Windows Vista Forums
Vista Forums Home Join Vista Forums Donate Vista Tutorials Tags

Welcome to Vista Forums we are your forum to discuss Windows Vista x64 and x86 systems. Whether you need help or just want to post an idea you have on Vista, this is the forum for you.
Register at Vista forums...the world biggest Windows Vista resource Join Vista Forums Now

Go Back   Vista Forums > Microsoft Technical Newsgroups > PowerShell

Quest AD group member

Update your Vista Drivers Update Your Drivers Now!!
Closed Thread
 
Thread Tools Display Modes
Old 01-30-2008   #1 (permalink)
PC4N6
Guest


 

Quest AD group member

I want to know if the Quest Get-ADGroupMember has the option to use wild
cards for the groups you want data returned on. Example, I need to return all
the members of 20 different groups and know all the group end in “_admin”
Does the ADGroupMember cmdlet allow for wildcards so I can return members for
all _admin group in the domain? Any help would be appreciated.

My System SpecsSystem Spec
Old 01-30-2008   #2 (permalink)
Marco Shaw [MVP]
Guest


 

Re: Quest AD group member

PC4N6 wrote:
Quote:

> I want to know if the Quest Get-ADGroupMember has the option to use wild
> cards for the groups you want data returned on. Example, I need to return all
> the members of 20 different groups and know all the group end in “_admin”
> Does the ADGroupMember cmdlet allow for wildcards so I can return members for
> all _admin group in the domain? Any help would be appreciated.
You can try something like this:
get-qadgroup|where-object{$_.name -match "_admin$"}|get-qadgroupmember

--
Microsoft MVP - Windows PowerShell
http://www.microsoft.com/mvp

PowerGadgets MVP
http://www.powergadgets.com/mvp

Blog:
http://marcoshaw.blogspot.com
My System SpecsSystem Spec
Old 01-30-2008   #3 (permalink)
Brandon Shell [MVP]
Guest


 

Re: Quest AD group member

I would be careful with this approach as you have to get all the Group objects
in the domain. That could be quite a bit.

I cannot say this authoratively (which is why I didnt post) but I am fairly
certain you can pass a wild card. The problem is that I think it wildcards
on sAMAccountName which isn't always the same as the CN.

Brandon Shell
---------------
Blog: http://www.bsonposh.com/
PSH Scripts Project: www.codeplex.com/psobject

M> PC4N6 wrote:
M>
Quote:
Quote:

>> I want to know if the Quest Get-ADGroupMember has the option to use
>> wild cards for the groups you want data returned on. Example, I need
>> to return all the members of 20 different groups and know all the
>> group end in "_admin" Does the ADGroupMember cmdlet allow for
>> wildcards so I can return members for all _admin group in the domain?
>> Any help would be appreciated.
>>
M> You can try something like this:
M> get-qadgroup|where-object{$_.name -match
M> "_admin$"}|get-qadgroupmember
M> PowerGadgets MVP
M> http://www.powergadgets.com/mvp
M> Blog:
M> http://marcoshaw.blogspot.com


My System SpecsSystem Spec
Old 01-30-2008   #4 (permalink)
Shay Levi
Guest


 

Re: Quest AD group member



I think there's bug:

# this works fine and returns all groups starting with e
PS > Get-QADGroup e*

Name Type
---- ----
Enterprise Admins group
Exchange Domain... group
(...)

# this fails
PS > Get-QADGroup *e
Get-QADGroup : Cannot resolve DN for the given identity: '*e'
At line:1 char:13
+ Get-QADGroup <<<< *e


What surprises me is the fact that when I run:

PS > Get-QADGroup | Get-QADGroupMember

which seems very straightforward, I get an error:


Name Type DN
---- ---- --
Administrator user CN=Administrator...
Get-QADGroupMember : Invalid type of identity. Type of specified identity:
group. This cmdlet allows only: user.
At line:1 char:34
+ Get-QADGroup | Get-QADGroupMember <<<<



can anyone confirm this behavior?



-----
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com
Quote:

> I want to know if the Quest Get-ADGroupMember has the option to use
> wild cards for the groups you want data returned on. Example, I need
> to return all the members of 20 different groups and know all the
> group end in _admin Does the ADGroupMember cmdlet allow for
> wildcards so I can return members for all _admin group in the domain?
> Any help would be appreciated.
>

My System SpecsSystem Spec
Old 01-30-2008   #5 (permalink)
PC4N6
Guest


 

Re: Quest AD group member

Thanks this worked but I had to set the SizeLimit because of the number of
objects in the group.

"Marco Shaw [MVP]" wrote:
Quote:

> PC4N6 wrote:
Quote:

> > I want to know if the Quest Get-ADGroupMember has the option to use wild
> > cards for the groups you want data returned on. Example, I need to return all
> > the members of 20 different groups and know all the group end in “_admin”
> > Does the ADGroupMember cmdlet allow for wildcards so I can return members for
> > all _admin group in the domain? Any help would be appreciated.
>
> You can try something like this:
> get-qadgroup|where-object{$_.name -match "_admin$"}|get-qadgroupmember
>
> --
> Microsoft MVP - Windows PowerShell
> http://www.microsoft.com/mvp
>
> PowerGadgets MVP
> http://www.powergadgets.com/mvp
>
> Blog:
> http://marcoshaw.blogspot.com
>
My System SpecsSystem Spec
Old 01-30-2008   #6 (permalink)
PC4N6
Guest


 

Re: Quest AD group member

I got the same results when trying the wild card, thanks for the help

"Shay Levi" wrote:
Quote:

>
>
> I think there's bug:
>
> # this works fine and returns all groups starting with e
> PS > Get-QADGroup e*
>
> Name Type
> ---- ----
> Enterprise Admins group
> Exchange Domain... group
> (...)
>
> # this fails
> PS > Get-QADGroup *e
> Get-QADGroup : Cannot resolve DN for the given identity: '*e'
> At line:1 char:13
> + Get-QADGroup <<<< *e
>
>
> What surprises me is the fact that when I run:
>
> PS > Get-QADGroup | Get-QADGroupMember
>
> which seems very straightforward, I get an error:
>
>
> Name Type DN
> ---- ---- --
> Administrator user CN=Administrator...
> Get-QADGroupMember : Invalid type of identity. Type of specified identity:
> group. This cmdlet allows only: user.
> At line:1 char:34
> + Get-QADGroup | Get-QADGroupMember <<<<
>
>
>
> can anyone confirm this behavior?
>
>
>
> -----
> Shay Levi
> $cript Fanatic
> http://scriptolog.blogspot.com
>
Quote:

> > I want to know if the Quest Get-ADGroupMember has the option to use
> > wild cards for the groups you want data returned on. Example, I need
> > to return all the members of 20 different groups and know all the
> > group end in “_admin” Does the ADGroupMember cmdlet allow for
> > wildcards so I can return members for all _admin group in the domain?
> > Any help would be appreciated.
> >
>
>
>
My System SpecsSystem Spec
Old 01-30-2008   #7 (permalink)
Kirk Munro [MVP]
Guest


 

Re: Quest AD group member

I logged the issue with Get-QADGroupMember not taking pipelined groups
correctly on the PowerGUI.org site a little while ago, and according to the
QAD team it will be fixed in an upcoming release. It's unfortunate that
this isn't working as we expect it should today, but at least it will be
fixed.

In the meantime you can work around it by doing this:

Get-QADGroup | ForEach-Object { Get-QADGroupMember $_.DN }

Regarding the wildcard issue, that is surprising. I'll communicate that
finding on the PowerGUI.org community site as well and see what I find out.

--
Kirk Munro [MVP]
Poshoholic
http://www.poshoholic.com

"Shay Levi" <no@xxxxxx> wrote in message
news:8766a9441c78e8ca318f460de0d8@xxxxxx
Quote:

>
>
> I think there's bug:
> # this works fine and returns all groups starting with e
> PS > Get-QADGroup e*
>
> Name Type
> ---- ----
> Enterprise Admins group
> Exchange Domain... group
> (...)
>
> # this fails
> PS > Get-QADGroup *e
> Get-QADGroup : Cannot resolve DN for the given identity: '*e'
> At line:1 char:13
> + Get-QADGroup <<<< *e
>
>
> What surprises me is the fact that when I run:
>
> PS > Get-QADGroup | Get-QADGroupMember
>
> which seems very straightforward, I get an error:
>
>
> Name Type DN
> ---- ---- --
> Administrator user CN=Administrator...
> Get-QADGroupMember : Invalid type of identity. Type of specified identity:
> group. This cmdlet allows only: user.
> At line:1 char:34
> + Get-QADGroup | Get-QADGroupMember <<<<
>
>
>
> can anyone confirm this behavior?
>
>
>
> -----
> Shay Levi
> $cript Fanatic
> http://scriptolog.blogspot.com
>
Quote:

>> I want to know if the Quest Get-ADGroupMember has the option to use
>> wild cards for the groups you want data returned on. Example, I need
>> to return all the members of 20 different groups and know all the
>> group end in _admin Does the ADGroupMember cmdlet allow for
>> wildcards so I can return members for all _admin group in the domain?
>> Any help would be appreciated.
>>
>
>
My System SpecsSystem Spec
Old 01-30-2008   #8 (permalink)
alexandair
Guest


 

Re: Quest AD group member

On Jan 30, 7:54 pm, "Kirk Munro [MVP]" <so...@xxxxxx> wrote:
Quote:

> I logged the issue with Get-QADGroupMember not taking pipelined groups
> correctly on the PowerGUI.org site a little while ago, and according to the
> QAD team it will be fixed in an upcoming release. It's unfortunate that
> this isn't working as we expect it should today, but at least it will be
> fixed.
>
> In the meantime you can work around it by doing this:
>
> Get-QADGroup | ForEach-Object { Get-QADGroupMember $_.DN }
>
> Regarding the wildcard issue, that is surprising. I'll communicate that
> finding on the PowerGUI.org community site as well and see what I find out.
>
> --
> Kirk Munro [MVP]
> Poshoholichttp://www.poshoholic.com
Quote:
Quote:
Quote:

> >> I want to know if the Quest Get-ADGroupMember has the option to use
> >> wild cards for the groups you want data returned on. Example, I need
> >> to return all the members of 20 different groups and know all the
> >> group end in "_admin" Does the ADGroupMember cmdlet allow for
> >> wildcards so I can return members for all _admin group in the domain?
> >> Any help would be appreciated.
The workaround doesn't work. :-(

Get-QADGroupMember : Invalid type of identity. Type of specified
identity: group. This cmdlet allows only: user.
At line:1 char:51
+ Get-QADGroup | ForEach-Object { Get-QADGroupMember <<<< $_.DN }

Regarding the wildcard issue, that is not surprising. ;-)
Default wildcard mode is 'LDAP', and LDAP doesn't like *_admin. To get
all the groups that ends with _admin you should change wildcard mode
to 'PowerShell'.

get-qadgroup -wildcardmode 'powershell' -name *_admin

-aleksandar
http://powershellers.blogspot.com



My System SpecsSystem Spec
Old 01-30-2008   #9 (permalink)
Shay Levi
Guest


 

Re: Quest AD group member


It shouldn't be

IMO, get-qadgroup should have 'powershell' as the default, just like all
other cmdlets (powershell, exchange).
System admins are using wildcards on a *command to command* basis, its a
part of the 'consistency' notion in powershell.

BTW, Kirk's command worked fine on my machine, try to replace $_.DN with
$_.Name

-----
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com
Quote:

> On Jan 30, 7:54 pm, "Kirk Munro [MVP]" <so...@xxxxxx> wrote:
>
Quote:

>> I logged the issue with Get-QADGroupMember not taking pipelined
>> groups correctly on the PowerGUI.org site a little while ago, and
>> according to the QAD team it will be fixed in an upcoming release.
>> It's unfortunate that this isn't working as we expect it should
>> today, but at least it will be fixed.
>>
>> In the meantime you can work around it by doing this:
>>
>> Get-QADGroup | ForEach-Object { Get-QADGroupMember $_.DN }
>>
>> Regarding the wildcard issue, that is surprising. I'll communicate
>> that finding on the PowerGUI.org community site as well and see what
>> I find out.
>>
>> --
>> Kirk Munro [MVP]
>> Poshoholichttp://www.poshoholic.com
Quote:

>>>> I want to know if the Quest Get-ADGroupMember has the option to use
>>>> wild cards for the groups you want data returned on. Example, I
>>>> need to return all the members of 20 different groups and know all
>>>> the group end in "_admin" Does the ADGroupMember cmdlet allow for
>>>> wildcards so I can return members for all _admin group in the
>>>> domain? Any help would be appreciated.
>>>>
> The workaround doesn't work. :-(
>
> Get-QADGroupMember : Invalid type of identity. Type of specified
> identity: group. This cmdlet allows only: user.
> At line:1 char:51
> + Get-QADGroup | ForEach-Object { Get-QADGroupMember <<<< $_.DN }
> Regarding the wildcard issue, that is not surprising. ;-)
> Default wildcard mode is 'LDAP', and LDAP doesn't like *_admin. To get
> all the groups that ends with _admin you should change wildcard mode
> to 'PowerShell'.
> get-qadgroup -wildcardmode 'powershell' -name *_admin
>
> -aleksandar
> http://powershellers.blogspot.com

My System SpecsSystem Spec
Old 01-30-2008   #10 (permalink)
alexandair
Guest


 

Re: Quest AD group member

On Jan 30, 9:13 pm, Shay Levi <n...@xxxxxx> wrote:
Quote:

> It shouldn't be
>
> IMO, get-qadgroup should have 'powershell' as the default, just like all
> other cmdlets (powershell, exchange).
> System admins are using wildcards on a *command to command* basis, its a
> part of the 'consistency' notion in powershell.
>
> BTW, Kirk's command worked fine on my machine, try to replace $_.DN with
> $_.Name
>
> -----
> Shay Levi
> $cript Fanatichttp://scriptolog.blogspot.com
>
Quote:

> > On Jan 30, 7:54 pm, "Kirk Munro [MVP]" <so...@xxxxxx> wrote:
>
Quote:
Quote:

> >> I logged the issue with Get-QADGroupMember not taking pipelined
> >> groups correctly on the PowerGUI.org site a little while ago, and
> >> according to the QAD team it will be fixed in an upcoming release.
> >> It's unfortunate that this isn't working as we expect it should
> >> today, but at least it will be fixed.
>
Quote:
Quote:

> >> In the meantime you can work around it by doing this:
>
Quote:
Quote:

> >> Get-QADGroup | ForEach-Object { Get-QADGroupMember $_.DN }
>