tree like cmdlet for Active Directory group members.
Get-ADTreeGroupMember
[-Group]
[-Identity] <String>
[-Server <String>]
[-Credential <PSCredential>]
[-Depth <Int32>]
[-ShowAll]
[-Exclude <String[]>]
[<CommonParameters>]Get-ADTreeGroupMember
[-Group]
[-Identity] <String>
[-Server <String>]
[-Credential <PSCredential>]
[-Recursive]
[-ShowAll]
[-Exclude <String[]>]
[<CommonParameters>]The Get-ADTreeGroupMember cmdlet gets the Active Directory members of a specified group and displays them in a tree like structure. The members of a group can be users, groups, computers and service accounts. This cmdlet also helps identifying Circular Nested Groups.
PS ..\PSADTree\> Get-ADTreeGroupMember TestGroup001By default, this cmdlet uses -Depth with a default value of 3.
PS ..\PSADTree\> Get-ADTreeGroupMember TestGroup001 -RecursivePS ..\PSADTree\> Get-ADGroup -Filter * -SearchBase 'OU=myOU,DC=myDomain,DC=com' |
Get-ADTreeGroupMemberYou can pipe strings containing an identity to this cmdlet. ADGroup instances piped to this cmdlet are also supported.
PS ..\PSADTree\> Get-ADComputer -Filter * -SearchBase 'OU=myOU,DC=myDomain,DC=com' |
Get-ADTreeGroupMember -Recursive -Group |
Where-Object IsCircularThe -Group switch limits the members tree view to nested groups only.
PS ..\PSADTree\> Get-ADTreeGroupMember TestGroup001 -Server otherDomainPS ..\PSADTree\> Get-ADTreeGroupMember TestGroup001 -ShowAllBy default, previously processed groups will be marked as "Processed Group" and their hierarchy will not be displayed.
The -ShowAll switch indicates that the cmdlet should display the hierarchy of all previously processed groups.
Note
The use of this switch should not infer in a great performance cost, for more details see the parameter details.
Specifies a user account that has permission to perform this action. The default is the current user.
Type a user name, such as User01 or Domain01\User01, or enter a PSCredential object generated by the Get-Credential cmdlet. If you type a user name, you're prompted to enter the password.
Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseDetermines the number of nested groups and their members included in the recursion.
By default, only 3 levels of recursion are included. Get-ADTreeGroupMember emits a warning if the levels exceed this number.
Type: Int32
Parameter Sets: Depth
Aliases:
Required: False
Position: Named
Default value: 3
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies an array of one or more string patterns to be matched as the cmdlet enumerates child principals. Any matching principal is excluded from the output. Wildcard characters are accepted.
Note
- Patterns are tested against the principal's
.SamAccountNameproperty. - When the matched principal is of type
group, all child principals are also excluded from the output.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: TrueThe -Group switch indicates that the cmdlet should display nested group members only. Essentially, a built-in filter where ObjectClass is group.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies an Active Directory group by providing one of the following property values:
- A DistinguishedName
- A GUID
- A SID (Security Identifier)
- A sAMAccountName
- A UserPrincipalName
See IdentityType Enum for more information.
Type: String
Parameter Sets: (All)
Aliases: DistinguishedName
Required: True
Position: 0
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: FalseSpecifies that the cmdlet should get all group members of the specified group.
Type: SwitchParameter
Parameter Sets: Recursive
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseSpecifies the AD DS instance to connect to by providing one of the following values for a corresponding domain name or directory server.
Domain name values:
- Fully qualified domain name
- NetBIOS name
Directory server values:
- Fully qualified directory server name
- NetBIOS name
- Fully qualified directory server name and port
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseBy default, previously processed groups will be marked as "Processed Group" and their hierarchy will not be displayed. This switch forces the cmdlet to display the full hierarchy including previously processed groups.
Note
This cmdlet uses a caching mechanism to ensure that Active Directory Groups are only queried once per Identity.
This caching mechanism is also used to reconstruct the pre-processed group's hierarchy when the -ShowAll switch is used, thus not incurring a performance cost.
The intent behind this switch is to not clutter the cmdlet's output by default.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters. For more information, see about_CommonParameters.
You can pipe strings containing an identity to this cmdlet. ADGroup instances piped to this cmdlet are also supported.
treegroupmember is the alias for this cmdlet.