMember : Invalid type of identity. Type of specified identity:
group. This cmdlet allows only: user.
At line:1 char:34
+ Get-QADGroup | Get-QADGroupMember <<<<



can anyone confirm this behavior?



-----
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com

Thanks this worked but I had to set the SizeLimit because of the number of
objects in the group.

"Marco Shaw [MVP]" wrote:

I got the same results when trying the wild card, thanks for the help

"Shay Levi" wrote:

I logged the issue with Get-QADGroupMember not taking pipelined groups
correctly on the PowerGUI.org site a little while ago, and according to the
QAD team it will be fixed in an upcoming release. It's unfortunate that
this isn't working as we expect it should today, but at least it will be
fixed.

In the meantime you can work around it by doing this:

Get-QADGroup | ForEach-Object { Get-QADGroupMember $_.DN }

Regarding the wildcard issue, that is surprising. I'll communicate that
finding on the PowerGUI.org community site as well and see what I find out.

--
Kirk Munro [MVP]
Poshoholic
http://www.poshoholic.com

"Shay Levi" <no@xxxxxx> wrote in message
news:8766a9441c78e8ca318f460de0d8@xxxxxx

On Jan 30, 7:54 pm, "Kirk Munro [MVP]" <so...@xxxxxx> wrote: The workaround doesn't work. :-(

Get-QADGroupMember : Invalid type of identity. Type of specified
identity: group. This cmdlet allows only: user.
At line:1 char:51
+ Get-QADGroup | ForEach-Object { Get-QADGroupMember <<<< $_.DN }

Regarding the wildcard issue, that is not surprising. ;-)
Default wildcard mode is 'LDAP', and LDAP doesn't like *_admin. To get
all the groups that ends with _admin you should change wildcard mode
to 'PowerShell'.

get-qadgroup -wildcardmode 'powershell' -name *_admin

-aleksandar
http://powershellers.blogspot.com

It shouldn't be

IMO, get-qadgroup should have 'powershell' as the default, just like all
other cmdlets (powershell, exchange).
System admins are using wildcards on a *command to command* basis, its a
part of the 'consistency' notion in powershell.

BTW, Kirk's command worked fine on my machine, try to replace $_.DN with
$_.Name

-----
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com

On Jan 30, 9:13 pm, Shay Levi <n...@xxxxxx> wrote: