Comments (6)
http://www.adilhindistan.com/2013/01/getting-members-of-large-groups-via.html
from powertools.
This is what I ended up using:
$GroupSearcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]"LDAP://DC=BLAH,DC=COM")
$GroupSearcher.filter = "(&(objectClass=group)(name=Large Group))"
$GroupSearcher.PageSize = 500
$out = $GroupSearcher.FindOne()
if ($out.properties.member.count -eq 0) {
$retrievedAllMembers=$false
$rangeBottom =0
$rangeTop= 0
while (! $retrievedAllMembers) {
$rangeTop=$rangeBottom+1499
$memberRange="member;range=$rangeBottom-$rangeTop"
$GroupSearcher.PropertiesToLoad.Clear()
[void]$GroupSearcher.PropertiesToLoad.Add("$memberRange")
$rangeBottom+=1500
try {
$result = $GroupSearcher.FindOne()
$rangedProperty = $result.Properties.PropertyNames -like "member;range=*"
$results = $result.Properties.item($rangedProperty)
if ($results.count -eq 0) {
$retrievedAllMembers=$true
} else {
$results.count | Out-Host
$results | % {
$output = New-Object psobject
$properties = ([adsi]"LDAP://$_").Properties
$output | add-member Noteproperty 'sAMAccountName' $properties.sAMAccountName.value
$output | add-member Noteproperty 'mail' $properties.mail.value
$output | Out-File -Append -FilePath out.txt
}
}
} catch [System.Management.Automation.MethodInvocationException] {
$retrievedAllMembers=$true
}
}
}
A version of this would be useful as a function that Get-NetGroup could call if member.count == 0
from powertools.
Would also had to look at recursion...
from powertools.
Diff looks summat like:
if ($GroupSearcher){
$GroupSearcher.PageSize = 200
$GroupSearcher.FindAll() | % {
try{
$GroupFoundName = $_.properties.name[0]
$members = @()
if ($_.properties.member.Count -eq 0) {
$retrievedAllMembers = $false
$rangeBottom = 0
$rangeTop = 0
while (! $retrievedAllMembers) {
$rangeTop=$rangeBottom+1499
$memberRange="member;range=$rangeBottom-$rangeTop"
$GroupSearcher.PropertiesToLoad.Clear()
[void]$GroupSearcher.PropertiesToLoad.Add("$memberRange")
$rangeBottom+=1500
try {
$result = $GroupSearcher.FindOne()
$rangedProperty = $result.Properties.PropertyNames -like "member;range=*"
$results = $result.Properties.item($rangedProperty)
if ($results.count -eq 0) {
$retrievedAllMembers=$true
} else {
$results | % {
$members += $_
}
}
} catch [System.Management.Automation.MethodInvocationException] {
$retrievedAllMembers=$true
}
}
} else {
$members = $_.properties.member
}
$members | ForEach-Object {
from powertools.
Sorry cant do a proper PR request from where I am at the moment
from powertools.
process {
# if a domain is specified, try to grab that domain
if ($Domain){
# try to grab the primary DC for the current domain
try{
$PrimaryDC = ([Array](Get-NetDomainControllers))[0].Name
}
catch{
$PrimaryDC = $Null
}
try {
# reference - http://blogs.msdn.com/b/javaller/archive/2013/07/29/searching-across-active-directory-domains-in-powershell.aspx
$dn = "DC=$($Domain.Replace('.', ',DC='))"
# if we could grab the primary DC for the current domain, use that for the query
if($PrimaryDC){
$GroupSearcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]"LDAP://$PrimaryDC/$dn")
}
else{
# otherwise try to connect to the DC for the target domain
$GroupSearcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]"LDAP://$dn")
}
# samAccountType=805306368 indicates user objects
$GroupSearcher.filter = "(&(objectClass=group)(name=$GroupName))"
}
catch{
Write-Warning "The specified domain $Domain does not exist, could not be contacted, or there isn't an existing trust."
}
}
else{
$Domain = (Get-NetDomain).Name
# otherwise, use the current domain
$GroupSearcher = [adsisearcher]"(&(objectClass=group)(name=$GroupName))"
}
if ($GroupSearcher){
$GroupSearcher.PageSize = 200
$GroupSearcher.FindAll() | % {
try{
$GroupFoundName = $_.properties.name[0]
$members = @()
if ($_.properties.member.Count -eq 0) {
$retrievedAllMembers = $false
$rangeBottom = 0
$rangeTop = 0
while (! $retrievedAllMembers) {
$rangeTop=$rangeBottom+1499
$memberRange="member;range=$rangeBottom-$rangeTop"
$GroupSearcher.PropertiesToLoad.Clear()
[void]$GroupSearcher.PropertiesToLoad.Add("$memberRange")
$rangeBottom+=1500
try {
$result = $GroupSearcher.FindOne()
$rangedProperty = $result.Properties.PropertyNames -like "member;range=*"
$results = $result.Properties.item($rangedProperty)
if ($results.count -eq 0) {
$retrievedAllMembers=$true
} else {
$results | % {
$members += $_
}
}
} catch [System.Management.Automation.MethodInvocationException] {
$retrievedAllMembers=$true
}
}
} else {
$members = $_.properties.member
}
$members | ForEach-Object {
# for each user/member, do a quick adsi object grab
if ($PrimaryDC){
$properties = ([adsi]"LDAP://$PrimaryDC/$_").Properties
}
else {
$properties = ([adsi]"LDAP://$_").Properties
}
# check if the result is a user account- if not assume it's a group
if ($properties.samAccountType -ne "805306368"){
$isGroup = $True
}
else{
$isGroup = $False
}
$out = New-Object psobject
$out | add-member Noteproperty 'GroupDomain' $Domain
$out | Add-Member Noteproperty 'GroupName' $GroupFoundName
if ($FullData){
$properties.PropertyNames | % {
# TODO: errors on cross-domain users?
if ($_ -eq "objectsid"){
# convert the SID to a string
$out | Add-Member Noteproperty $_ ((New-Object System.Security.Principal.SecurityIdentifier($properties[$_][0],0)).Value)
}
elseif($_ -eq "objectguid"){
# convert the GUID to a string
$out | Add-Member Noteproperty $_ (New-Object Guid (,$properties[$_][0])).Guid
}
else {
if ($properties[$_].count -eq 1) {
$out | Add-Member Noteproperty $_ $properties[$_][0]
}
else {
$out | Add-Member Noteproperty $_ $properties[$_]
}
}
}
}
else {
$MemberDN = $properties.distinguishedName[0]
# extract the FQDN from the Distinguished Name
$MemberDomain = $MemberDN.subString($MemberDN.IndexOf("DC=")) -replace 'DC=','' -replace ',','.'
if ($properties.samAccountType -ne "805306368"){
$isGroup = $True
}
else{
$isGroup = $False
}
if ($properties.samAccountName){
# forest users have the samAccountName set
$MemberName = $properties.samAccountName[0]
}
else {
# external trust users have a SID, so convert it
try {
$MemberName = Convert-SidToName $properties.cn[0]
}
catch {
# if there's a problem contacting the domain to resolve the SID
$MemberName = $properties.cn
}
}
$out | add-member Noteproperty 'MemberDomain' $MemberDomain
$out | add-member Noteproperty 'MemberName' $MemberName
$out | add-member Noteproperty 'IsGroup' $IsGroup
$out | add-member Noteproperty 'MemberDN' $MemberDN
$out | add-member Noteproperty 'Mail' $Mail
$out
if($Recurse) {
# if we're recursiving and the returned value isn't a user account, assume it's a group
if($IsGroup){
if($FullData){
Get-NetGroup -Domain $Domain -PrimaryDC $PrimaryDC -FullData -Recurse -GroupName $properties.SamAccountName[0]
}
else {
Get-NetGroup -Domain $Domain -PrimaryDC $PrimaryDC -Recurse -GroupName $properties.SamAccountName[0]
}
}
}
}
}
}
catch {
write-verbose $_
}
}
}
}
}
from powertools.
Related Issues (20)
- Typo Line 38 ReflectivePick.cpp HOT 1
- Invoke-StealthUserHunter Get-NetFileServers grabs ALL Users HOT 1
- StealthUserHunter redundant WINDOWS4.dev.testlab.local HOT 1
- Get-Proxy settings HOT 7
- Get-OUs HOT 4
- Get-DFSShares HOT 12
- Invoke-FindTrustUser* filter users on *@domain.com ? HOT 4
- Get-UnattendedInstallFiles looking for incorrect filename HOT 2
- Support -Credential option for Invoke-FileFinder HOT 7
- Get-GptTmpl non domain joined User/PC HOT 2
- PageSize set in individual functions HOT 2
- PowerUp WebConfig Misparsed HOT 5
- Powershell signing HOT 4
- PowerView:Invoke-MapDomainTrust Exception
- Errors when Importing into Powershell HOT 2
- Wik-Readme.md PowerView 2.0 bad cmdlet name
- Error 0x80070005 in Invoke_WMI HOT 1
- Get-NetUser | select cn not working HOT 2
- Issue on startup
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from powertools.